Announcement

Collapse
No announcement yet.

IP Conflicts for Macs

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Conflicts for Macs

    I'm using a win2k3 DHCP server in a mixed windows/mac environment and we're having issues with many of our Macs getting IP conflicts. These Macs aren't joined to the domain. They run on local accounts.

    When you look on the DHCP server the leases are being issued to the Macs, but the Mac clients give an IP Configuration error saying that the IP is in use by an unknown mac address and won't apply the IP address.

    Assigning a reservation does fix this and so does spoofing the mac address, but obviously we'd like to fix the root cause. Any ideas?

    I've already tried increasing the number of ARP probes to '15' without any luck.

  • #2
    Re: IP Conflicts for Macs

    sounds weird. I don't have any issues with my mac.
    Which OS are the macs running?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: IP Conflicts for Macs

      10.4 to Leopard. It happens on both. Maybe 20% of them or so.

      Comment


      • #4
        Re: IP Conflicts for Macs

        Are the mac's notebooks or desktops?

        You might check this out:
        http://www.daniweb.com/forums/thread52069.html

        and maybe this article is interesting. I didn't read it completely dough.
        http://www.net.princeton.edu/mac/net...x/caveats.html
        Last edited by Dumber; 17th June 2008, 17:14.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: IP Conflicts for Macs

          Mainly imacs, but on my macbook i get the error as well.

          Comment


          • #6
            Re: IP Conflicts for Macs

            See my edit
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: IP Conflicts for Macs

              Thanks for the links.

              Tried stuff from both articles, setting the DHCP Client ID & sharing ID, changing default locations, specifying network, deactivating unused network ports, deleting the leases and renewing, but still no luck.

              The second article had some great info though... I'd almost think that it was having a conflict with itself, if it wasn't for this "mystery" mac address that it thinks is conflicting (I checked the access point that it passes through and it wasn't it). That mac address isn't listed on any lease.

              I don't think that the affected client Macs ever reach the BOUND state or even get past REQUEST.

              --------------------------------------------------------

              The Mac OX X DHCP client sometimes send a DHCPDISCOVER message while in the DHCP BOUND state; it should do so only while in the DHCP INIT state. This behavior is not in compliance with RFC 2231 ("Dynamic Host Configuration Protocol").
              Receipt of a DHCPDISCOVER from a client results in our DHCP server terminating the client's old DHCP lease, as a client may only send a DHCPDISCOVER when it is in the DHCP INIT state. However, the Mac OS X DHCP client sometimes ignores the new DHCPOFFER messages sent to it, and instead continues to use the IP address it has just abandoned by sending the DHCPDISCOVER. That is, it remains in (or returns to) the BOUND state for the old (abandoned) lease.

              If what the client is trying to do is "Detection of Network Attachment in IPv4 (DNAv4)", then this is also not in compliance with RFC 4436. As per that RFC, a device with an "operable address" should start in the DHCP INIT-REBOOT state and send a DHCPREQUEST.

              In this situation, when the Mac OS X DHCP client decides that the lease it imagines still belongs to it is due for DHCP RENEWAL, sometimes the DHCPREQUEST messages it sends are also malformed. Specifically, the DHCP 'Server IP Address Option' is 0, the DHCP 'Requested IP Address Option' is 0, and the 'ciaddr' field is 0. (There is no case where a DHCP client should send a DHCPREQUEST packet with that set of characteristics.) This is not in compliance with RFC 2231.

              We have seen these problems in all versions of Mac OS X versions 10.4.2 through 10.4.10. (It's possible it was introduced earlier, in version 10.4 or 10.4.1, and we only became aware of it starting in 10.4.2.) We have not yet determined if the problem continues to affect version 10.5.0 and later; we assume it does until we determine otherwise.

              Comment


              • #8
                Re: IP Conflicts for Macs

                Hmmm interesting.
                Can you post the results of a sniffer trace?
                Do you have VLAN's and if so, how is it going without any VLAN in between?
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: IP Conflicts for Macs

                  We have multiple VLANs, but it's difficult to reproduce the error since it seems to be completely random. Right now the test machine that I'm using is on wireless (wireless AP, not router, no additional DHCP) and I can't move it. Happens on a lot of wired machines though, with wireless disabled.

                  I'm having trouble with the trace sniff (Microsoft Network Monitor 3.1). I set the display filter for packets to and from my Macbooks mac address, but picked up 0 frames. Might have set it up incorrectly.

                  Comment


                  • #10
                    Re: IP Conflicts for Macs

                    Just sniff all data and filter later on.
                    Also I would use wireshark instead of Microsoft network monitor. Way easier to read afterwards
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment


                    • #11
                      Re: IP Conflicts for Macs

                      Missing X11 on the client Mac. Guess I need to find my install discs.

                      Comment


                      • #12
                        Re: IP Conflicts for Macs

                        I am having a similar issue myself, In my case the DHCP requests are succeeding but DNS registration is not happening correctly. The multiple DHCP requests are resulting in a polluted reverse DNS. My OS X clients will have multiple PTR records. My Windows clients update the DNS correctly. I deleted all the PTR records for all clients in the DHCP ranges and allowed them to repopulate. Within 2 weeks the reverse lookup zone for my DHCP range was polluted again.

                        Comment


                        • #13
                          Re: IP Conflicts for Macs

                          AnotherITGuy, Seems to be a different issue for us. Our PTR's are pretty clean. Checked both forward and reverse. Good catch though, I'll have to check our other "working" Macs later. Did deleting the PTRs resolve the IP conflicts for you? Or were you getting them at all? Below is my DIG query on the conflicting IP.

                          ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

                          Had another interesting issue. I plugged in a cat5 (which was pulling a non-conflicting address X.X.X.43) and rebooted then went to do something else. After I came back, I noticed that it had attempted to pull a different address X.X.X.63 with the same type of conflict error. I deleted the entry out of the Address Lease pool and it immediately went back to the working X.X.X.43 address again.

                          EDIT: Dumber, still can't get the trace to run. I researched a bit and it's an ACL issue in /dev/bpf on Macs that requires quite a few super user changes that I don't really want to do on my personal laptop (which I'm currently using to test). I'll have to see if we have any additional company macs in with the same issue that I can use.
                          Last edited by f21; 19th June 2008, 21:11.

                          Comment


                          • #14
                            Re: IP Conflicts for Macs

                            You also can try to make a spanport on the switch and just plug in a windows machine with wireshark.
                            However, If you have such a big issue I would also contact Apple about this.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment


                            • #15
                              Re: IP Conflicts for Macs

                              Not too big of an issue. It just means that we have to create reservations for each new Mac (we have only 200-300 in total) that we add. Actually only 20% of that number since it doesn't happen on all of them. I want to solve this mainly out of curiousity.

                              Next week if I have a bit more free time I'll give Apple a call. I'll post if I can find any new information.

                              Comment

                              Working...
                              X