418 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
whose IP does match the one in the ARP message first puts the sending
computer’s IP/MAC address information in its own ARP cache, then
sends a response to the sending computer with the information about its
MAC address.
When the sending computer gets the response, it adds the destination
computer’s IP/MAC address information to its cache, and can now send
data to the destination computer.
IP Communications on a Routed Network
(to a Remote Subnet)
If the destination computer is not on the same local subnet, it works
slightly differently. In this case, ARP will resolve the remote IP address to
the physical address of the router that can forward the message on to the
subnet on which the destination computer resides.
The IP protocol again checks the IP addresses and subnet mask and
this time determines that the destination computer is not on the local
subnet. IP determines the IP address of the default gateway (router), and
the sending computer checks the ARP cache for a physical address that
matches the router’s IP address.
IP Addresses and the Internet
As we all know by now, TCP/IP is the protocol suite used for com-
munications over the vast global network of networks that we call
the Internet. We also know that in order for communications to take
place on a TCP/IP network, every network ID on the internetwork
must be unique, and every Host ID must be unique to that network.
In theory, this means that of the millions of computers connect-
ed to the Internet, there should be no two with the same IP address.
In practice, however, this is not strictly true. Due to the shortage of
available IP addresses, and also because registering multiple address-
es adds to the cost of running a network, many companies and home
networks use some method of connecting many computers to the

Internet through a single IP address. There are two popular types of
software designed to accomplish this: Network Address Translation
(NAT) and Proxy Services.
Network Address Translation (NAT). This is a means of config-
uring one computer, which has a dial-up or dedicated connection to
For IT Professionals
Continued
91_tcpip_08.qx 2/25/00 11:10 AM Page 418
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 419
the Internet through an ISP, to serve as a gateway through which
other computers on the LAN can obtain Internet access without
being assigned separate “public” addresses. With NAT, these client
computers use “internal” addresses from the private address range,
which are not visible to systems outside the local network. To the
Internet, there appears to be only one computer connected—and
indeed, only the “gateway” computer (sometimes called the NAT or
ICS host computer) is actually connected to the Internet. There are
third-party software implementations of NAT, such as Sygate and
NAT32. A new feature in Windows 2000 is built-in support for NAT.
Windows 2000 Professional includes Internet Connection Sharing,
which is a somewhat limited form of NAT that is simple to configure
and administer. Windows 2000 Server includes ICS too, but it also
provides for a more flexible form of NAT through RRAS (Routing and
Remote Access Service), which allows for changing the IP address
range, use of multiple public addresses, and multiple LAN interfaces.
ICS does not support these advanced features. Both ICS and NAT
include components for address assignment, translation of the pri-
vate internal addresses to the public external address(es), and name
resolution services.
Proxy Services. A proxy server is a more sophisticated means of

providing a shared connection to the Internet, which provides for
greater security through complex filtering. Proxy software, such as
Microsoft Proxy Server or Winproxy, requires a higher level of config-
uration and contains other features in addition to address transla-
tion. For example, proxy servers can be set up to cache
often-accessed Web sites so that performance will be optimized and
less actual access to the Internet is required. Generally, however,
proxy servers use the same address translation technique as NAT—
requests for Internet access go through the server, which maps each
clients’ internal IP address and the application making the request to
a port on the server. The proxy then presents the request to the “out-
side world” as if it came directly from the server itself, and the inter-
nal machines’ addresses are hidden from the Internet.
The result is that there are many, many more individual comput-
ers “on the Net” than it would appear from the number of public IP
addresses visible to the outside network. What appears to be one
computer, with one IP address, may be a NAT host or proxy server
that is forwarding requests and responses for dozens or even hun-
dreds of computers on its local network.
91_tcpip_08.qx 2/25/00 11:10 AM Page 419
420 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
If it doesn’t find one, it broadcasts an ARP message to find the router’s
physical address, using the same process as in the previous example.
When the router, which is attached to the local subnet, receives the ARP
message and determines the IP matches its own, it responds with its
physical address after putting the sender’s IP/MAC information into its
cache. The sender updates its own cache with the router’s information,
and now will send any messages addressed to the remote destination
computer through the router. The router will forward the message to the
destination computer (or another router, if it is not directly connection to

the destination computer’s subnet) using the same process.
Overview: IP Addressing
Configuration Errors
A large percentage of TCP/IP connectivity problems can be traced to IP
addressing configuration errors. Thus, one of the first things you should
check, if your TCP/IP-based computer is not able to communicate on the
network, is the TCP/IP Properties sheet. Ensure that if you have manual-
ly assigned the IP address, it is a valid address for the subnet. Also check
the address of the default gateway, DNS and WINS servers, and the sub-
net mask. Simply making this quick check can eliminate many problems.
Common errors include transposing two digits within an address and
switching two addresses between fields (such as entering the computer’s
address in the default gateway field, and vice versa). It sounds elemen-
tary, but remember one important rule of troubleshooting is to always
check the “simple stuff” first.
Microsoft documentation attributes the majority of TCP/IP connectivity
problems to incorrectly entered IP address information. This is one case
where typos do count.
Duplicate IP Addresses
Duplicate addresses can be a problem in a network where some or all of
the IP addresses are manually assigned, especially if there is more than
one administrator or other personnel are responsible for configuring
TCP/IP properties on computers.
NOTE
91_tcpip_08.qx 2/25/00 11:10 AM Page 420
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 421
If this happens, the following situation may occur: When a Windows
2000 computer comes online (or when its IP address is changed), and its
TCP/IP stack is initialized, it sends a “gratuitous” ARP message, request-
ing the hardware address associated with its own IP address. If another

computer responds, thus claiming the IP address as its own, the newly
initialized computer will stop using IP. If there is another network protocol
installed, it may be able to continue communicating on the network using
the other protocol. If TCP/IP is the only network protocol installed, it will
not be able to communicate on the network.
Windows 2000 tries to prevent duplicate address errors in several ways.
If you change the TCP/IP settings and enter an IP address that is already in
use on the network, you will get a message indicating the address is taken
and instructing you to change your settings. If you change the settings
while offline and then come back onto the network, you will receive a mes-
sage informing you that there is an IP address conflict. The computer that
is already using the address will also display an error message (see Figure
8.8) indicating that there is an address conflict, although it will be able to
continue communicating via TCP/IP using the address.
Figure 8.8 Windows 2000 displays an error message when a duplicate address
is detected.
One way to track down this problem is by checking the System Log in
the Windows 2000 Event Viewer. An error message will appear, indicating
that the system detected an IP address conflict.
Locating the Other Computer that Is Using the Address
There are several ways to locate which other computer on the network is
using the address. If it is a Windows 2000 or NT computer, there will be
an event entered in its System Log reporting the conflict, although the
computer that “got there first” will be able to go on using the address.
You can also use the tracert command on the address to find out the
name of the computer using it, or you can use arp –a to find out the
physical address of the computer using the IP address, as long as the
other computer is on your local subnet.
91_tcpip_08.qx 2/25/00 11:10 AM Page 421
422 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems

There is third-party IP management software that will do sophisticated
tracking and auditing of IP address information. One such product that is
compatible with Windows 2000 is Meta IP. For more information, see
www.metainfo.com/products/metaip.cfm.
Address Conflicts with Computers Using DHCP
If you receive a message that you have an IP address conflict at bootup
and the machine is using DHCP, you can release the address so the
DHCP server will assign a new address. To release the address, use the
ipconfig /release command.
Invalid IP Addresses
If the computer is given an IP address that is “illegal” or just invalid for
use on that particular network, it will not be able to communicate with
other computers over TCP/IP.
As mentioned earlier, if you are running a private network that has no
connection to the “cloud” (as many books and illustrations represent the
Internet), you can use any IP addresses you wish, including those that
have already been assigned for public use. This will not cause a prob-
lem—unless you later decide to connect your network to the Internet
without changing the addressing scheme. At that point, your addresses
may conflict with those of another organization that has registered that
address space. Packets intended for computers on your network will be
routed to the “legal” holder of the addresses.
An invalid address may not be illegal, but does not “fit” into the local
network’s addressing scheme. If the LAN is using the network ID of
192.168.1.0 with a subnet mask of 255.255.255.0, then the computers
that are on that network must have IP addresses that use 192.168.1 for
the first three octets. If you assign one of the computers an address that
is not on that network (or if it is assigned an address with a different net-
work ID by APIPA because a DHCP server could not be contacted), when
IP attempts to contact another computer on the same segment it will

identify the address as belonging to a remote host and will send the pack-
et to its default gateway.
Also remember that Host IDs of all 0s or all 1s are not valid for
assignment as a computer’s IP address. A Host ID of all 0s is used to
TIP
91_tcpip_08.qx 2/25/00 11:10 AM Page 422
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 423
identify the network, and a Host ID of all 1s is used as the broadcast
address, for messages to be sent to all computers on the network.
Thus, on a class B network using the default subnet mask of
255.255.0.0, both the addresses 138.21.0.0 and 138.21.255.255 would
be unavailable for Host IDs. On a class C network using the default sub-
net mask of 255.255.255.0, the same would be true of the addresses
201.45.3.0 and 201.45.3.255.
DHCP Configuration Problems
The Dynamic Host Configuration Protocol runs on a Windows 2000 Server
and automatically assigns IP addresses to computers configured to be
DHCP clients.
DHCP originated as a derivative of BOOTP, the Bootstrap Protocol
used in earlier networks to assign IP addresses dynamically, usually in
the context of booting diskless workstations from the network.
The specifications for BOOTP are defined in RFCs 951 and 1084.
How DHCP Works: Condensed Version
Most network administrators are familiar with DHCP and aware of the
four-step process required for a DHCP client to obtain a “lease” on an IP
address. We will briefly review those steps to identify the points in the
process where things can go wrong.
DHCP is not a Microsoft-specific feature. UNIX, NetWare, and other network
operating systems (server software programs) also use DHCP.
The four steps in the lease process involve the sending of four special

messages between the DHCP client and a DHCP server. These messages are
called:
■
DHCP Discover
■
DHCP Offer
NOTE
NOTE
91_tcpip_08.qx 2/25/00 11:10 AM Page 423
424 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
■
DHCP Request
■
DHCP Acknowledgment
The process is relatively simple.
DHCP Discover
When a computer that is configured to be a DHCP client comes online
and its TCP/IP stack is initialized, it accesses the Registry settings per-
taining to TCP/IP parameters and recognizes that it must obtain an IP
address from a DHCP server. It does not, however, know how to reach a
DHCP server. Unlike DNS and WINS servers addresses, the IP address of
a DHCP server is not entered in the TCP/IP configuration properties. That
means the computer must broadcast for a DHCP server. The client sends
a broadcast message (addressed to the broadcast address
255.255.255.255) called a DHCP Discover message, which essentially asks
DHCP to come to its aid and assign it an IP address.
Since the client does not have an IP address at this point, it uses the
address 0.0.0.0 as its source address. The server would not be able to
identify the client that sent the request from this address, so the message
also includes the client computer’s name and its physical MAC address.

DHCP Offer
If there is an authorized DHCP server on the network, it hears the client’s
plea for help and responds with a message called a DHCP Offer. This mes-
sage contains an IP address from its predefined scope of addresses that
can be allocated, as well as other information such as duration of the
lease. This message is also sent as a broadcast, since the client computer
doesn’t yet have an IP address to which the server can send the message
directly.
The Offer message includes the IP address that is available (and the
server temporarily reserves it during the extension of the offer), a subnet
mask, a lease duration (which is specified by the administrator in config-
uring DHCP), and the server’s IP address.
DHCP Request
The client will receive “offers” from more than one source if there are mul-
tiple DHCP servers on the network that have available addresses. The
client will accept the first offer that arrives, and will send back a message
NOTE
91_tcpip_08.qx 2/25/00 11:10 AM Page 424
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 425
called a DHCP Request. This is also a broadcast—so the other servers who
made offers will know that they’ve been “rejected” and will release the
addresses they had temporarily reserved for the client—which we might
think of as a formal acceptance of the first server’s offer. It includes the IP
address of the server whose offer is being accepted.
DHCP Acknowledgment
The final message, the one that “clinches the deal,” comes from the DHCP
server. It acknowledges the acceptance of its offer and assigns the IP
address to the client for it to use for the duration of the lease period. It
also includes other TCP/IP configuration information, such as the default
gateway and subnet mask, and the addresses of DNS and WINS servers,

if the client is configured to get this information through DHCP. After
receiving this message, the client will be able to use the IP address for
TCP/IP communications over the network.
This last message is called an ACK. If the server is for some reason
unable to complete the transaction, it sends instead a NACK, or negative
acknowledgment.
A NACK occurs when a client attempts to lease an IP address it held
previously, which has become unavailable, or if the client has relocated to a
different subnet and the address it is trying to lease is now invalid.
Common DHCP Problems
Next, we will look at some of the problems that can occur as this scenario
plays out.
Windows 2000 Pro cannot be a DHCP server, although it can serve as a
DHCP allocator, performing somewhat the same function, when set up to
share its Internet connection as an ICS host.
Traditionally, most problems with DHCP fall into a few broad categories:
■
Server configuration problems
■
Client configuration problems
NOTE
NOTE
91_tcpip_08.qx 2/25/00 11:10 AM Page 425
426 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
■
Unauthorized DHCP servers
■
Unavailable DHCP server
We will discuss each of these, how Windows 2000’s TCP/IP enhance-
ments help to reduce the frequency of these problems, and best practices

for optimizing DHCP performance and decreasing the chances of problems.
Server Configuration Problems
As might be expected, the majority of DHCP problems stem from incorrect
initial configuration or failure to update the configuration on the DHCP
server(s).
Remember that the DHCP server itself cannot be a DHCP client; it must be
manually configured with a static IP address and other TCP/IP configuration
information.
In Windows 2000, Microsoft has incorporated the management of the
DHCP server services into the Microsoft Management Console (MMC), pro-
viding a new, more standardized look and feel for administrators. See
Figure 8.9 for an example of the DHCP management console snap-in.
TIP
Figure 8.9 The DHCP server is configured from the MMC.
You can access the DHCP MMC via Start | Programs | Administrative
Tools | DHCP on the server.
If DHCP is not performing as expected across the network, the first
thing you should check is the configuration on the DHCP server.
91_tcpip_08.qx 2/25/00 11:10 AM Page 426
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 427
If DHCP is not functioning at all, one thing to check is whether the DHCP
service has been stopped. Windows NT administrators are used to stopping
and starting services from the Services applet in Control Panel, but you
won’t find that applet in Windows 2000 Server. Instead, right-click My
Computer, choose Manage, and navigate down the tree in the left panel to
expand Services and Applications. Select DHCP, right-click (or choose the
Action menu), and select All Tasks. Here you can start, stop, pause, resume,
or restart the service, as shown in Figure 8.10.
NOTE
Figure 8.10 Starting and stopping the DHCP service via the Computer

Management MMC.
As you can see in Figure 8.10, you can perform configuration tasks
such as creating new scopes, reconciling scopes, defining classes from the
Computer Management snap-in, and starting or stopping the service.
91_tcpip_08.qx 2/25/00 11:10 AM Page 427
428 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
These tasks can also be performed from the DHCP MMC accessed
through Administrative Tools; this can be confusing when you first start
working with Windows 2000.
Scopes and Address Pools
In the context of DHCP, a scope is a group of consecutive IP addresses
that can be allocated to clients on a subnet. For example, a scope might
be defined as 192.168.1.140 through 192.168.1.160. Note that these
addresses are contiguous. To define a scope, simply click DHCP in
Computer Management, and on the Action menu, select New Scope. This
will start the New Scope Wizard, which walks you painlessly through the
process.
A scope must have a name, a range of IP addresses, and a subnet
mask. You can also define the lease duration, reserve certain addresses
for certain DHCP clients, and define options.
After you define the scope, you must activate it before it will be used by
DHCP.
In some cases, you may want to exclude certain addresses within the
scope’s range from being offered to DHCP clients, such as those used by
routers or computers with manually configured static addresses. For
instance, if you have three DNS servers on the network with manually
configured IP addresses that fall within the scope, you would exclude
those addresses (another option is to reserve addresses for those comput-
ers, so that DHCP will assign them the same addresses each time they
request a lease, as we will discuss a little later in the chapter).

Suppose the manually assigned IP addresses of the three DNS servers
are:
192.168.1.150
192.168.1.151
192.168.1.152
You don’t want DHCP handing out those addresses to its clients, or
you will end up with an IP address conflict. You can define an exclusion
range of 192.168.1.150 through 192.168.1.152, and those addresses will
be excluded from the DHCP scope. You can choose to exclude a range of
addresses during the creation of the scope, using the New Scope Wizard.
To exclude a range of addresses after the scope has been created, sim-
ply expand the Scope object in the left panel of the MMC, and right-click
NOTE
91_tcpip_08.qx 2/25/00 11:10 AM Page 428
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 429
Address Pool. Choose New Exclusion Range, as shown in Figure 8.11, and
the Exclusion Range dialog box will be displayed.
Enter the first and last address in the range of addresses that you
wish to exclude, or to exclude just one address, enter it in the Start field
(not in both fields).
Figure 8.11 You can exclude a range of IP addresses from the DHCP scope.
Common Problems Associated with Scopes and Address Pools
Common problems that arise in relation to DHCP scopes include:
■
Not excluding the addresses within the scope range that have
been assigned to routers, network print devices, or computers
whose IP addresses were configured manually.
■
Specifying an incorrect subnet mask.
■

Defining too small a scope so that the DHCP server does not
have enough IP addresses to assign to all requesting DHCP
clients.
■
Not activating the scope after defining it. To activate the scope,
right-click the scope you want to activate under DHCP in Computer
Management, and select Activate, as shown in Figure 8.12.
91_tcpip_08.qx 2/25/00 11:10 AM Page 429
430 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
Note in Figure 8.12 that Windows 2000 places a warning icon by the
scope name to notify you that it has not yet been activated.
Figure 8.12 After creating the scope, you must activate it before DHCP can use it.
Superscopes
When a single physical network segment consists of more than one logical
IP subnet, and when two DHCP servers are tasked with managing sepa-
rate logical subnets on the same physical network, Microsoft recommends
that you implement a superscope. This allows DHCP servers to assign
addresses from more than one scope to the same subnet.
Without superscopes, this situation may cause DHCP clients to
receive NACKS when they come online and attempt to renew their previ-
ous leases, and/or when a new address is obtained, it might put the
client on a different subnet from the one for which it had been configured
before. Superscopes prevent these problems by allowing each of the two
DHCP servers to recognize and “respect” addresses assigned by the other.
To configure superscopes, all of the DHCP servers on the segment are
set up to recognize all subnets on the segment. Exclusion ranges are used
on each server to prevent their address ranges from overlapping. In other
words, you configure each server so that its superscope includes all the
91_tcpip_08.qx 2/25/00 11:10 AM Page 430
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 431

subnets, including those whose addresses are allocated by other DHCP
servers. You then set up exclusion ranges for the addresses that are allo-
cated by the other servers. This way, each server will recognize all the
addresses in the superscope as valid, but will only allocate those address-
es that are not excluded in its configuration.
Lease Duration
As we already learned, when a DHCP server allocates an IP address to a
client, it does not grant permission to use that address permanently.
Instead, it “leases” the use of the address for a specified period of time,
called the lease duration. During the creation of a new scope, the
Windows 2000 New Scope Wizard allows you to change the default lease
duration of eight days, as shown in Figure 8.13.
Figure 8.13 The New Scope Wizard allows you to change the duration of DHCP
leases.
You are not, however, stuck with the lease duration that is set during the
scope creation. You can change the duration of leases handed out by the
server at any time, by editing the Properties page for the scope. Right-click
the name of the scope for which you wish to change the lease duration, and
select Properties. You will see the dialog box shown in Figure 8.14.
As you can see, the duration can be set to the number of days, hours,
and minutes desired, just as could be done during the creation of the
91_tcpip_08.qx 2/25/00 11:10 AM Page 431
432 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
scope. Another option you have, which was not given by the New Scope
Wizard, is to choose not to limit the duration of the DHCP leases. In that
case, clients will retain their leases until the lease is manually released.
It is usually not desirable to set the lease duration to unlimited, because
this means that even if the computer holding the lease goes offline forever,
that IP address cannot be reused until or unless the lease is manually
released.

If a DHCP client goes down, the administrator can force the lease to
be released by right-clicking Address Leases under the Scope name in the
console, selecting the IP address/computer name combination for the
lease to be released in the right pane, right-clicking and selecting Delete,
as shown in Figure 8.15.
This will free the IP address to be allocated to another DHCP client.
Figure 8.14 You can change the lease duration for DHCP clients through the
Scope Properties sheet.
WARNING
91_tcpip_08.qx 2/25/00 11:10 AM Page 432
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 433
If you find that all of the IP addresses in the scope are being used even
though you have fewer computers on the network than the number of
addresses to be allocated, check the Address Leases to determine if RRAS is
assigning multiple DHCP addresses to the same computer(s). In Figure 8.15,
those IP address leases that have icons showing a telephone beside the
computer are assigned by RRAS.
The Lease Renewal Process
If you sign a one-year lease for a house, and you wish continue living on
the property, you probably will not wait until the day the lease is up to
negotiate a renewal of the lease with the landlord. If you did, you might
find yourself out on the streets with no place to live. Similarly, DHCP
clients “think ahead” to ensure that they aren’t left high and dry without
an IP address when their leases expire.
Figure 8.15 You can manually force a DHCP to be released by deleting the lease in
the management console.
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 433
434 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
When the lease period, as set in the lease duration configuration, is

halfway expired, the DHCP client will send a message to the DHCP server
requesting a renewal of the lease (as you can see, DHCP clients plan fur-
ther ahead than do most residential tenants). Normally, the DHCP server
then renews the lease. But what if the server from which the lease was
obtained has gone down? The client will try again when 87.5 percent of
the lease has expired. The first renewal attempt is made by sending a
DHCP Request directly to the DHCP server holding the lease. If no
response is received, the client tries to obtain a lease from any available
DHCP server, broadcasting a DHCP Request.
If the client doesn’t get a response from any DHCP server (or if it gets
a negative response) before the expiration time is up, it cannot continue
to use the address. At that point, it must start all over with the leasing
process in order to be assigned a new IP address.
You can force the client to manually request a renewal of its lease at any
time by using the ipconfig /renew command.
Common Problems Associated with Lease Duration
The network problems commonly associated with lease duration can be
solved or reduced by taking advantage of Windows 2000’s option to change
the duration as shown in the foregoing section. These problems include:
Network slowdown caused by excessive lease renewal traffic.
Looking back at the process for obtaining and renewing DHCP
leases, you can see how DHCP is capable of adding a lot of
network traffic. This is especially true if the network is large, with
many DHCP clients. You can alleviate some of the congestion by
extending the lease period beyond the default if there are plenty of
IP addresses available and the clients are stable. In this case, you
might consider increasing lease duration to 21 or even 30 days.
Inefficient use of DHCP addresses resulting in server(s) not
having enough addresses for all requesting clients. This
problem can occur when there is a limited number of IP addresses

in the DHCP scope and you have an unstable client situation; that
is, computers configured to use DHCP that move on and off the
network, as with laptop/notebook systems. DHCP client computers
running Microsoft operating systems do not release their leases
when they shut down, so if laptops are removed from the network,
TIP
91_tcpip_08.qx 2/25/00 11:11 AM Page 434
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 435
their leases will still be assigned to them for the duration of the
lease even though they are not being used. If this happens, you
may find it beneficial to decrease the lease duration to a shorter
period than the default, so addresses will be more quickly returned
to the pool of available addresses to be assigned to other clients.
Reserved Addresses
Some computers—primarily servers—need to always have the same IP
address. One way to accomplish this is to manually configure their
TCP/IP properties, but this means that if other TCP/IP configuration
information changes (for instance, the address of the WINS server), they
will all have to be manually changed. There’s a way to allow these com-
puters to enjoy the benefits of DHCP, such as the ability to make those
changes on the DHCP server and have it automatically disseminated to
the clients, and still ensure that the computers that need to always have
the same address can. This is accomplished by assigning reserved
addresses to those computers.
Adding a reserved address is easy in Windows 2000. Right-click
Reservations under the Scope in the MMC, and select New Reservation.
You will see a dialog box, as shown in Figure 8.16.
Figure 8.16 You can make an address reservation for a client that needs to
always have the same address.
91_tcpip_08.qx 2/25/00 11:11 AM Page 435

436 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
1. Type in a name for the reservation, the IP address to be
reserved, and the physical (MAC) address of the computer for
which you are reserving the address.
2. The Description field is optional.
3. You must choose the allowed client type (DHCP, BOOTP, or
both).
4. Click A
DD to enter the new reservation into the DHCP database.
The MAC address must be entered correctly or the DHCP server will not
assign the reserved address to the computer. Although the reservation
name can be the name of the client computer, the DHCP server uses the
hardware address to recognize the computer for which an address
reservation is made. Unlike when you enter the MAC address to configure a
static arp cache entry, you must NOT put dashes in the MAC address when
you configure a client reservation at the DHCP server.
Determining the Physical Address of a Computer
To find the hardware address of a computer while sitting at the computer
itself, type
ipconfig /all at the command line.
To find the hardware address of another computer on the network, first
ping the computer name if you don’t know its IP address. When you have the
IP address, type
arp –a at the command line to find its physical address. If
you have the Windows 2000 Resource Kit, you can use the getmac utility.
Although the MAC address is displayed in the ipconfig and arp utilities with
dashes between each pair of hexadecimal digits, do not use dashes when
you enter the MAC address in the New Reservation dialog box.
DHCP Options
There are four types of DHCP scope options, in increasing order of specificity:

■
Server options
■
Scope options
WARNING
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 436
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 437
■
Client options
■
Class options
Server options. These are the default options that are applied to
all scopes configured on a particular DHCP server. You can use
them to define configuration information used by all the client
computers, such as the address of the WINS or DNS server.
Scope options. As the name implies, these apply only to clients
whose addresses are leased from the specified scope. This allows
you to set information specific to a particular subnet (when there
is a separate scope for each subnet) such as the default gateway
address.
Client options. In some cases, you may need to define options
that apply only to a specific client or clients. These are used for
clients with reserved addresses.
Class options. When you use the Server, Scope, or Client Options
dialog boxes, you can use the Advanced tab to configure and
enable options for clients that are members of a specified user or
vendor class. Only the DHCP clients that identify themselves
according to the criteria for the selected class will be given the
options data you have set up for that class.

How to Configure Options
To configure the Server options, right-click Server Options in the left pane
of the console, and select Configure Options. To configure Scope options,
right-click Scope Options and do the same. Configuration of client options
is a little trickier. First, you must have a client reservation. Expand the
Reservations container, select the client reservation for which you wish to
configure client options, right-click it, and select Configure Options
(shown in Figure 8.17).
Some Microsoft documentation refers to the Server options as “Global”
options.
Class options are new to Windows 2000. Microsoft provides three pre-
defined classes: a default user class, the Microsoft Dynamic BOOTP class,
and the Microsoft RRAS class, as shown in Figure 8.18.
Options are applied in the following order of priority:
1. Specific client options are used before scope or global options.
2. Scope options are used before Server options.
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 437
438 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
Figure 8.17 Client options can only be configured for clients with address
reservations.
■
IP addresses of routers.
■
IP addresses of DNS servers.
■
DNS domain name.
■
NetBIOS node type.
■

IP addresses of WINS server.
3. Class options can override values assigned and set at the same
context (server, scope, or client options) or the values that are
inherited from options at a higher context.
Class options are divided into two types: user class and vendor class.
The most commonly used options include:
91_tcpip_08.qx 2/25/00 11:11 AM Page 438
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 439
Class-based options only apply to DHCP clients that are identified as
members of the specified user or vendor class.
Monitoring the DHCP Server
Another improvement that Microsoft has made in Windows 2000 includes
enhancements to the ability to monitor and provide statistical information
for the DHCP server(s). A common DHCP-related problem is the depletion
of available IP addresses, so Windows 2000 allows you to set up a prede-
fined point at which an alert will be sent informing you that the specified
percentage of available IP addresses has been used (you can also config-
ure a second notice to be sent when the addresses are all gone).
The Windows 2000 DHCP management tool supports the Simple
Network Management Protocol (SNMP), as discussed in Chapter 5, “Using
Network Monitoring and Troubleshooting Tools in Windows 2000,” for
Figure 8.18 Class options apply only to members of specified classes.
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 439
440 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
To access the statistical information, go to Start | Programs |
Administrative Tools | DHCP.
In the DHCP Manager, right-click the DHCP server name, and select
Display Statistics.
As you can see, the statistical summary provides you with the number

of scopes configured, total addresses allocated for assignment, how many
of those are in use, and how many are still available.
Another source of information about DHCP activities is the Event Viewer,
which logs informational, warning, and error messages, and DHCP audit
logs if you have logging enabled.
The DHCP Database
The DHCP database can become corrupt, or data might be accidentally
deleted or destroyed due to hardware problems, power problems, viruses,
or other reasons.
Figure 8.19 The DHCP management administrative tool displays statistical
information.
NOTE
monitoring of DHCP-related statistics. There is a great deal of useful
information available via the DHCP manager, including the number of
DHCP Discover, Offer, Request, and ACK/NACK messages that have been
sent since the server last started (see Figure 8.19).
91_tcpip_08.qx 2/25/00 11:11 AM Page 440
Troubleshooting Windows 2000 IP Addressing Problems • Chapter 8 441
The database files are stored in <systemroot>\System32\DHCP and
include the following files:
■
Dhcp.mdb
■
Dhcp.tmp
■
J50.log and J50#####.log
■
J50.chk
Do not remove or alter these files. You may be accustomed to deleting
temp files to free disk space; however, the Dhcp.tmp file is used as a swap

file, and Microsoft documentation warns that it should not be deleted.
Windows 2000 backs up the DHCP database by default at one-hour
intervals. You can edit the Registry to change the backup interval. To do
so, use a Registry editor to open the key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP
\Parameters
Always back up the Registry before making changes. Editing the Registry
should always be done with care, as incorrect entries could cause the
system to become unbootable.
Edit the value BackupInterval by entering the number of minutes
desired between database backups, as shown in Figure 8.20.
By default, the value is shown in hexadecimal, but you can convert it
to decimal by selecting the appropriate radio button.
The DHCP database backup files are stored on the DHCP server in the
<systemroot>\System32\DHCP\Backup\Jet directory. A copy of the
DCHP\Parameters subkey of the Registry is stored in the Backup directory
with the file name DHCPCFG.
NOTE
WARNING
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 441
442 Chapter 8 • Troubleshooting Windows 2000 IP Addressing Problems
If the operating system detects that the DHCP database has become
corrupt, it will automatically restore from backup when the service
restarts. To manually restore the database from the backup files, you
must edit the Registry. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\DHCPServer\Parameters and set the
RestoreFlag value to 1.
It is not necessary to edit the Registry again to reset the RestoreFlag entry.
After the database is restored, the server will automatically return the value

to 0.
Figure 8.20 Edit the Registry to change the interval between DHCP database
backups.
NOTE
91_tcpip_08.qx 2/25/00 11:11 AM Page 442