Hey everyone! I'm having a frustrating issue with the Windows DHCP service on one of our Wi-Fi networks. We're seeing constant BAD_ADDRESS entries, mainly because a device is continuously spamming invalid lease entries, which ends up exhausting our free address pool. This means new devices can't authenticate anymore. The entries all have different "Unique IDs" but are slightly different and incomplete, like 1a0d1fac, 1d0d1fac, and 1e0d1fac. When I manually delete the entries, new ones pop up every three seconds until the pool is full again. This issue also happens at another location, but it's isolated to just one specific network; others are working fine. Here are a few details if it helps:
- We're running Windows Server 2022 Datacenter 21H2 (20348.3932) for our DC.
- Our network uses Ubiquity Access Points.
- No known error messages pop up on mobile clients trying to connect.
Any ideas on what might be causing this hassle? Thanks!
5 Answers
Are you using any Cisco switches in your setup? There was a similar problem we had that was resolved by following some steps outlined by Cisco. Here’s a link to the solution I found really helpful: [Cisco DHCP Solutions](https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html). It might be worth checking out!
Sounds like you've got a tricky situation! I’d suspect it’s a mobile device causing a fuss. Try isolating any recently added devices, or maybe execute a MAC filter. It can be labor-intensive, but you may need to slowly reintroduce devices to figure out who the culprit is. There’s also a chance of an IP conflict that could be causing this chaos. Good luck!
I remember dealing with a similar issue before. Typically, it happens when a device gets an IP address, but another device already has that same address—maybe assigned by a rogue DHCP server or manually. You should try capturing some data with Wireshark to check if there are multiple DHCP servers responding to requests. It might shed some light on where the conflict is coming from!
It sounds like someone might have a device with randomized MAC addresses that keeps reconnecting to the network, which would definitely flood your DHCP with those requests. Are you using guest access with splash screens to help manage this? Ideally, local networks should leverage something more secure like RADIUS to track and authenticate users. If that’s not set up, I’d suggest identifying the specific device causing the issue. You could track location or use timing correlation to see how it's moving between access points. If you’re using PSK, changing it could also help and inform your authorized devices. Hope that helps!
We don’t use RADIUS on this network, so that could be part of the problem.
For a quick fix, you could just disable access temporarily. Then, try adding devices back one by one to see if you can isolate the problem. It makes it easier to identify what's causing the chaos.
Just a heads up, this is an unencrypted customer Wi-Fi network with client isolation, which might complicate things.
We only use Aruba switches, so that might not apply.