Imagine you have DHCP server on network. You have all Windows XP and older clients. When DHCP server was not accessible on network during client’s startup, client computer couldn’t get IP address and it assigned APIPA address. This was a problem. So let’s look what’s new since Windows 7.
I prepared following scenario:
When I client wants to get TCP/IP settings from DHCP server, there are four DHCP packets (DISCOVER, OFFER, REQUEST and ACK) going on network. Network dump on DHCP server:
This is normal behaviour even in old clients. Now I shutdown client and stop DHCP server. When I started client computer I found out that client computer has IP address it received from DHCP server before reboot.
So let’s restart client again and see what happends. Client computer has same TCP/IP settings, it had before reboot (TCP/IP settings received from DHCP server before I stopped DHCP server). Client computer keeps asking DHCP server to renew TCP/IP settings (using DHCP REQUEST):
So how client computer knows if it has to set cached TCP/IP settings before DHCP server stopped to respond? I assume it depends on gateway and its IP or MAC address. So let’s disconnect gateway from network and reboot client computer. Now client has APIPA TCP/IP settings and it looks for DHCP server by DHCP DISCOVERY:
It means it depends on health of gateway if client keeps TCP/IP settings assigned by DHCP or not. I haven’t seen any ICMP packet to check network healt of gateway so I assume it check MAC address. So let’s look for ARP packets from client to gateway. Looks like client asks for MAC address of saved default gateway IP address. When it received answer, it sets TCP/IP settings to cached TCP/IP settings:
Question is if client computer compares MAC address to some saved one or it just waits for ARP response and doesn’t care of MAC address. Let’s change MAC address of default gateway. Client keeps asking via ARP for MAC address. MAC address is different and client doesn’t set its saved TCP/IP settings (it sets APIPA settings):
So where client computer saves MAC address of default gateway?
Yes, in registry. It’s saved under registry key:
and there are subkeys for each interface and under this key there is binary value called DhcpGatewayHardware which contains MAC address:
When client starts it checks for MAC address of its saved default gateway IP address. Then it compares to saved MAC address from registry. If these two MAC addresses don’t match, client deletes all saved TCP/IP settings from registries and uses APIPA (if there is not Alternate Configuration). In background it still looks for DHCP server by sending DHCP DISCOVER packets.
So now we have smaller problem on Mondays when DHCP server is down (of course by accident ) and everyone is trying to get to network resources
I haven’t find any article about this new behaviour on oficial Microsoft websites.
That’s all folks,