DHCP Warnings Event ID 1003

  • Thread starter Thread starter Mike Testovich
  • Start date Start date
M

Mike Testovich

Since we implemented dot1x and all great security features that come with it
on our WIRED network, I started seeing DHCP Warnings Event ID 1003 on all of
my workstations configured for DHCP address assignment.

Below is the text of the warning.

Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001143AD2813. The
following error occurred:

The operation was canceled by the user. . Your computer will continue to try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I tried disabling dhcp snooping on one of the ports, but the warnings didn't
go away from the pc plugged in to that port. What's interesting is that XP
machines log Event ID 1003 only at the start up, windows 2000 systems log
this warning all day long (every 5 - 7 min) Looking at the DHCP log file
located on my DHCP server under C:\WINDOWS\system32\dhcp\DhcpSrvLog-Wed.log
confirms with my findings about XP machines accessing DHCP once a day at
the start up and 2000 systems accessing DHCP all day long. (200 - 250
records per PC)

Below is the list of actions my 2000 and XP systems do. (XP systems do this
once a day, 2000 systems show up in the log 200 times a day )

32 DNS update successful
30 DNS update request to the named DNS server
11 A lease was renewed by a client.

All of my ports are configured the same. Below is the config from one of the
ports.


interface GigabitEthernet0
switchport access vlan 21
switchport mode access
switchport voice vlan 24
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x reauthentication
dot1x guest-vlan 666
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20

Does anybody know what may trigger this warning on the workstation with
DOT1x

Implementation?



Thank you.
 
If you do ipconfig /flushdns and then ipconfig /registerdns, does that fix the problem? This link may have more troubleshooting tips.

Event ID 1003 - Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address <MAC address>.
http://www.chicagotech.net/wineventid.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Since we implemented dot1x and all great security features that come with it
on our WIRED network, I started seeing DHCP Warnings Event ID 1003 on all of
my workstations configured for DHCP address assignment.

Below is the text of the warning.

Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001143AD2813. The
following error occurred:

The operation was canceled by the user. . Your computer will continue to try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I tried disabling dhcp snooping on one of the ports, but the warnings didn't
go away from the pc plugged in to that port. What's interesting is that XP
machines log Event ID 1003 only at the start up, windows 2000 systems log
this warning all day long (every 5 - 7 min) Looking at the DHCP log file
located on my DHCP server under C:\WINDOWS\system32\dhcp\DhcpSrvLog-Wed.log
confirms with my findings about XP machines accessing DHCP once a day at
the start up and 2000 systems accessing DHCP all day long. (200 - 250
records per PC)

Below is the list of actions my 2000 and XP systems do. (XP systems do this
once a day, 2000 systems show up in the log 200 times a day )

32 DNS update successful
30 DNS update request to the named DNS server
11 A lease was renewed by a client.

All of my ports are configured the same. Below is the config from one of the
ports.


interface GigabitEthernet0
switchport access vlan 21
switchport mode access
switchport voice vlan 24
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x reauthentication
dot1x guest-vlan 666
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20

Does anybody know what may trigger this warning on the workstation with
DOT1x

Implementation?



Thank you.
 
Robert L [MVP - Networking] schreef:
If you do ipconfig /flushdns and then ipconfig /registerdns, does that
fix the problem? This link may have more troubleshooting tips.

*Event ID 1003*
<http://www.chicagotech.net/troubleshooting/eventid1003.htm> - Your
computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address <MAC address>.
<http://www.chicagotech.net/troubleshooting/eventid1003.htm>
http://www.chicagotech.net/wineventid.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

"Mike Testovich" <[email protected] <mailto:[email protected]>>
wrote in message Since we implemented dot1x and all great security features that come
with it
on our WIRED network, I started seeing DHCP Warnings Event ID 1003
on all of
my workstations configured for DHCP address assignment.

Below is the text of the warning.

Your computer was not able to renew its address from the network
(from the
DHCP Server) for the Network Card with network address
001143AD2813. The
following error occurred:

The operation was canceled by the user. . Your computer will
continue to try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I tried disabling dhcp snooping on one of the ports, but the
warnings didn't
go away from the pc plugged in to that port. What's interesting is
that XP
machines log Event ID 1003 only at the start up, windows 2000
systems log
this warning all day long (every 5 - 7 min) Looking at the DHCP log file
located on my DHCP server under
C:\WINDOWS\system32\dhcp\DhcpSrvLog-Wed.log
confirms with my findings about XP machines accessing DHCP once a
day at
the start up and 2000 systems accessing DHCP all day long. (200 - 250
records per PC)

Below is the list of actions my 2000 and XP systems do. (XP systems
do this
once a day, 2000 systems show up in the log 200 times a day )

32 DNS update successful
30 DNS update request to the named DNS server
11 A lease was renewed by a client.

All of my ports are configured the same. Below is the config from
one of the
ports.


interface GigabitEthernet0
switchport access vlan 21
switchport mode access
switchport voice vlan 24
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x reauthentication
dot1x guest-vlan 666
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20

Does anybody know what may trigger this warning on the workstation with
DOT1x

Implementation?



Thank you.
Click to expand...

You take a look in these articles.

http://www.eventid.net/display.asp?eventid=1003&eventno=1478&source=DHCP&phase=1

On Wireless XP Clients check this:
http://support.microsoft.com/kb/313896/en-us

On Wired-Client check this:
http://support.microsoft.com/kb/325919 (hotfix avalaible)
http://support.microsoft.com/support/kb/articles/q168/4/55.asp

This seems intresting:
According to the article, if the switch uses the spanning tree algorithm
(STA), the system can lose your DHCP request packet. Although STA
provides useful functionality (e.g., it blocks loop conditions on ports,
enables backup loops between switches in case of cable or port failure,
provides some fault tolerance for incorrect wiring, helps switches
discover the best path), in my case this algorithm was the culprit.

I checked the Cisco documentation, which revealed that the company's
switches use STA. I used HyperTerminal to assign the switches an IP
address, then I connected to each switch over the Internet and used
Cisco's Visual Switch Manager to disable STA. The method to disable STA
varies, so check your switch documentation for the specifics. You need
to disable STA only for the ports connecting the switches and not for
the ports that clients use, but the Cisco models I have only let you
enable or disable STA for the entire switch.


Your Sincerly,
 
I guess the warning logged on the workstations is deceiving. I am not aware
of any problems with clients obtaining DHCP leases.



ipconfig /flushdns and then ipconfig /registerdns does not fix the problem.
I don't think this is an OS configuration issue. Most likely this is
something to look for in my Switch configuration.





If you do ipconfig /flushdns and then ipconfig /registerdns, does that fix
the problem? This link may have more troubleshooting tips.

Event ID 1003 - Your computer was not able to renew its address from the
network (from the DHCP Server) for the Network Card with network address
<MAC address>.
http://www.chicagotech.net/wineventid.htm

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
Since we implemented dot1x and all great security features that come with
it
on our WIRED network, I started seeing DHCP Warnings Event ID 1003 on all
of
my workstations configured for DHCP address assignment.

Below is the text of the warning.

Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001143AD2813. The
following error occurred:

The operation was canceled by the user. . Your computer will continue to
try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I tried disabling dhcp snooping on one of the ports, but the warnings
didn't
go away from the pc plugged in to that port. What's interesting is that XP
machines log Event ID 1003 only at the start up, windows 2000 systems log
this warning all day long (every 5 - 7 min) Looking at the DHCP log file
located on my DHCP server under
C:\WINDOWS\system32\dhcp\DhcpSrvLog-Wed.log
confirms with my findings about XP machines accessing DHCP once a day at
the start up and 2000 systems accessing DHCP all day long. (200 - 250
records per PC)

Below is the list of actions my 2000 and XP systems do. (XP systems do
this
once a day, 2000 systems show up in the log 200 times a day )

32 DNS update successful
30 DNS update request to the named DNS server
11 A lease was renewed by a client.

All of my ports are configured the same. Below is the config from one of
the
ports.


interface GigabitEthernet0
switchport access vlan 21
switchport mode access
switchport voice vlan 24
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x reauthentication
dot1x guest-vlan 666
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20

Does anybody know what may trigger this warning on the workstation with
DOT1x

Implementation?



Thank you.
 
Mike Testovich said:
Since we implemented dot1x and all great security features that come with
it
on our WIRED network, I started seeing DHCP Warnings Event ID 1003 on all
of
my workstations configured for DHCP address assignment.

Below is the text of the warning.

Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001143AD2813. The
following error occurred:

The operation was canceled by the user. . Your computer will continue to
try
and obtain an address on its own from the network address (DHCP) server.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

I tried disabling dhcp snooping on one of the ports, but the warnings
didn't
go away from the pc plugged in to that port. What's interesting is that XP
machines log Event ID 1003 only at the start up, windows 2000 systems log
this warning all day long (every 5 - 7 min) Looking at the DHCP log file
located on my DHCP server under
C:\WINDOWS\system32\dhcp\DhcpSrvLog-Wed.log
confirms with my findings about XP machines accessing DHCP once a day at
the start up and 2000 systems accessing DHCP all day long. (200 - 250
records per PC)

Below is the list of actions my 2000 and XP systems do. (XP systems do
this
once a day, 2000 systems show up in the log 200 times a day )

32 DNS update successful
30 DNS update request to the named DNS server
11 A lease was renewed by a client.

All of my ports are configured the same. Below is the config from one of
the
ports.


interface GigabitEthernet0
switchport access vlan 21
switchport mode access
switchport voice vlan 24
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
switchport port-security aging type inactivity
ip arp inspection limit rate 50
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
dot1x pae authenticator
dot1x port-control auto
dot1x host-mode multi-host
dot1x reauthentication
dot1x guest-vlan 666
spanning-tree portfast
spanning-tree bpduguard enable
ip dhcp snooping limit rate 20

Does anybody know what may trigger this warning on the workstation with
DOT1x

Implementation?
Click to expand...

Are you using Radius. How is the Global config for dot1x
 
Back
Top