> Hi,
> In our DHCP server (French Windows 2k3 R2), we have records showing
> type
> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
> Does someone know what could create entries like that ?
> Every 10-15 minutes, a different record is created.
> To be able to see those records, I have to go on my scope, right-click
> Reconcile, Verify, Reconcile and then I can see the record.
> Thanks for your help.

> Hello Normand,
>
> Any devide which is enabled to use DHCP, switches, printers, computers of
> course, handheld if network ready etc.......
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi,
>> In our DHCP server (French Windows 2k3 R2), we have records showing
>> type
>> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
>> Does someone know what could create entries like that ?
>> Every 10-15 minutes, a different record is created.
>> To be able to see those records, I have to go on my scope, right-click
>> Reconcile, Verify, Reconcile and then I can see the record.
>> Thanks for your help.
>
>

> Hi Meinolf,
> But one device can create multiple records in DHCP ?
> The unique ID is supposed to be the MAC address of the device but in
> my
> case, unique ID is 31302e302e39302e31353100, 31302e302e39302e31353200,
> 31302e302e39302e31353300, etc.
> Thanks.
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a écrit dans le
> message de groupe de discussion :
> ff16fb6623c5c8cba1c75c499***@msnews.microsoft.com...
>
>> Hello Normand,
>>
>> Any devide which is enabled to use DHCP, switches, printers,
>> computers of course, handheld if network ready etc.......
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Hi,
>>> In our DHCP server (French Windows 2k3 R2), we have records showing
>>> type
>>> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
>>> Does someone know what could create entries like that ?
>>> Every 10-15 minutes, a different record is created.
>>> To be able to see those records, I have to go on my scope,
>>> right-click
>>> Reconcile, Verify, Reconcile and then I can see the record.
>>> Thanks for your help.

> Hello Normand,
>
> Ping the ip address of that item and then run "arp -a" in a command
> prompt, the list should also show the MAC for the ip address from that
> device.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hi Meinolf,
>> But one device can create multiple records in DHCP ?
>> The unique ID is supposed to be the MAC address of the device but in
>> my
>> case, unique ID is 31302e302e39302e31353100, 31302e302e39302e31353200,
>> 31302e302e39302e31353300, etc.
>> Thanks.
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> a écrit dans le
>> message de groupe de discussion :
>> ff16fb6623c5c8cba1c75c499***@msnews.microsoft.com...
>>
>>> Hello Normand,
>>>
>>> Any devide which is enabled to use DHCP, switches, printers,
>>> computers of course, handheld if network ready etc.......
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Hi,
>>>> In our DHCP server (French Windows 2k3 R2), we have records showing
>>>> type
>>>> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
>>>> Does someone know what could create entries like that ?
>>>> Every 10-15 minutes, a different record is created.
>>>> To be able to see those records, I have to go on my scope,
>>>> right-click
>>>> Reconcile, Verify, Reconcile and then I can see the record.
>>>> Thanks for your help.
>
>

"Normand" <nhu***@noreply.ca> wrote in message news:OCSLCIz0JHA.140@TK2MSFTNGP03.phx.gbl...
> Hi,
> In our DHCP server (French Windows 2k3 R2), we have records showing type
> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
> Does someone know what could create entries like that ?
> Every 10-15 minutes, a different record is created.
> To be able to see those records, I have to go on my scope, right-click
> Reconcile, Verify, Reconcile and then I can see the record.
> Thanks for your help.
>
>
>

> "Normand" <nhu***@noreply.ca> wrote in message
> news:OCSLCIz0JHA.140@TK2MSFTNGP03.phx.gbl...
>> Hi,
>> In our DHCP server (French Windows 2k3 R2), we have records showing type
>> DHCP/BOOTP with a unique ID 31302e302e39302e31353xx.
>> Does someone know what could create entries like that ?
>> Every 10-15 minutes, a different record is created.
>> To be able to see those records, I have to go on my scope, right-click
>> Reconcile, Verify, Reconcile and then I can see the record.
>> Thanks for your help.
>>
>>
>>
>
>
>
> Get the MAC address of the device or client, then log into your switch to
> determine what port it is on.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace***@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Drucker
> http://twitter.com/acefekay
>

> "Normand" <nhu***@noreply.ca> wrote in message
> news:%23kGVuX80JHA.1644@TK2MSFTNGP02.phx.gbl...
>> Hi Ace,
>> How can I find MAC address of that device ?  MAC is supposed to be
>> indicated
>> under Unique ID but what I have is 31302e302e39302e31353100,
>> 31302e302e39302e31353200, 31302e302e39302e31353300, etc. for each record.
>> Thanks for any more help.
>
>
> Wow, that is odd. The uniqueID should be 12 characters. You are seeing a
> 24 bit MAC. Let's break it down.
>
> For:
> 3130 2e30 2e39 302e 3135 3100
> (put into calc as Hex, then changed from Qword to Dword) and got:
>
> 2E 39 30 2E 00
>
> Do you see that MAC? If not, how about any of the following?
>
> 31  2e  30 31 31
> or
> 30 30 39 2e 35 00
>
>
> Ace
>
>

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Normand" <nhu***@noreply.ca> wrote in message news:%23kGVuX80JHA.1644@TK2MSFTNGP02.phx.gbl...
> > Hi Ace,
> > How can I find MAC address of that device ?  MAC is supposed to be indicated
> > under Unique ID but what I have is 31302e302e39302e31353100,
> > 31302e302e39302e31353200, 31302e302e39302e31353300, etc. for each record.
> > Thanks for any more help.
>
>
> Wow, that is odd. The uniqueID should be 12 characters. You are seeing a 24 bit MAC. Let's break it down.
>
> For:
> 3130 2e30 2e39 302e 3135 3100
> (put into calc as Hex, then changed from Qword to Dword) and got:
>
> 2E 39 30 2E 00
>
> Do you see that MAC? If not, how about any of the following?
>
> 31  2e  30 31 31
> or
> 30 30 39 2e 35 00
>
>
> Ace
>
>
>

"yzzazz" wrote:

> Hi folks,
>
> We are experiencing the same issue. Several Windows 2003 SP2 DHCP servers
> have scopes that become completely exhausted over time for no clear reason.
>
> Refreshing the view of active leases shows nothing; however once I reconcile
> and verify then refresh again the leases show. They all have a lease
> expiration date of 24 hours from the moment I hit reconcile (our lease length
> is 24 hours). They show as type DHCP/BOOTP from the GUI (MMC) and Unspecified
> from the command line (netsh). The servers are configured to disallow BOOTP
> requests. The Unique ID that appears is far too long to be a MAC address but
> other forums suggest this is just a mask... for example a lease for
> 10.1.100.5 will show as:
> 31 30 2e 31 2e 31 30 30 2e 35 00
> 31 = ascii 1
> 30 = ascii 0
> 2e = ascii .
> 31 = ascii 1
> 2e = ascii .
> 31 = ascii 1
> 30 = ascii 0
> 30 = ascii 0
> and so on...
>
> There is a RRAS server in the environment but IPs gathered by RAS show
> specifically as just that, have another icon associated with them in the MMC,
> show the RAS server name, and never outnumber 10.
>
> Another avenue I'm attempting to explore is Windows Automated Deployment
> Services 1.1. When an ADS client tries to PXE boot it sends a broadcast
> request. As I understood it, the ADS server picks this up and either assigns
> the client a DHCP address or relays its request to a DHCP server. My ADS
> server is not configured as a DHCP server OR a DHCP relay agent however, yet
> my PXE clients (assuming there are available leases at the time) never fail
> to acquire an address. (Perhaps the PXE clients make their own DHCP requests?)
>
> There are no restrictions for DHCP or PXE packets on our switches -- all are
> allowed through on a FIFO basis. I also see non-pingable leases being
> generated in this scope while no servers on the subnet are attempting PXE
> boots.
>
> DHCP logs are not helping either. As an example, I removed all
> unidentifiable leases from a scope and found the next morning that 8 new
> leases were there (only by following the refresh method listed above.) I
> queried all of the logs for the prior week and found not a single reference
> to any of the IPs leased out except for my deletion!
>
> I understand reconciling involves comparing the database to information in
> the registry. Perhaps if I knew where in the registry this lease info was
> stored I could look for clues there. I am leery of deleting and recreating
> scopes and read in another post that this failed to resolve an identical
> issue for another user.
>
> Any ideas?
>
>
> "Ace Fekay [Microsoft Certified Trainer]" wrote:
>
> > "Normand" <nhu***@noreply.ca> wrote in message news:%23kGVuX80JHA.1644@TK2MSFTNGP02.phx.gbl...
> > > Hi Ace,
> > > How can I find MAC address of that device ?  MAC is supposed to be indicated
> > > under Unique ID but what I have is 31302e302e39302e31353100,
> > > 31302e302e39302e31353200, 31302e302e39302e31353300, etc. for each record.
> > > Thanks for any more help.
> >
> >
> > Wow, that is odd. The uniqueID should be 12 characters. You are seeing a 24 bit MAC. Let's break it down.
> >
> > For:
> > 3130 2e30 2e39 302e 3135 3100
> > (put into calc as Hex, then changed from Qword to Dword) and got:
> >
> > 2E 39 30 2E 00
> >
> > Do you see that MAC? If not, how about any of the following?
> >
> > 31  2e  30 31 31
> > or
> > 30 30 39 2e 35 00
> >
> >
> > Ace
> >
> >
> >

"yzzazz" <yzz***@discussions.microsoft.com> wrote in message
news:517F78BA-C9E6-4E6A-9BBB-82C64045DF2B@microsoft.com...
> Oops, to clarify on resolving the Unique IDs for these devices (from
> Google
> Group posting):
>
> "For IP Address 192.168.16.141 the Client Name is also "192.168.16.141"
> and
> the Unique ID is "3139322e3136382e31362..."
>
>
> Hex 31 = Decimal 49; ASCII 49 = "1"
> Hex 39 = Decimal 57; ASCII 57 = "9"
> Hex 32 = Decimal 50; ASCII 50 = "2"
> Hex 2E = Decimal 46; ASCII 46 = "."
> Hex 31 = Decimal 49; ASCII 49 = "1"
> Hex 36 = Decimal 54; ASCII 54 = "6"
> Hex 38 = Decimal 56; ASCII 56 = "8"
> "
>
> I also want to reiterate that the IPs leased in this manner are not
> pinagable and not traceable via our switches. So we also have no MAC
> address
> to track via ARP commands.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "yzzazz" <yzz***@discussions.microsoft.com> wrote in message
> news:517F78BA-C9E6-4E6A-9BBB-82C64045DF2B@microsoft.com...
> > Oops, to clarify on resolving the Unique IDs for these devices (from
> > Google
> > Group posting):
> >
> > "For IP Address 192.168.16.141 the Client Name is also "192.168.16.141"
> > and
> > the Unique ID is "3139322e3136382e31362..."
> >
> >
> > Hex 31 = Decimal 49; ASCII 49 = "1"
> > Hex 39 = Decimal 57; ASCII 57 = "9"
> > Hex 32 = Decimal 50; ASCII 50 = "2"
> > Hex 2E = Decimal 46; ASCII 46 = "."
> > Hex 31 = Decimal 49; ASCII 49 = "1"
> > Hex 36 = Decimal 54; ASCII 54 = "6"
> > Hex 38 = Decimal 56; ASCII 56 = "8"
> > "
> >
> > I also want to reiterate that the IPs leased in this manner are not
> > pinagable and not traceable via our switches. So we also have no MAC
> > address
> > to track via ARP commands.
>
> Thanks for posting this info. As for why it is happening, I am not sure.
>
> Did you opt to have DHCP give out IPv6 addresses? I'm not sure if  it
> coorelates, but if you were to disable IPv6 on the DHCP scope, does it go
> back to non-hex?
>
> Ace
>
>
>
>
>

"yzzazz" <yzz***@discussions.microsoft.com> wrote in message
news:5AE83FD0-F4FE-4234-BD78-171272577561@microsoft.com...
>I appreciate your help Ace. Our DHCP servers do not hand out IPv6 addresses
> so that can be ruled out as a cause.
>
> I don't have much experience with network sniffing. Is there a chance I
> could configure wireshark or netmon to watch traffic on one of the DHCP
> servers for a string containing the ACK and an IP from the range, then
> just
> wait back until that particular IP is swiped by whatever process is taking
> them all?
>
> Do you have any scan filter parameters for one of these programs? Are they
> resource intensive? What is the likelihood of gathering useful information
> from any particular packet?
>
> Thanks in advance!