18 August 2007

DHCP lease longer than expected

if you use Microsoft DHCP, you may have seen that lease last longer than expected. Between 4 & 5 hours more.
This comes from the grace period, which last 4 hours by default. If your dhcp is quite full or having people moving around, you may reduce this grace period:


Value Type: DWORD
Value Data: time in minutes

So that explain the 4 hours. But why 5 ? Because the dhcp cleanup only occurs every 60 minutes by default, except if dhcp lease are starving. You can make it more aggressive:


Hope you will find it useful!


Linnea said...

Hi Mathieu,

I hope you see this comment, though the original post was long ago. I need to deal with dhcp lease exhaustion.

DHCP is on Windows 2008 DC, many scopes, including 5 or so for wireless.

I get reports that "No one can use wireless". I "fix" it by manually deleting all leases from the scope. It's happening more and more often, so I’d like a way to address it properly.

dhcpAuditLog shows 2 things:
1 - DHCP cleanup is scheduled hourly.
2 - It also occurs 3, 4, 5 times an hour during peaks.

I’ve read that cleanup runs immediately if there are lease requests but no available leases, so that makes sense.

But I'm not 100% clear what makes a lease “marked for deletion”.
Does “marked for deletion” = “lease in grace period - expired for less than 4 hours”?
Are there more conditions that result in “marked for deletion”?

Also, the log file can have “Scope Full” messages for up to 30 m, yet no cleanup cycle occurs.

Here’s a sample:

24,10/20/10,18:14:22,Database Cleanup Begin,,,,,0,6,,,
25,10/20/10,18:14:22,0 leases expired and 0 leases deleted,,,,,0,6,,,
25,10/20/10,18:14:22,0 leases expired and 0 leases deleted,,,,,0,6,,,
14,10/20/10,18:21:58,Scope Full,,,,,0,6,,,
14,10/20/10,18:22:26,Scope Full,,,,,0,6,,,
14,10/20/10,18:22:46,Scope Full,,,,,0,6,,,
24,10/20/10,18:22:56,Database Cleanup Begin,,,,,0,6,,,
25,10/20/10,18:22:56,0 leases expired and 151 leases deleted,,,,,0,6,,,
25,10/20/10,18:22:56,0 leases expired and 0 leases deleted,,,,,0,6,,,
14,10/20/10,18:52:57,Scope Full,,,,,0,6,,,
14,10/20/10,18:53:42,Scope Full,,,,,0,6,,,
14,10/20/10,18:53:53,Scope Full,,,,,0,6,,,
14,10/20/10,18:54:29,Scope Full,,,,,0,6,,,
14,10/20/10,18:56:17,Scope Full,,,,,0,6,,,
14,10/20/10,18:57:42,Scope Full,,,,,0,6,,,
14,10/20/10,18:58:05,Scope Full,,,,,0,6,,,
14,10/20/10,18:58:44,Scope Full,,,,,0,6,,,
14,10/20/10,18:58:52,Scope Full,,,,,0,6,,,
14,10/20/10,18:59:19,Scope Full,,,,,0,6,,,
14,10/20/10,19:00:00,Scope Full,,,,,0,6,,,
14,10/20/10,19:01:27,Scope Full,,,,,0,6,,,
14,10/20/10,19:01:56,Scope Full,,,,,0,6,,,
14,10/20/10,19:03:54,Scope Full,,,,,0,6,,,
14,10/20/10,19:04:06,Scope Full,,,,,0,6,,,
14,10/20/10,19:05:40,Scope Full,,,,,0,6,,,
14,10/20/10,19:06:01,Scope Full,,,,,0,6,,,
14,10/20/10,19:07:21,Scope Full,,,,,0,6,,,
14,10/20/10,19:07:32,Scope Full,,,,,0,6,,,
14,10/20/10,19:08:26,Scope Full,,,,,0,6,,,
14,10/20/10,19:09:25,Scope Full,,,,,0,6,,,
14,10/20/10,19:09:54,Scope Full,,,,,0,6,,,
14,10/20/10,19:11:15,Scope Full,,,,,0,6,,,
14,10/20/10,19:13:08,Scope Full,,,,,0,6,,,
24,10/20/10,19:14:23,Database Cleanup Begin,,,,,0,6,,,
25,10/20/10,19:14:23,0 leases expired and 0 leases deleted,,,,,0,6,,,
25,10/20/10,19:14:23,0 leases expired and 0 leases deleted,,,,,0,6,,,
24,10/20/10,19:14:24,Database Cleanup Begin,,,,,0,6,,,
25,10/20/10,19:14:24,0 leases expired and 153 leases deleted,,,,,0,6,,,
25,10/20/10,19:14:24,0 leases expired and 0 leases deleted,,,,,0,6,,,

Why no dhcp cleanup events between 18:52 and 19:13?
Why 2 cleanup events, 1 second apart at 19:14?
Why did 1st 19:14 cleanup find no leases to delete, yet 2nd 19:14cleanup found 153 to delete?

To get at the actual problem, is there anything I can do with dhcp cleanup to help with the scope exhaustion problem?
Lease period on these wireless vlans is 15 minutes.
I've seen a suggestion to reduce grace period using registry key

It doesn’t exist on my system, however another post said you can create it (which I’ve done before), so I guess that’s OK. From its location in the registry, seems to be a global setting, not specific to any particular scope –true?

Any help is most appreciated!


Mathieu Chateau said...


Marked for deletion means to be deleted on next clean job.

Things I would do/check:
· Reduce dhcp lease to 1h or even 30mn.

· Check that you don’t have rogue machine or things around using dhcp lease (iphone + notebook = 2 IP per people).First digits of mac address indicates manufacturer (dell/apple…) : http://www.coffer.com/mac_find/

· Increase netmask, from to for example to get 256 ip without routing