Hi Everyone,
I manage our corporate network and I don't know much about VMM or the way it operates. I recently implemented a Network Access Control system and it started picking up rogue DHCP discover packets on our network. After running wireshark i was able to determine
that the VMM 2016 server and all other Servers that have the agent installed are sending out these packets. If i shutdown the VMM2016 server then i no longer see any discovery packets on the network. The issue with these is that they are sent out using random"Client MAC addresses" and my NAC software picks it up as a new host. About 16 of these are sent every hour so it the meaningless hosts start to add up quickly. See the packet below:
Ethernet II, Src: HewlettP_f4:31:9c (3c:4a:92:f4:31:9c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Internet Protocol Version 4, Src: XXX.XXX.XXX.XXX, Dst: 255.255.255.255
User Datagram Protocol, Src Port: 68, Dst Port: 67
Bootstrap Protocol (Discover)
Message type: Boot Request (1)
Hardware type: Ethernet (0x01)
Hardware address length: 6
Hops: 0
Transaction ID: 0x302c63f0
Seconds elapsed: 60
Bootp flags: 0x8000, Broadcast flag (Broadcast)
Client IP address: XXX.XXX.XXX.XXX
Your (client) IP address: 0.0.0.0
Next server IP address: 0.0.0.0
Relay agent IP address: 0.0.0.0
Client MAC address: c0:06:47:3e:c6:c4 (c0:06:47:3e:c6:c4)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (53) DHCP Message Type (Discover)
Option: (61) Client identifier
Option: (55) Parameter Request List
Option: (255) End
I notice that the machines with the agent installed also have "microsoft system center virtual machine manager dhcp server" What does this do? I removed it from a test machine but it did not fix the issue.
Why does this happen? can anyone think of a fix?
Thanks
-Mark