DHCP Snooping and Lync Options

A few weeks ago I was trying to track down a DHCP issue for some Lync Phone Edition clients. Tethered phones could sign in with no issues, but it didn’t look like PIN authentication was working properly. We went through and validated all the DHCP options were present on the server, even removed and added them back, but would ultimately end up with “Certificate web service cannot be found” displayed on the phones. In order to isolate the problem a bit I started using the DHCPUtil.exe tool from a workstation (don’t forget it must be x64 to use this) so I could simulate what the phones were requesting.
You can copy the file from a Lync server and simply run DHCPUtil.exe -EmulateClient to simulate the options request process. While doing this I ran simultaneous packet captures on the workstation and DHCP server to see where the disconnect was.

Here you can see the client request:

The DHCP server sees the request come in with the vendor identifier:

The DHCP server responds to the client with Option 120 and 43:

But the client never sees the response:

After grabbing those traces it was pretty obvious something in the network path was preventing those responses from getting back to the client. The odd part was it wasn’t preventing all parts of DHCP from working, since the clients could get an IP, gateway, and DNS information just fine – it was just the DHCP Inform message with the Lync options that was getting hosed.

We took those traces to the network folks and had them take a look at the Cisco switches in use. Low and behold, someone had previously left a couple DHCP snooping commands enabled in one of the switches, and that switch was dropping all of the DHCP Inform responses. We disabled that debugging feature and found the phones were able to sign in just fine.


Recent content I've written for you—just for you!— to enjoy while you're here.


Quick commentary and links to other sources you'll find interesting. I promise.


Some personal background, links to related projects, and other ways to connect.

Hi there. My name is Tom Pacyk and this is my small home on the web. I love the intersection of design, technology, and communication, which is a combination that led me to a career in sales and marketing roles at places like Zoom and ServiceNow. They're a bit old now, but I also had the opportunity to publish a couple of books along the way.

Portland, Oregon is home for me, my wife Beth, and our three kids, but I'm actually a Midwestern transplant—I grew up in the Chicago suburbs and went to school at Purdue and Illinois. When I find some free time I'm probably going to concerts, rooting for the Portland Timbers, or working on my Sunshine Burn Photography project.