Understanding Windows 2000 Automatic Private IP Addressing

Windows 2000 Professional has the ability to automatically assign itself IP addresses. In some cases, this feature needs to be disabled. In this Daily Feature, Steven Pittsley gets down to cases.

Managing TCP/IP can be one of the biggest headaches a network administrator can have. Normally, if you want to assign IP addresses to client machines you only have two choices—statically assign addresses or install DHCP on a server. No more!

Microsoft has included the Windows 2000 Automatic Private IP Addressing (APIPA) feature with Windows 2000. You’ll find this to be helpful because it allows you to reap the benefits of automatic IP addressing without having to configure a DHCP server. However, APIPA can give network administrators a few headaches when it is enabled on your Windows 2000 Professional workstations. This Daily Feature will provide you with an overview of this interesting new feature, showing you when it can be used to your advantage and when it should be disabled.

A quick review of DHCP
DHCP is a wonderful thing. When properly configured, DHCP reliably provides automatic IP addressing services on the network, relieving you of the burden that you face when manually assigning IP addresses to all of the devices that are on your network.

In case you’ve never worked with DHCP or aren’t completely familiar with it, here’s a quick look at the steps taken when a workstation tries to obtain an IP address from a DHCP server.
  1. When the workstation starts, it searches for a DHCP server by broadcasting a DHCPDiscover message.
  2. A DHCP server will respond with a DHCPOffer message. If a DHCP server doesn’t respond with a DHCPOffer, the client’s TCP/IP initialization fails. However, Windows 2000 Professional clients will continue to send DHCPDiscover messages in an attempt to lease a valid IP address.
  3. When the client receives the DHCPOffer message, it will accept the offered address by replying to the DHCP server with a DHCPRequest message.
  4. When the DHCP server receives the DHCPRequest, it will officially assign the IP address to the client and send a DHCPAck message, which will include information such as the default gateway and DNS server addresses.
  5. The client uses the information in the DHCPAck message to complete its TCP/IP configuration.

For more detailed information about DHCP and Windows 2000, see the Daily Drill Down entitled “Understanding new DHCP features in Windows 2000.”

Windows 2000 APIPA explained
To simplify IP addressing for novice users, Microsoft has added the APIPA feature in the DHCP request process described in the previous section. When APIPA is enabled and the workstation does not receive a DHCPOffer message from a DHCP server or is unable to renew the lease of an existing IP address, the Windows 2000 Professional DHCP client will assign itself an IP address.

Here’s how it works. When a Windows 2000 Professional DHCP client fails to contact a DHCP server with the DHCPDiscover message, it will assign itself a class B IP address that falls within the range of to, using the appropriate subnet mask of After selecting an IP address, the client will check the network to verify that its self-assigned IP address is not already in use. If the address is not in use, the TCP/IP client will be configured using the self-assigned IP address. If the client determines that the IP address is in use, it will assign itself another address and perform the duplicate address check again. This check will be performed up to 10 times, after which it will fail and network services will not be started on the workstation.

Despite having a correctly configured TCP/IP stack that is using its self-assigned IP address, the Windows 2000 Professional client will continue searching for a DHCP server by broadcasting a DHCPDiscover message every five minutes. If a DHCP server is found, the normal address request process described above is followed and an appropriate DHCP-generated IP address is leased. The APIPA address will then be discarded.

Working with APIPA
To make APIPA easy to use for the nontechnical person, the APIPA service is enabled by default on a Windows 2000 Professional workstation. If your network has a single subnet with no routers and is not connected to the Internet, your IP addressing needs are taken care of. The clients will broadcast their DHCPDiscover messages, and when no DHCP server responds, APIPA will generate an IP address. Since all APIPA IP addresses use the 169.254 IP address range, all of the workstations on the network should be able to communicate with each other using these addresses. For the novice user, it doesn’t get any easier.

When your Windows 2000 Professional workstations are connected to a multisegment network or to the Internet, the APIPA service should be disabled. To determine if APIPA is enabled on the workstation, type IPCONFIG /ALL at the command prompt. As shown in Figure A, the value of the Autoconfiguration Enabled field will be Yes.

Figure A
Typing IPCONFIG /ALL at the command prompt will show you if APIPA is enabled on that workstation.

There are two methods that you can use to disable APIPA on a Windows 2000 Professional workstation. First, you can manually assign an IP address to the workstation, which disables DHCP services. While this method does work, manually assigning IP addresses will soon become an administrative nightmare on all but the smallest of networks.

The more practical way to disable APIPA is by editing the registry settings on the workstation. Please note that editing the registry is dangerous and could result in making your operating system unbootable. Always edit the registry with extreme caution. It’s always advisable to back up your data first.

To begin disabling APIPA through the registry, run Regedit and drill down to the registry setting for the network adapter, as shown in Figure B. The path to the adapter is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Figure B
Edit the registry at the path shown above to disable APIPA.

To disable APIPA, you must add the registry entry IPAutoconfigurationEnabled. To do so, highlight the adapter and click the Edit menu. Choose New and then DWORD Value, as shown in Figure C.

Figure C
Disabling APIPA is done by creating a DWORD value in the registry entry IPAutoconfigurationEnabled.

Add the registry entry as shown in Figure D, and ensure that the value is 0x0. When you have completed the entry, shut down and restart the workstation for the setting to take effect.

Figure D
Once you add the value 0x0 and restart your workstation, APIPA will be disabled.

Once the workstation has restarted, you can use IPCONFIG /ALL from the command prompt to verify that Autoconfiguration Enabled is set to No, as shown in Figure E.

Figure E
Use IPCONFIG /ALL again to verify that APIPA is disabled.

The registry entry that you just added will disable APIPA on just the one adapter. If your workstation has multiple network adapters installed, you can disable APIPA on all of them by adding the registry entry to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Final thoughts
The APIPA service in Windows 2000 Professional will certainly make IP addressing easy for the novice user who has a small network. Unfortunately, those of us with larger networks are faced with a little extra work should we choose to disable this feature. If you use disk-imaging software such as Ghost, you’ll only need to disable APIPA once for each image. If you must manually disable APIPA on each workstation, you’ll have a bit more work, but after doing this a few times you’ll see that, other than spelling the entry correctly, it doesn’t add much more time to your workstation configuration.

Editor's Picks

Free Newsletters, In your Inbox