Mac DHCP Wireless Connection Broken With Self-Assigned IP Address

I dropped into a Starbucks this afternoon, all prepared to get some emails written and to get some work done between my Sunday afternoon and evening commitments. Everything was fresh in my mind and ready to go via the keyboard and onto the screen. I fetched my grande two-pump sugar-free vanilla skinny latte and sat down in the chair, opened the laptop and watched it wake up and connect to the AT&T wireless access point.

But much to my dismay nothing would load over the network. The AirPort icon in the status bar showed the name of the network and indicated that I was connected to the access point, but I had no connection to the Internet.

After a brief bit of trying over and over to load a web page, I checked the network preferences in the apple system preferences panel and found that I was not getting an IP address. The Mac was self-assigning a 169.* address, which is a non-routable local-only address. I tried restarting the AirPort card in the Mac, but that didn’t help. I then found I was able to connect normally with my iPhone to the AT&T WiFi network and get a “real” IP address (192.x), so I quickly deduced that something was wrong with my Mac.

I had to give up on troubleshooting and head back out into the world, but I spent the rest of the day wondering if maybe there was something about the MAC address for my wireless card that AT&T had chosen to hate. After finishing my day of activities, I drove home this evening and fired my laptop back up. It connected to my home wireless network. But again, no IP address assigned. Hmm, definitely the laptop.

I started thinking now. What could be happening? Powering the AirPort on and off, shutting down the Mac and powering it back up, manually telling the network stack to renew it’s DHCP lease – all these things did no good.

I finally decided to take a look at the Mac firewall logs. You’d think that would be the first place I’d look, being a security guy. They’re kind of hidden in plain sight, a few layers deep in the Mac’s preferences dialogs. You go to the System Preferences panel, in the Security section, then the Firewall tab, then click the Advanced button, and finally click the Open Log button. If logging isn’t already turned on, you can enable it there, as well.

Sure enough, I looked in the log and found several examples of this (emphasis mine):

Feb 8 23:02:04 greg-hughess-macbook-air Firewall[39]: Deny configd data in from 192.168.0.1:67 uid = 0 proto=17

Feb 8 23:02:26: — last message repeated 2 times —

Ah hah… apparently the firewall was refusing inbound connections initiated by the router as it tried to set up the DHCP address being requested by the laptop. The configd daemon is a service that handles configuration changes for various pieces of the system, mostly all network-related. Great, I had something to fix!

I first confirmed configd was in fact running, then deleted the firewall configuration file (located at /Library/Preferences/com.apple.alf.plist) and configured the firewall to temporarily allow all connections, and then back to allowing essential services. Sure enough, as soon as I made the changes the Mac was able to get a DHCP address from the router, and the network was back up and working.

I have no real idea how the firewall got messed up. At one point I had it set to configure access for specific services and apps, so that might have had something to do with it. But it’s strange that this problem only started today. It’s possible the configd process was denied by a rule, I suppose. Perhaps I hit a key on a pop-up dialog to deny firewall access to the daemon without even realizing it while typing?

At any rate, it seems to be working now (as evidenced by the fact that I am able to post this blog entry, of course) and hopefully it will continue to work as expected. Maybe this will help someone else troubleshoot a similar issue.

  • Phillip Terry

    Thanks for posting. That’s and interesting little glitch and solution. I wouldn’t have immediately gone there for that since with Leopard they moved the Firewall from Sharing to Security so I’m not visually reminded. ;-(

  • bud

    I’ve seen it happen before. Especially with iPod Touch users.

    If you are going to use Public WiFi, you are going to want to have your address dynamically assigned by the locations server. DHCP.

    A lot of people using a touch at home, especially if they have not dealt with wifi much, have manually assigned an address, either by intent or ignorance.

  • Kamalesh

    Interesting post, Greg.

    I’ve had the same 80211 problem a couple times on a couple different MacBooks, also. I’ve found a router reboot also fixes the problem (if you have access to it).

    Strangely, we were in Santa Cruz, Chile at a B&B recently, and some guy from France couldn’t connect his MBP to the public wireless with this exact 169* problem. His firewall was blocking somehow also…weird.

  • PC

    This happens when the ALF plist gets corrupted from adding addition allow/deny applications into the plist, or when configd is no longer considered signed properly and/or is modified so sometimes switches to deny. IMHO it’s a bug in Mac OS X 10.5, something on the list of issues Mac OS X has now.

  • Fred

    You, sir, are a steely-eyed missileman. This just happened to me as well on a box that had happily used DHCP for months with my Time Capsule. I found one other gentleman on Apple Discussions describing what sounded similar, but with no resolution. I work in the computer field, and it never occurred to me that the firewall would even have the capability to block DHCP *responses*.

    The Leopard firewall was a huge step backwards over what had been in Tiger, and this bizarre bug really puts the icing on it. This would have completely disabled somebody that has no computer knowledge – I was at least able to manually configure. Although if I had been trying to access a hotspot or public network, I would have been toast too.

    Anyway, great catch, my hat’s off to you.

  • Craig Campbell

    Thanks for this! I’ve been having issues when getting disconnected from a corporate VPN where my Mac will end up with this self-assigned IP address. I never thought to look at the firewall logs and preferences, but will look at that the next time my problem happens! Thanks!

  • Pete

    Thanks for the post – you are a lifesaver. My new MacBook Pro suddenly stopped connecting to the Internet for seemingly no good reason. I knew it was an issue with DHCP, but only after much trawling did I find your post that described the solution. Thanks!

  • Andreas

    Thanks – saved me from sending my MacBook Pro in!

  • Matt

    Can anyone spell out, step by step, exactly how to do this? I’m having this problem and a bit of a noob (especially with Mac).

  • Edward

    I’m getting the same self-assigned problem, but looking at my firewall logs I don’t have the deny configd as described above. configd is running. Firewall is set to allow all incoming connections and I still can’t get a valid IP address. It only happens when I boot my MBP at work and then come home. If I boot at home, I can get an IP address at work and get my IP address back when I come home. Funny thing is, when I can’t get an IP address from my router, I can get one from my neighbors’ unsecured networks, from the apple store, and from several free wi-fi hot spots nearby. Just can’t get one from my network. If I use “DHCP with manual address”, I immediately get an IP address. Switching back to “DHCP”, I immediately get my original IP address and I’m good to to until I reboot at work again.

  • http://n/a Anna

    A million thanks for this post. A few days trawling through apple discussion boards and various mac fixits got me nowhere. I would never have thought to look in the firewall for a DHCP hiccup. Legend!

  • jc

    Thanks for the post !

    It happened to me last week, had no idea why…

    Managed to bypass it by setting the settings manually at work, but then again when using the notebook at home the settings didn’t work…

    Thanks !

  • ryan somers

    i am this problem right now at home, and tried to follow what you did to solve your problem… with no luck… possibly because i am still on tiger, and i think you are on leapard… so, things are in different places…

    anyone know how to approach this problem on tiger?

    thanks!

  • http://www.silentale.com Florent Vaucelle

    Hi,

    I’m running into a similar problem, but causes are different:
    I got motherboard changed on my Macbook Pro, so they changed the aiport card (and the MAC address is different).

    My symptoms are slightly different: airport ON, seems connected, but can’t get an IP address. I can connect manually, but then when I try to get connected via DHCP, the pref panel keep falling back to the manual connection setting.
    I just HAVE to set an IP manually.

    Rebooting changed nothing, as well as deleting the alp.plist and allowing all in the firewall section.

    What else can I try to fix my problem? Thanks in advance for your help!

  • Fred

    So this occurred again to me, after a main logic board replacement, and I believe that I have a root cause for this situation, as discussed here, and since this page comes up for this in Google, thought I would share:

    http://discussions.apple.com/thread.jspa?threadID=1314540&tstart=30

    Essentially, don’t try and get a DHCP address if your machine clock is set to before the creation date of the OS install you are running, or the configd and mDNSresponder binaries get signed with a self-signed certificate and Leopard believes that they are not trusted binaries. Why Apple does this, and why no error message is produced to explain this is a mystery/Apple bug. In my case, I connected to the Apple Store WiFi (to set my clock!) and I believe that this triggered the issue. The previous time this happened to me on my Mac Mini was also caused by the clock being reset to the default start time of 2001.

    The fix is to either get a Time Machine backup of these binaries or reinstall the 10.5.6 Combo Updater, which appears to contain these binaries.

  • Nikky

    Thank you!
    I have spent hours with apple trying to fix that. They offered only temporary solutions but never got to the root of the problem. I fixed mine by going to firewall and allow essential services.
    Thank you, thank you!!!!!!!!!!!!!

  • Bob Banr

    Thanks a LOT for posting this. My MBP caught this one after I tried installing Parallels. Uninstalling it didn’t fix the problem (naturally).

  • http://joe.com John

    This was incredibly helpful. Many thanks.

  • Lane

    Thank you thank you thank you!!!

  • victim

    me too, thx gentlemen.

  • http://nenf.wordpress.com Carlos Grossi

    Had exactly te same issue… perfect solution! thanks a lot!

  • Igor

    Had exactly the same issue, thanks a lot!

  • klinquist

    Even after I turned off the firewall, I still could not get a IP address. Deleting this plist solved my problem!

    1) Turn off airport.
    2) Open a terminal window and paste this:

    sudo rm /Library/Preferences/com.apple.alf.plist

    Type in your password when prompted.

    Close terminal and reboot.

    Turn on airport.

    About a minute later I had an IP!

  • Bobby K

    U are the man. Thanks so much

  • Luc

    Thank you very much for your post. I actually had a weird problem when I had to send my MacBook Pro to Apple for repair. They changed the logic board and once I got the laptop back home, I could not connect to my network for the same reason you described. I found out the Firewall problem but could not fix it permanently. Thank you!

  • LynnL

    Thank you!! Resolved my 2 day problem on TiBook with Airport; however, my Dell TrueMobile card using IOXperts driver still doesn’t get DHCP address from Time Capsule.

  • Steve Kerns

    Thanks for posting this! I too work in the IT field and just had this same problem. I too had not thought to look at the firewall. Luckily I found your post using my iPhone and was able to fix my Macbook Pro straight away. Thank you again!

  • LostMyIP

    I’ve tried all the hints tips and tricks listed here. Nothing works. Never had firewall on to begin with- laptop is behind a fairly secure network at home and work. Commands to delete the plist don’t work. This just spontaneously happened to my 10.6 machine after waking from sleep. I’m at the end of my rope!!!!!

  • Emily

    Yes!! Thank you soo much for this article. I just got off the phone with Apple, who provided me with no help at all, and was resigning to lug my G4 into a Genius Bar appt, when I found this article. Everything worked fine in less than 30 seconds.. Thank you!

  • miguel

    cannot get this to work either… i never had firewall on and tried all the different plist file deletions… still getting a self-assigned IP. I’m on 10.6.2, computer is pretty much brand new and has worked with many networks as I was traveling but does not work at home.

  • sandeep Gupta

    Same Here… I donot have com.apple.alf.plist file itself. I am on 10.6.2 and the issue only started happening for my work wireless about 5-6 weeks back but works fine on my home wireless network.

    Another interesting things is, though sometimes it’s stuck at self-assigned-ip-address, some other times it gets an ip address but still cannot reach the internet.

    I went to a cafe today where other folks also had mac. Their internet worked fine where as I got stuck with the same issue I face at my work…

    **Valid IP address**** Status on Airpot toggles between Airport:On and Airport: Looking for networks….

  • Roger Owens

    Thanks so much for this tip.
    I’ve been having this problem ever since resetting the power management chip in my PBG4 under Leopard. Sporadically at different WiFi locations, I get this error. So far the only solution I can find that seems to work every time is to re-boot with the shift key down; this boots into Safe Mode. The problem goes away when I first use Safari in Safe Mode. Then I restart, and it works again for a few days. Very peculiar! The OS asks me a couple questions about allowing access every time I sign on to a new router; if I don’t answer these questions positively and quickly, I will start getting this same “error” message, when I try to to renew my DHCP address, it always fails. So try the Safe Boot. Hope this helps. Apple needs to realize they have a problem here, resetting the router will not fix this problem because the problem is in the Mac OS networking software. No doubt some young programmer hasn’t accounted for the fact that it’s not a perfect world! Will try deleting some of these plist file deletions if I get the problem again.

  • http://www.blankspaces.com Jerome

    Thank you – it totally worked! And yes, at some point, I had selected only selected servers for incoming connections but only months later did this problem start happening.

  • http://www.laurastephens.com Laura

    You have no idea how much this saved me. My computer out of nowhere started rejecting its own IP address from the router, giving me a .169 and I talked to everyone about it, freaking out about how I couldn’t access the internet anymore, but all the rest of my computers worked. I am going on a business trip tomorrow and I need the internet, and god… your post saved me. You explained it so well. Thank you!!! I NEVER would have thought it was the firewall, because it never was a problem before. I never even knew where firewall was located! Thank you thank you thank you, you’re a life saver!

  • http://www.fingersdancing.net Ross Phillips

    I recently got my Logic board replaced and about week later I could no longer do DHCP. Though I put this down to the DHCP release time. A big thanks from me for posting this!

  • Jennifer

    And another thank you from the internet. My Macbook Pro had lost all power long enough to force the time to reset. From that point until reconfiguring the firewall, I’d had no luck getting it online. configd had come up as wanting authorization to access the network, which I’d allowed, but it still couldn’t connect until I killed the pref file.

  • Joel

    Uggghhhh!! I spent the past week killing myself on how to fix this. 2 minutes after reading your article I realized I had somehow set my firewall to reject any type of network. It’s now working fine. Thanks Greg!!!

  • http://ivanenviroman.com ivanoats

    The button for logs is not there in Snow Leopard. I had to open the Console app.

  • http://ivanenviroman.com ivanoats

    The button for logs is not there in Snow Leopard. I had to open the Console app.