Mac DHCP Wireless Connection Broken With Self-Assigned IP Address
- 23
- Add a Comment
I dropped into a Starbucks this afternoon, all prepared to get some emails written and to get some work done between my Sunday afternoon and evening commitments. Everything was fresh in my mind and ready to go via the keyboard and onto the screen. I fetched my grande two-pump sugar-free vanilla skinny latte and sat down in the chair, opened the laptop and watched it wake up and connect to the AT&T wireless access point.
But much to my dismay nothing would load over the network. The AirPort icon in the status bar showed the name of the network and indicated that I was connected to the access point, but I had no connection to the Internet.
After a brief bit of trying over and over to load a web page, I checked the network preferences in the apple system preferences panel and found that I was not getting an IP address. The Mac was self-assigning a 169.* address, which is a non-routable local-only address. I tried restarting the AirPort card in the Mac, but that didn’t help. I then found I was able to connect normally with my iPhone to the AT&T WiFi network and get a “real” IP address (192.x), so I quickly deduced that something was wrong with my Mac.
I had to give up on troubleshooting and head back out into the world, but I spent the rest of the day wondering if maybe there was something about the MAC address for my wireless card that AT&T had chosen to hate. After finishing my day of activities, I drove home this evening and fired my laptop back up. It connected to my home wireless network. But again, no IP address assigned. Hmm, definitely the laptop.
I started thinking now. What could be happening? Powering the AirPort on and off, shutting down the Mac and powering it back up, manually telling the network stack to renew it’s DHCP lease - all these things did no good.
I finally decided to take a look at the Mac firewall logs. You’d think that would be the first place I’d look, being a security guy. They’re kind of hidden in plain sight, a few layers deep in the Mac’s preferences dialogs. You go to the System Preferences panel, in the Security section, then the Firewall tab, then click the Advanced button, and finally click the Open Log button. If logging isn’t already turned on, you can enable it there, as well.
Sure enough, I looked in the log and found several examples of this (emphasis mine):
Feb 8 23:02:04 greg-hughess-macbook-air Firewall[39]: Deny configd data in from 192.168.0.1:67 uid = 0 proto=17
Feb 8 23:02:26: — last message repeated 2 times —
Ah hah… apparently the firewall was refusing inbound connections initiated by the router as it tried to set up the DHCP address being requested by the laptop. The configd daemon is a service that handles configuration changes for various pieces of the system, mostly all network-related. Great, I had something to fix!
I first confirmed configd was in fact running, then deleted the firewall configuration file (located at /Library/Preferences/com.apple.alf.plist) and configured the firewall to temporarily allow all connections, and then back to allowing essential services. Sure enough, as soon as I made the changes the Mac was able to get a DHCP address from the router, and the network was back up and working.
I have no real idea how the firewall got messed up. At one point I had it set to configure access for specific services and apps, so that might have had something to do with it. But it’s strange that this problem only started today. It’s possible the configd process was denied by a rule, I suppose. Perhaps I hit a key on a pop-up dialog to deny firewall access to the daemon without even realizing it while typing?
At any rate, it seems to be working now (as evidenced by the fact that I am able to post this blog entry, of course) and hopefully it will continue to work as expected. Maybe this will help someone else troubleshoot a similar issue.
23 Comments
Phillip Terry
February 10th, 2009
at 7:46am
Thanks for posting. That’s and interesting little glitch and solution. I wouldn’t have immediately gone there for that since with Leopard they moved the Firewall from Sharing to Security so I’m not visually reminded. ;-(
bud
February 10th, 2009
at 12:52pm
I’ve seen it happen before. Especially with iPod Touch users.
If you are going to use Public WiFi, you are going to want to have your address dynamically assigned by the locations server. DHCP.
A lot of people using a touch at home, especially if they have not dealt with wifi much, have manually assigned an address, either by intent or ignorance.
Kamalesh
February 10th, 2009
at 1:06pm
Interesting post, Greg.
I’ve had the same 80211 problem a couple times on a couple different MacBooks, also. I’ve found a router reboot also fixes the problem (if you have access to it).
Strangely, we were in Santa Cruz, Chile at a B&B recently, and some guy from France couldn’t connect his MBP to the public wireless with this exact 169* problem. His firewall was blocking somehow also…weird.
PC
February 10th, 2009
at 5:08pm
This happens when the ALF plist gets corrupted from adding addition allow/deny applications into the plist, or when configd is no longer considered signed properly and/or is modified so sometimes switches to deny. IMHO it’s a bug in Mac OS X 10.5, something on the list of issues Mac OS X has now.
Fred
February 10th, 2009
at 6:26pm
You, sir, are a steely-eyed missileman. This just happened to me as well on a box that had happily used DHCP for months with my Time Capsule. I found one other gentleman on Apple Discussions describing what sounded similar, but with no resolution. I work in the computer field, and it never occurred to me that the firewall would even have the capability to block DHCP *responses*.
The Leopard firewall was a huge step backwards over what had been in Tiger, and this bizarre bug really puts the icing on it. This would have completely disabled somebody that has no computer knowledge - I was at least able to manually configure. Although if I had been trying to access a hotspot or public network, I would have been toast too.
Anyway, great catch, my hat’s off to you.
Craig Campbell
February 10th, 2009
at 9:55pm
Thanks for this! I’ve been having issues when getting disconnected from a corporate VPN where my Mac will end up with this self-assigned IP address. I never thought to look at the firewall logs and preferences, but will look at that the next time my problem happens! Thanks!
Pete
February 11th, 2009
at 12:01pm
Thanks for the post - you are a lifesaver. My new MacBook Pro suddenly stopped connecting to the Internet for seemingly no good reason. I knew it was an issue with DHCP, but only after much trawling did I find your post that described the solution. Thanks!
Andreas
February 22nd, 2009
at 7:55am
Thanks - saved me from sending my MacBook Pro in!
Matt
March 14th, 2009
at 4:19am
Can anyone spell out, step by step, exactly how to do this? I’m having this problem and a bit of a noob (especially with Mac).
Edward
March 22nd, 2009
at 11:11am
I’m getting the same self-assigned problem, but looking at my firewall logs I don’t have the deny configd as described above. configd is running. Firewall is set to allow all incoming connections and I still can’t get a valid IP address. It only happens when I boot my MBP at work and then come home. If I boot at home, I can get an IP address at work and get my IP address back when I come home. Funny thing is, when I can’t get an IP address from my router, I can get one from my neighbors’ unsecured networks, from the apple store, and from several free wi-fi hot spots nearby. Just can’t get one from my network. If I use “DHCP with manual address”, I immediately get an IP address. Switching back to “DHCP”, I immediately get my original IP address and I’m good to to until I reboot at work again.
Anna
March 22nd, 2009
at 2:57pm
A million thanks for this post. A few days trawling through apple discussion boards and various mac fixits got me nowhere. I would never have thought to look in the firewall for a DHCP hiccup. Legend!
jc
April 1st, 2009
at 12:11am
Thanks for the post !
It happened to me last week, had no idea why…
Managed to bypass it by setting the settings manually at work, but then again when using the notebook at home the settings didn’t work…
Thanks !
ryan somers
April 1st, 2009
at 3:44pm
i am this problem right now at home, and tried to follow what you did to solve your problem… with no luck… possibly because i am still on tiger, and i think you are on leapard… so, things are in different places…
anyone know how to approach this problem on tiger?
thanks!
Florent Vaucelle
May 7th, 2009
at 9:53am
Hi,
I’m running into a similar problem, but causes are different:
I got motherboard changed on my Macbook Pro, so they changed the aiport card (and the MAC address is different).
My symptoms are slightly different: airport ON, seems connected, but can’t get an IP address. I can connect manually, but then when I try to get connected via DHCP, the pref panel keep falling back to the manual connection setting.
I just HAVE to set an IP manually.
Rebooting changed nothing, as well as deleting the alp.plist and allowing all in the firewall section.
What else can I try to fix my problem? Thanks in advance for your help!
Fred
May 10th, 2009
at 7:38am
So this occurred again to me, after a main logic board replacement, and I believe that I have a root cause for this situation, as discussed here, and since this page comes up for this in Google, thought I would share:
http://discussions.apple.com/thread.jspa?threadID=1314540&tstart=30
Essentially, don’t try and get a DHCP address if your machine clock is set to before the creation date of the OS install you are running, or the configd and mDNSresponder binaries get signed with a self-signed certificate and Leopard believes that they are not trusted binaries. Why Apple does this, and why no error message is produced to explain this is a mystery/Apple bug. In my case, I connected to the Apple Store WiFi (to set my clock!) and I believe that this triggered the issue. The previous time this happened to me on my Mac Mini was also caused by the clock being reset to the default start time of 2001.
The fix is to either get a Time Machine backup of these binaries or reinstall the 10.5.6 Combo Updater, which appears to contain these binaries.
Nikky
June 17th, 2009
at 4:10am
Thank you!
I have spent hours with apple trying to fix that. They offered only temporary solutions but never got to the root of the problem. I fixed mine by going to firewall and allow essential services.
Thank you, thank you!!!!!!!!!!!!!
Bob Banr
July 31st, 2009
at 8:41pm
Thanks a LOT for posting this. My MBP caught this one after I tried installing Parallels. Uninstalling it didn’t fix the problem (naturally).
John
August 4th, 2009
at 9:15am
This was incredibly helpful. Many thanks.
Lane
August 9th, 2009
at 3:17am
Thank you thank you thank you!!!
victim
August 15th, 2009
at 3:49pm
me too, thx gentlemen.
Carlos Grossi
August 22nd, 2009
at 5:59am
Had exactly te same issue… perfect solution! thanks a lot!
Igor
September 9th, 2009
at 1:11pm
Had exactly the same issue, thanks a lot!
klinquist
October 15th, 2009
at 11:31am
Even after I turned off the firewall, I still could not get a IP address. Deleting this plist solved my problem!
1) Turn off airport.
2) Open a terminal window and paste this:
sudo rm /Library/Preferences/com.apple.alf.plist
Type in your password when prompted.
Close terminal and reboot.
Turn on airport.
About a minute later I had an IP!