Ah.  Looks like there's a filter list of MAC addresses.  Or the filter is enabled but no entries are in the list.

https://www.dtonias.com/configure-dhcp-server-2016-filters/

Check this and you may need to disable the filter if it's enabled. 

Just working on some Fortinet SASE stuff now, will check in a bit.

Tx brother 🙂

Andy

Looks like they are all allowed.

Andy

Do you have anything in the Policies folder under the scope?  Apparently more detailed filters can be configured in there.  I wonder if the server is seeing the virtual MAC address of the gateway and using that for the MAC filter address.

I checked that last week, appears to be related only to Windows class.

Try adding the MAC address  50-01-00-01-00-00 to your Allow filter.  That's the MAC your earlier capture screen shot showed as coming from the firewall for the unicast DHCP relay.  I see you had 50-01-00-02-00-00, however.  And nothing in the Deny filter, I presume?  I'm just about out of ideas, tho. 🙂

If this doesn't work, can you delete everything in the Allow and Deny filters and let it ride?  Or do you require filter entries?

Yep, just tried, no luck...o well, its long weekend here, so let me clear my head till Tuesday, maybe something else comes to mind! Thanks so much again for all your help.

Andy

I will definitely troubleshoot more on windows server side next week.

Since this is bugging me so much, I cant easily let it go, until its fixed in my R82 lab 🙂

Anyway, I feel like Im getting closed after making some changes for ikev2 options in global properties for remote access. Now, I dont get allocation failure error, but it tells me user is not authorized to receive OM ip, which makes no sense, since it has full eval license.

Lady from TAC was really nice, we set up call for Feb 16th at 10 am est, lets see if we can fix it. Once we do, I will make a new post with doc I put together.

Best,

Andy

Ah, so the gateway wasn't the default route for that network?  Yep, the return route makes sense!

THANKS AGAIN FOR ALL THE HELP!! 🙂