I currently have an issue with a user on Active Directory where their PC have 2 different IP address but in the same DHCP network (ex: IP 1: 192.168.1.10, IP 2: 192.168.1.11), gateway: 192.168.1.1). Our AD server is running on Windows Server 2012 R2 and user is running on Windows 11.
For context, when a user login to their PC with their AD authentication, the user profile will be sent from AD server to Fortinet Single Sign-On application to apply the correct policy.
What I did firstly is I try to remove the user manually from DHCP manager and DNS server in the AD server. Then I request the user to restart the PC. At first, DHCP detects the user with only one IP address and the user can browse the internet. After few hours, the user seems to get back the 2nd IP address and they cannot access it again.
At firewall, the user also has 2 different IP, one is assigned to a policy and the other does not. We also changed the hostname of the PC, and the same issue pops up again, but the 2nd IP address attached to the last hostname of the PC.
I'm not sure what are the possible cause for this issue and what the other methods I can try to fix this issue.