Section 5.2. Installing, Configuring, and Managing DHCP

Previous page
Table of content
Next page

5.2. Installing, Configuring, and Managing DHCP

Dynamic Host Configuration Protocol (DHCP) is an essential network infrastructure component. By default, Windows XP Professional and Windows Server 2003 computers use DHCP to obtain their network settings for TCP/IP and DNS. Through DHCP, you can manage the assignment of:

  • IP addresses

  • Subnet masks

  • Defaults gateways

  • Preferred and alternate DNS servers

  • WINS servers

  • Extended TCP/IP options

Not only does dynamic configuration of IP addressing and other network settings free administrators from having to perform manual configurations on each computer in the organization, it also makes long-term management of these computers easier by centralizing and automating network configuration management. Using DHCP, you can update the network configuration of any dynamically configured computer simply by making the appropriate setting changes on your organization's DHCP servers. In contrast, with manual configuration, you must change the network configuration settings on each individual machine.

5.2.1. Understanding DHCP

DHCP is a client/server technology. Any computer configured to dynamically obtain its network configuration settings is considered to be a DHCP client. A computer that provides DHCP services to a client is referred to as a DHCP server. DHCP servers assign IP addresses to clients for a specific period of time known as the lease duration. The default lease duration is eight days. Clients with active leases must renew their leases periodically.

For clients that might need to have permanent leases, you can create a reservation on a lease by specifying the IP address to reserve and the MAC address of the computer that will hold the reserved IP address. Thereafter, the client with the specified MAC address will use the IP address designated in the reservation.

When you work with DHCP servers, keep the following in mind:

  • Any server that you want to configure as a DHCP server must have a static IP address.

  • DHCP servers maintain a database of the IP addresses available, in use, and reserved. This database, like any other database, must be periodically maintained.

  • Every DHCP server must have at least one active scope to grant leases to clients. A scope is simply a range of IP addresses to be leased to DHCP clients.

  • Within a scope, you can define a subset of IP addresses that you do not want to be assigned to clients using exclusions. An exclusion is an IP address or a range of IP addresses not included in the scope and not assigned to clients.

  • Using Reservations, you can define addresses that should always be assigned to specific clients.

On a network using Active Directory domains, you can install and configure DHCP by completing the following procedures:

  1. Install the DHCP server service on your designated DHCP servers.

  2. Authorize the DHCP servers in Active Directory.

  3. Configure the DHCP servers so they can assign dynamic configurations to clients.

  4. Activate at least one scope on each DHCP server.

Once you've completed these steps, clients in the domain will be able to obtain leases. When working with DHCP in workgroups, you do not need to perform Step 2.

5.2.2. Installing the DHCP Server Service

With Windows Server 2003, any server assigned a static IP address can run the DHCP Server service and act as a DHCP server. However, it is recommended that domain controllers not be configured as DHCP servers. In a standard configuration, DHCP is integrated with DNS, and DHCP clients are permitted to create, alter, and remove their own records. If you install DHCP on a DC, any client on the network might be able to alter critical service locator (SRV) records, which is an unnecessary security risk.

Tip: You must be an administrator to install windows components, including the DHCP Server service. The account you use for installing the DHCP should be a member of the global Domain Admins groups or the domain local DHCP Administrators group.

You can install the DHCP Server service by completing the following steps:

  1. Open Add Or Remove Programs in the Control Panel.

  2. In the Add Or Remove Programs window, click Add/Remove Windows Components.

  3. Click Networking Services and then select Properties. Be careful not to clear the checkbox.

  4. Select Dynamic Host Configuration Protocol (DHCP), and then click OK.

  5. Click Next. Setup configures the server's components.

  6. Click Finish.

You can also install the DHCP Server service using the Configure Your Server Wizard. To start the wizard, click Start Programs Administrative Tools Configure Your Server Wizard. Click Next twice, and then under Server Roles, select DNS Server, and then click Next. Review the installation tasks that will be performed, and click Next again. When the wizard finishes, it will start the New Scope Wizard, which you can use to create the initial scope on the DHCP server, or you can click the Cancel button if you want to configure the initial scope later.

5.2.3. Working with and Authorizing the DHCP Server

Like any Windows service, the DHCP Server service can be managed using the Services utility in Administrative Tools. However, the best way to manage the DHCP Server service and DHCP itself is to use the DHCP console, which can be accessed by clicking Start Programs Administrative Tools DHCP.

When you start the DHCP console on a DHCP server, the console connects automatically to DHCP on this server. If you start the DHCP console on your workstation or want to connect to a different DHCP server, you can do this by right-clicking the DHCP node, and selecting Add Server. You can then use the Add Server dialog box to select the remote server you want to work with by its fully qualified domain name or IP address. Currently authorized DHCP servers are listed as well.

As shown in Figure 5-4, the status of a DHCP server is displayed in the right pane when you select the DHCP node. A status of "Not Authorized" means the server has not yet been authorized for use in the domain of which the server is a member. Before a DHCP server can be used on an Active Directory domain, it must be authorized in Active Directory. To authorize the DHCP server, click Action Manage Authorized Servers. In the Manage Authorized Servers dialog box, click Authorize, type the name or IP address of the DHCP server to authorize, and then click OK.

Figure 5-4. The DHCP console.


With DHCP servers configured in workgroups or standalone configurations, you do not need authorization prior to using the DHCP serverworkgroups do not have domain controllers and do not use Active Directory. If your organization has workgroups that use DHCP or you plan to configure a standalone DHCP server, you must ensure the DHCP server is not on the same subnet as a domain's authorized DHCP server. With Windows 2000 or later, a workgroup or standalone DHCP server configured on the same subnet as a domain's authorized DHCP server is considered to be a rogue server. As part of a network protection process, the rogue server automatically stops its DHCP Server service and stops leasing IP addresses to clients as soon as it detects an authorized DHCP server on the local subnet.

To authorize a DHCP server for use in the domain of which the server is a member, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select Authorize.

To authorize multiple servers, you can use the following technique:

  1. Open the DHCP console.

  2. Right-click the DHCP node and then select Manage Authorized Servers.

  3. Click the Authorize button.

  4. Type the fully qualified domain name or IP address of the DHCP server to authorize.

  5. Click OK.

Once you've authorized the DHCP server, you have full access to manage the server, and clients can connect to the server to obtain IP address leases and their network configuration settings. The DHCP Server service on any DHCP server can be managed in the DHCP console by right-clicking the server entry and clicking All Tasks. You can then start, stop, pause, or restart the DHCP Server service.

As part of routine maintenance, you should periodically back up the DHCP server database and perform a manual compact of the database. See "Managing DHCP Databases," later in this chapter for details.

5.2.4. Creating and Configuring Scopes

Before a DHCP server can lease IP addresses and send clients their network configurations, you must create and activate the scopes that will provide these settings to clients. DHCP supports three types of scopes:


Normal scope

A scope for assigning Class A, B, and C IP addresses and related network settings. These unicast IP address classes were summarized previously in Table 5-1.


Multicast scope

A scope for assigning Class D IP addresses and related network settings. Class D addresses use multicasting with TCP/IP version 4 and begin with a number between 224 and 239 for the first part of the address.


Superscope

A container for scopes that allows you to more easily work with multiple scopes. After you create a superscope, you can add to it the scopes you want to manage as a group.

Each of these scope types can be created using the DHCP console.

5.2.4.1. Creating and activating normal scopes

You should create a scope for each range of IP addresses on a logical subnet that you want to manage using DHCP. The logical subnet associated with a range of IP addresses is defined by the related subnet mask. If there are subsets of IP addresses within a range that should not be assigned to clients, you can define exclusions to block the addresses so that they aren't assigned to clients. A scope can include optional parameters to configure client TCP/IP settings for default gateways, preferred and alternate DNS servers, and more.

Tip: A single DHCP server can provide dynamic addressing and configuration for multiple subnets. However, routing and relays must be appropriately configured between the subnets. See "Managing DHCP Relay Agents," later in this chapter for details.

To create a normal scope, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select New Scope.

  3. When the New Scope Wizard starts, click Next.

  4. Type a name and description for the scope. Click Next.

  5. On the IP Address Range page, shown in Figure 5-5, enter the start and end IP address to use for the scope. Specify the first and last usable IP only; do not specify the network ID or broadcast address as part of the range.

    Figure 5-5. Specify the IP address range and subnet mask for the scope.

  6. Enter the appropriate bit length or subnet mask and then click Next.

  7. If the range of IP addresses you enter crosses subnet boundaries, the New Scope Wizard will create one scope for each subnet and add these scopes to a superscope. You'll be able to set the superscope name and description on the Create Superscope page. Otherwise, this page is not displayed.

  8. On the Add Exclusions page, configure any IP addresses that should be excluded from the scope, as shown in Figure 5-6. Enter separate IP addresses and then click Add. Or enter a start and end IP address range and then click Add. When you are finished defining any exclusions, click Next.

    Figure 5-6. Specify any IP address exclusions.

  9. Set the lease duration to determine the length of time a client can use an IP address before it must be renewed. The default lease duration is eight days. Click Next.

  10. On the Configure DHCP Options page, click "Yes, I want to configure these options now" and then click Next.

  11. Use the Router (Default Gateway) page to configure default gateways. In the IP Address field, enter the IP address of the primary default gateway and then click Add. Repeat this process to specify other default gateways. Click Next.

  12. Use the Domain Name and DNS Servers page to configure DNS name resolution options. In the Parent Domain field, type the name of the parent domain to use for DNS resolution of computer names that aren't fully qualified. In the IP Address field, type the IP address of the primary DNS server and then click Add. Repeat this process to specify additional DNS servers. Click Next.

  13. Use the WINS Servers page to configure NetBIOS name resolution options. In the IP Address field, type the IP address of the primary WINS server and then click Add. Repeat this process to specify additional WINS servers. Click Next.

  14. Ensure the scope is activated by clicking "Yes, I want to activate this scope now." Click Next and then click Finish.

The new scope is created and listed under the DHCP server node in the DHCP console. You can activate or deactivate a scope at anytime by right-clicking it and selecting Activate or Deactivate.

5.2.4.2. Creating and activating multicast scopes

Multicast scopes are used on networks that use TCP/IP version 4 multicasting. With multicasting, multiple computers have the same destination IP address. These computers listen for packets sent to this address, allowing a single source host to send packets of information to multiple destination hosts. Class D IP addresses from 224.0.0.0 to 239.255.255.255 are used for multicasting.

To create a multicast scope, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select New Multicast Scope.

  3. When the New Multicast Scope Wizard starts, click Next.

  4. Type a name and description for the multicast scope. Click Next.

  5. On the IP Address Range page, enter the start and end IP address to use for the multicast scope.

  6. Use the Time To Live (TTL) value to control the number of routers multicast traffic can pass through on your network. The default value is 32. Click Next.

  7. On the Add Exclusions page, configure any IP addresses that should be excluded from the multicast scope. Enter separate IP addresses and then click Add. Or enter a start and end IP address range and then click Add. When you are finished defining any exclusions, click Next.

  8. Set the lease duration to determine the length of time a client can use an IP address before it must be renewed. The default lease duration is 30 days. Click Next.

  9. Ensure the scope is activated by clicking "Yes." Click Next and then click Finish.

The new multicast scope is created and listed under the DHCP server node in the DHCP console. You can activate or deactivate a multicast scope at anytime by right-clicking it and selecting Activate or Deactivate.

5.2.4.3. Creating and using superscopes

Superscopes allow you to group scopes for easier management. By activating or deactivating the superscope, you can activate or deactivate all the related scopes. When you have already created one or more scopes, you can create a superscope by completing the following steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select New Superscope.

  3. When the New Superscope Wizard starts, click Next.

  4. Type a name for the superscope and then click Next.

  5. Select scopes to add to the superscope.

  6. Click Next and then click Finish.

The new superscope is created and listed under the DHCP server node in the DHCP console. Some of the key tasks you'll want to perform with superscopes include:


Activating or deactivating scopes

To activate or deactivate all scopes within the superscope at anytime, right-click the superscope and select Activate or Deactivate.


Adding scopes

To add a scope to an existing superscope, right-click the scope and then select Add To Superscope. In the dialog box displayed, select a superscope and then click OK.


Removing scopes

To remove a scope from a superscope, right-click a scope and then select Remove From Superscope. Confirm the action by clicking Yes when prompted. If this is the last scope in the superscope, the superscope is deleted automatically.

You can use superscopes to support dynamic IP addressing for multinets. A multinet is a single physical network with multiple logical subnets. To support each subnet in the multinet, you create a scope for each subnet and then add the scopes to a superscope. Because DHCP Relay Agents include details on the originating subnet, a DHCP server on a remote subnet will know which scope to use when.

When the organization has multiple DHCP servers, superscopes are useful for ensuring DHCP servers can assign the proper IP addressing to clients as well. For example, when two DHCP servers are on the same subnet and service clients on multiple subnets, you can create a superscope of both servers that includes as members all scopes defined on the physical subnet or subnets. To prevent the servers from issuing leases in each other's scopes, configure each server so that the IP address ranges of the other server are excluded.

5.2.5. Managing DHCP Scope Options

When you create a DHCP scope, you can define key TCP/IP options, including the default gateway, preferred and alternate DNS servers, and preferred and alternate WINS servers. These TCP/IP options, and many others, can be managed individually as well. Using the DHCP console, you can manage these options at five separate levels using:


Predefined options

You can configure preset values for TCP/IP options and to create additional TCP/IP options. To configure preset value or define additional options, right-click the server node and then select Set Predefined Options.


Server options

You can configure TCP/IP options that are assigned to all scopes created on a server. Server options can be overridden by scope, class, and reservation options. To configure server options, expand the server node, right-click Server Options, and then select Configure Options. When you select Server Options, any current server options defined are listed in the right pane.


Scope options

You can configure TCP/IP options that are assigned to all clients that use a scope. Only normal scopes have scope options; these options can be overridden by class and reservation options. To configure scope options, expand the server node, expand the scope node, right-click Scope Options, and then select Configure Options. When you select Server Options, any current scope options defined are listed in the right pane.


Class options

You can assign TCP/IP options based on membership in a particular class. Client classes can be user- or vendor-defined. Vendor classes created automatically are the "Default Routing and Remote Access Class" and the "Default BOOTP Class." User classes created automatically are "Microsoft Options" for Windows NT 4.0 computers, "Microsoft Windows 98 Options" for Windows 98 computers, and "Microsoft Windows 2000 Options" for Windows 2000 computers. These options can be overridden by reservation options. To configure class options, right-click the server node and then select Define User Classes or Define Vendor Classes as appropriate.


Reservation options

You can set TCP/IP options for individual computers with reservations. After you create a reservation for a client, you can right-click the reservation and select Configure Options to set the reservation options. Manually assigned TCP/IP settings only override reservation options (and all other options).

Tip: You'll find that user and vendor classes are particularly important when you are configured DHCP for a specific type of client. For example, you might want all Windows 2000 clients to use a specific set of options that is different from all Windows XP Professional clients. To do this, define settings for the user class Microsoft Windows 2000 Options. You may also want remote access clients to use specific settings that are different from local clients. To do this, define settings for the vendor class Default Routing and Remote Access Class.

When you are working with server and scope options, you'll see a dialog box similar to the one shown in Figure 5-7. To enable an option and configure it, select the related checkbox, and then use the Data Entry options to configure the option.

Figure 5-7. Set server and scope options.


Table 5-3 provides an overview of the TCP/IP options used on most networks. Each option is identified by its option name and associated option code. Option code 53, which cannot be configured, is included with every DHCP message and is used to set the message type as DHCP Discover, DHCP Offer, DHCP Request, or DHCP Acknowledgement. Every DHCP message header includes DCHP: Option Field as its final field, and the DHCP Message Type is listed as the first option field.

Table 5-3. Key TCP/IP options

Option name

Option code

Description

DNS Domain Name

015

Sets the DNS domain name to use when resolving unqualified host names using DNS

DNS Servers

006

Sets the primary and alternate DNS servers in preference order

Router

003

Sets the default gateways in preference order

WINS/NBNS Servers

044

Sets the primary and alternate WINS servers in preference order

WINS/NBT Node Type

046

Sets the method to use when resolving NetBIOS names


5.2.6. Using Dynamic DNS Updates with DHCP

DNS is the primary name service used with networks running Windows 2000 and later computers. DNS uses host (A) records to resolve computer names to IP addresses for forward lookups and pointer (PTR) records to resolve IP addresses to computer names for reverse lookups. In the standard configuration of DNS and DHCP, DHCP clients running Windows 2000 or later update their host (A) records in DNS automatically whenever an IP address is assigned or renewed, and DHCP servers update the pointer (PTR) records on behalf of clients.

In the DHCP console, you can control the default behavior by configuring the properties of the DHCP server. Right-click the server entry and then select Properties. Use the options on the DNS tab shown in Figure 5-8 to determine how dynamic DNS updating works. The configuration options available are as follows:

Figure 5-8. Configure dynamic DNS updating through the DHCP server properties.



Enable DNS Dynamic Updates According To The Settings Below

This option is enabled by default. Select this checkbox to allow DNS dynamic updates. If you clear this option, the DHCP will not attempt to update dynamic updates on behalf of Windows 2000 or later clients.


Dynamically Update DNS A And PTR Records Only If Requested By The DHCP Clients

Allows the DHCP server to use dynamic updates if requested by Windows 2000 or later clients. By default, DHCP clients request that servers update only their PTR records.


Always Dynamically Update DNS A And PTR Records

Allows the DHCP server to use dynamic updates for A and PTR records when addresses are assigned or renewed regardless of client requests. Affects Windows 2000 or later clients only.


Discard A And PTR Records When Lease Is Deleted

This option is enabled by default. Allows the DHCP server to remove client resource records from DNS when their DHCP addresses leases expire.


Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates

Allows the DHCP server to dynamically update A and PTR records for DHCP clients not capable of requesting updates, such as Windows NT 4.0 clients.

When clients register their own A records, the method they use to create and update records is not secure. This allows any client or server, with appropriate credentials, to modify or delete the records. On the other hand, if a DHCP server dynamically updates A and PTR records on behalf of clients, the server uses secure dynamic updates. DNS records created using secure dynamic updates can only be updated by the server that created the record (the record owner). Although this improves security, this can lead to stale (old) records on the DNS server if the DHCP server that owns a record fails and a client is later assigned a lease from a second DHCP server. Consider the following scenario:

  1. DHCP Server 1 performs a secure dynamic update of the A and PTR records for a client.

  2. DHCP Server 1 is the owner of those records.

  3. If DHCP Server 1 fails, neither the client nor DHCP Server 2 will able to update the previously created records.

When DHCP servers update both the A and PTR records, you can prevent problems due to stale records by making your organization's DHCP servers members of the DnsUpdateProxy security group. Any objects created by members of this group do not have security settings and thus have no owners. This allows any DHCP server to modify the record. However, if the DHCP server is not a member of the DnsUpdateProxy group, the DHCP server becomes the owner and no other DHCP servers can modify the record.

Tip: The DnsUpdateProxy group can be used in configurations where clients update A records and DHCP servers update PTR records. However, this can introduce additional problems and is not recommended.

In most cases, domain controllers should not be configured as DHCP servers. If DCs are configured as DHCP servers, and those servers are members of the DnsUpdateProxy group, records created by the Netlogon service for the DC are not secure.

5.2.7. Managing DHCP Clients and Leases

DHCP servers lease IP addresses to clients for specific periods of time. By default, for normal scopes, the lease duration is eight days. Leases are assigned initially and renewed using different techniques.

During startup of a client configured to use DHCP, a client without a current lease does the following:

  1. Discover. Sends a DHCP Discover broadcast on the network using its MAC address and NetBIOs name. If no DHCP server responds to the initial request, the client sends the broadcast again after 2, 4, 8, and 16 seconds. If no DHCP server responds to the subsequent requests, the client assigns itself an automatic private IP address and then sends DHCP Discover broadcasts every five minutes waiting for a DHCP server response.

  2. Offer. DHCP servers on a network that receive a DHCP Discover message respond with a DHCP Offer message, which offers the client an IP address lease.

  3. Request. Clients accept the first offer received by broadcasting a DHCP Request message for the offered IP address.

  4. Acknowledgment. The server accepts the request by sending the client a DHCP Acknowledgment message.

Tip: By default, DHCP discover messages are only broadcast on the client's local subnet. Before a DHCP client can contact a DHCP server on a remote subnet, you must configure a DHCP Relay Agent as discussed in "Managing DHCP Relay Agents," later in this chapter.

Clients attempt to renew their leases periodically by sending a DHCP Request to the DHCP server. The server accepts the request by sending the client a DHCP Acknowledgment message. Clients attempt to renew their leases at each restart, when the ipconfig /renew command is run at the client, when 50 percent of the lease time has passed, and when 87.5 percent of the lease time has expired.

When a client fails to contact a DHCP server, it pings the default gateway previously assigned, and the response (or lack of response) determines what happens next. Essentially, if the client gets a response from the default gateway, it assumes it is on the same subnet as before and continues to use the lease, attempting to renew it at the appropriate intervals (based on 50 or 87.5 percent expiration). If the client doesn't get a response from the default gateway, it assumes it is on a different subnet and configures itself to use APIPA, and then sends DHCP Discover broadcasts every five minutes.

Manage lease durations on a per-scope basis. To view or change the current lease duration, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select Properties.

  3. The Lease Duration options show the current lease settings (see Figure 5-9). Modify the settings as necessary and then click OK.

    Figure 5-9. Configure the lease duration for each scope separately.

You can view and manage the current leases assigned to clients by following these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Expand the associated superscope (if any) and the associated scope.

  3. Select the Address Leases node. Leases are listed according to client IP address and include the client name, lease expiration, lease type, and the client's unique ID (MAC address). If a client has a reservation, the Lease Expiration entry shows the value Reservation followed by the status of the lease as either "active" for in-use leases or "inactive" for not-yet-in-use leases.

  4. To force a client to acquire a new IP address, you can right-click the lease in the Active Leases list and then select Delete.

If you need to replace a DHCP server that failed recently and were not able to migrate an up-to-date DHCP database to this server, you may need to enable conflict detection to prevent the new DHCP server from assigning IP addresses that are already in use. With Conflict Detection enabled, the DHCP server pings an address on the network before assigning it to a client. You can enable conflict detection and specify the number of times the DHCP server should ping an IP address before assigning it by completing the following steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server's entry and then select Properties.

  3. On the Advanced tab, set the Conflict Detection Attempts option to the number of times to ping an IP address before assigning it. A value of zero disables conflict detection and is the default setting.

On clients, you can view and manage IP address lease details using ipconfig. As previously discussed, ipconfig /all lists all TCP/IP settings, ipconfig /release releases an IP address lease, and ipconfig /renew renews an IP address lease.

5.2.8. Managing Reservations and Reserved Clients

Use reservations to create permanent address leases assignments. For example, you might want member servers to use DHCP so they can easily be moved between or within subnets if necessary, but might not want a server's IP address to change without specific reason for such a change. In this case, you can define a reservation for the member server.

Tip: Reservation definitions must be created on each DHCP server that provides dynamic addressing on the subnet. If you don't do this, a DHCP client can potentially get assigned a different IP address by one of the other DHCP servers on the subnet.

To define a reservation for a computer, you must know the MAC address of the computer's network adapter. For a client computer with a current lease, this can be determined by locating the scope under which the lease is assigned and then finding the client lease entry. The MAC address for the client's network adapter is listed in the Unique ID column. The MAC Address is also listed as the Physical Address of the network adapter when you type ipconfig /all at a command prompt.

Tip: Reserved addresses cannot be part of an excluded IP address range.

You can reserve a DHCP address for a client by completing these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Expand the associated superscope (if any) and the associated scope.

  3. Select the Reservations node. Current reservations are listed by IP address and reservation name in the right pane.

  4. Right-click the Reservations node, and then click New Reservation.

  5. In the Reservation Name field, type a descriptive name for the reservation (see Figure 5-10).

    Figure 5-10. Configure the reservation using the client's MAC address.

  6. In the IP Address field, type the IP address you want to reserve for the client. This IP address must be within the valid range for the currently selected scope.

  7. In the MAC Address field, type the MAC Address for the client's network adapter. You can enter this as a number string with or without dashes.

  8. Type an optional comment in the Description field.

  9. Click Add to create the reservation.

You can edit a current reservation by right-clicking it and selecting Properties. If a client should no longer have a reservation, right-click the reservation and then select Delete. When prompt to confirm, click Yes.

5.2.9. Managing DHCP Databases

The DHCP database stores information about client leases, reservations, scopes, and configured options. By default, the database is located in the %SystemRoot%\System32\DHCP folder on a DHCP server. Windows Server 2003 automatically backs up and compacts the database periodically. Administrators can perform manual backups and compactions as well.

Automatic backups occur every 60 minutes by default and can be configured using the BackupInterval entry under the HKLM SYSTEM CurrentControlSet DHCPServer Parameters key in the Registry. If Windows Server 2003 detects that the DHCP database is corrupted, the operating system will automatically try to recover the database from the last backup. Backups are stored by default in 5.2.9.1. Setting the DHCP database and backup paths

The DHCP database and automatic backup folders are stored under the %SystemRoot% by default. If desired, you can set the database path and backup path to a different location by following these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Properties.

  3. Click the Advanced tab as shown in Figure 5-11.

    Figure 5-11. Set the database and backup paths as necessary.

  4. Use the Database Path and Backup Path text boxes to set the database path and backup path.

  5. Click OK.

5.2.9.2. Manually backing up and restoring the DHCP database

Periodic manual backups of the DHCP database are important because they allow you to manually restore the database. If you don't have a manual backup, you cannot perform a manual restore of a corrupted DHCP database. To perform a manual backup of the DHCP database, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Backup.

  3. Browse to the folder where the manual backup should be placed.

  4. Click OK.

Tip: You don't need to stop the DHCP server service to perform a manual backup.

To manually restore the DHCP database, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Restore.

  3. Browse to the folder where manual backups were placed. This must be a folder on the local machine.

  4. Click OK.

  5. When prompted to stop and restart the DHCP Server service, click Yes to allow the restore to complete.

Tip: Manual restores can be done using manual backups only. An automated backup cannot be used for manual restoration of the DHCP database.
5.2.9.3. Migrating a DHCP server

Moving the DHCP database from one server to another can be performed using the manual backup and restore procedure. Follow these steps:

  1. On the current source DHCP server, perform a backup of the DHCP database.

  2. When the backup is complete, stop the DHCP server service by typing net stop dhcpserver at a command prompt. This ensures clients do not connect to the DHCP server.

    Tip: If necessary, disable the DHCP server service in the Services utility. This prevents the DHCP server from starting the service after the database has been migrated to another DHCP server.

  3. Copy the backup folder to the destination DHCP server.

  4. On the destination DHCP server, perform a restore of the DHCP database.

  5. You may be prompted to stop and restart the DHCP service on the destination server.

5.2.9.4. Manually compacting the DHCP database

Periodic manual compaction of the DHCP database, in addition to automatic compaction, can help ensure that the DHCP database stays healthy in a busy network environment with many hundreds of computers using DHCP. The reason for this is that manual compaction is performed with the database offline, which allows more efficient compaction and defragmentation of the database.

To ensure DHCP works as expected, you should:

  • Periodically compact the DHCP database manually whenever it grows larger than 30 MB.

  • Manually compact the database if you receive error messages that the DHCP database is corrupted.

To manually compact the DHCP database, follow these steps:

  1. Open a command prompt.

  2. CD to the directory containing the DHCP database.

  3. Type net stop dhcpserver.

  4. Type jetpack dhcp.mdb temp.mdb, where temp.mdb is the name of the temporary file to use.

  5. Type net start dhcpserver.

5.2.10. Troubleshooting DHCP

When you have problems with DHCP, the DHCP console is the first place you should look to diagnose and resolve problems. The console displays warning icons for many common problems:

  • A red circle with an X through it is used if the DHCP Server service is stopped or if the DHCP server cannot otherwise be reached.

  • A white circle with a red down arrow on the server node indicates the server is not authorized in Active Directory.

  • A white circle with a red down arrow on the scope node indicates the scope is deactivated.

  • A white circle with a green up arrow indicates the DHCP server is authorized and active.

To diagnose and resolve deeper issues with DHCP, you'll need the help of the DHCP audit logs. These logs and their use in troubleshooting are discussed in the sections that follow.

5.2.10.1. Understanding the DHCP audit logs

By default, all DHCP activity is written to the DHCP audit logs stored under %SystemRoot%\System32\dhcp. Audit logs are stored in a separate text files named after the day of the week, such as DhcpSrvLog-Mon.log, DhcpSrvLog-Tues.log, etc. Seven days of audit logs are maintained and old logs are overwritten when a new log of the same name is created. You can enable or disable audit logging by completing these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Properties.

  3. On the General tab, select or clear the Enable DHCP Audit Logging checkbox.

  4. Click OK.

You can change the location of the audit logs by following these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Properties.

  3. Click the Advanced tab.

  4. Use the Audit Log File Path to specify the location for the audit logs.

  5. Click OK.

You can use the audit logs for troubleshooting DHCP. The audit logs contain comma-delimited, single-line entries for each audited activity. Each entry begins with an event code, the meaning of which is listed at the beginning of the audit log as shown in Figure 5-12.

Figure 5-12. DHCP audit logs are stored as text files with comma-delimited entries.


5.2.10.2. Diagnosing and resolving issues related to DHCP authorization

In Active Directory domains, DHCP servers must be authorized before they can assign leases to clients. Although the DHCP console shows the general status of a server as authorized or unauthorized, you'll need to look through the DHCP audit logs to perform more detailed analysis to resolve some authorization issues.

Table 5-4 provides a summary of audit log events related to authorization. Use the event text and descriptions to diagnose and resolve authorization issues. The audit code for events 50 and higher are not summarized in the header of the audit log.

Table 5-4. Audit log events related to authorization

Event ID

Event text

Description

50

Unreachable domain

The DHCP server could not locate the domain for which it is configured.

51

Authorization succeeded

The DHCP server was authorized to start on the network.

53

Cached authorization

The DHCP server was authorized to start using previously cached information. Active Directory wasn't available at the time the DHCP Server service was started on the network.

54

Authorization failed

The DHCP server was not authorized to start on the network and has stopped servicing clients. Typically, the DHCP Server service is stopped as a result.

55

Authorization (servicing)

The DHCP server was successfully authorized to start on the network.

56

Authorization failure, stopped servicing

The DHCP server was not authorized to start on the network and was shut down. You must authorize the server before starting it again.

57

Server found in domain

Another DHCP server exists and is authorized for the domain.

58

Server could not find domain

The DHCP server could not locate the domain for which it is configured.

59

Network failure

A network-related failure prevented the server from determining whether it is authorized.

60

No DC is DS-enabled

No domain controller was found in the domain. The DHCP server must be able to contact a DC in the domain.

61

Server found that belongs to DS domain

Another DHCP server that belongs to the domain was found.

62

Another server found

Another DHCP server was found on the network.

63

Restarting rogue detection

The DHCP server is trying to determine whether it's authorized.

64

No DHCP-enabled interfaces

The DHCP server has its service bindings or network connections configured so that the DHCP Server service is not enabled to provide services. The server may be disconnected from the network, have a dynamic IP address, or have all its static IP addresses disabled.


5.2.10.3. Verifying leases and DHCP reservation configuration

When you select a server's Active Leases node in the DHCP console, the current leases are listed. For leases, the current expiration date is listed. If a lease expires and is not renewed, the dynamically configured computer might have been moved to a different subnet or it might have obtained its configuration from another DHCP server.

With reservations, the active or inactive status of the reservation is listed. If a reservation is inactive for a dynamically configured computer that is booted and connected to the network, the reservation may be incorrectly configured. To check the reservation configuration, select a server's Reservations node in the DHCP console, right-click the reservation, and then click Properties. To determine the options used by the reservation, expand the Reservations node in the DHCP console and then in the left pane, click the entry for the lease. In the right pane, the current options are listed by name, vendor (where the options came from), and the value assigned. Verify that the reserved addresses are not simultaneously excluded.

5.2.10.4. Verifying the client configuration and examining the system event log

When DHCP clients lose access to resources or are unable to establish clients, you might have a problem with DHCP. You should start your troubleshooting by determining whether the problem originates on the client or elsewhere. On a client experiencing problems, you can view the current TCP/IP configuration by typing ipconfig /all at a command prompt. Issues related to TCP/IP can be resolved as discussed previously in this chapter in "Troubleshooting TCP/IP Addressing." If a client has been assigned the appropriate configuration and there is no warning message about an addressing conflict, the network problem most likely isn't a result of an addressing issue on the client.

However, if a client computer has been assigned an address in use by another computer on the network, it will have problems communicating with the network and may not be able to access network resources. A warning message regarding the address conflict will be displayed in the system tray on the client computer. Related warning events are also recorded in the System event log on the computer experiencing the problem. Typically, these warning events have the Event ID 1055 and the source as Dhcp.

If the client is assigned the IP address by DHCP, the likely issue is that another computer has been assigned a static IP address that conflicts with the range of IP addresses assigned to DHCP clients, and the IP address of the manually configured computer will need to be changed. If you locate the other computer with the same IP address and it is dynamically configured, the likely issue is that more than one DHCP server is assigning the same range of IP addresses, or the scopes assigned to a DHCP server have been modified to allow such a conflict to occur.

On the client, you can attempt to restore connectivity with the network using the Repair option on the Support tab of the Local Area Connection Status dialog box. When you use Repair, the client attempts to refresh the stored data for its connection. The client does this by:

  1. Renewing the DHCP IP address lease and the related TCP/IP settings.

  2. Flushing the ARP cache, the NetBIOS cache, and the DNS resolver cache.

  3. Re-registering with WINS and DNS.

Although Windows 2000 and later automatically stop the DHCP Server service for unauthorized DHCP servers in a domain, other devices can be DHCP-enabled. To locate these devices, you can use the Dhcploc.exe utility provided in the Windows Support Tools. You can then remove any rogue DHCP servers from the network.

5.2.10.5. Diagnosing and resolving issues related to configuration of DHCP Server and scope options

TCP/IP options can be configured manually on the client and in the DHCP console. Manual configurations cannot be overridden. In the DHCP console, TCP/IP options are configured at five separate levels:

  • Predefined options that set preset values and can be overridden at any other level.

  • Server options that can be overridden by scope, class, and reservation options.

  • Scope options that can be overridden by class and reservation options.

  • Class options that can be overridden by reservation options.

  • Reservation options that can be overridden only by manually assigned TCP/IP settings.

A common problem you may see is due to clients obtaining incorrect option values. If a client is getting the incorrect settings, you can resolve this by:

  1. Checking the Internet Protocol (TCP/IP) properties to ensure that the client is configured to obtain settings as appropriate from DHCP.

  2. Configure scope options to override other options being used, as appropriate and necessary.

  3. After modifying the client configuration or the server's option settings, you would need to release and renew the client lease to ensure the client gets the correct settings.

  4. Check the status of the connection from the system tray.

A less common problem you may see when troubleshooting DHCP server configuration has to do with the service binding to the server's network adapter. To provide leases for clients on the local subnet, a DHCP server must be assigned a static IP address on the local subnet. The DHCP Server service must also have a binding on one of the server's network adapters.

5.2.10.6. Verifying address scope assignment and that the DHCP Relay Agent is working correctly

Multiple scopes can be configured and active on a single DHCP server. Scopes containing IP addresses for subnets other than the subnet on which the DHCP server is located are used with remote clients. DHCP servers determine the originating subnet for remote clients by retrieving an option field inserting into DHCP Request messages by a DHCP Relay Agent. This option field identifies the originating subnet of the client, and is formatted as shown here:

 DHCP: Relay IP Address (giaddr) = OriginatingSubnetGateway

In the next example, the originating subnet gateway is identified as 192.168.0.1:

 DHCP: Relay IP Address (giaddr) = 192.168.0.1

Tip: You use Network Monitor to examine packets and view option fields.

If the network's DHCP Relay Agent is improperly configured or not BOOTP (RFC 1542) compliant, the originating subnet might not get attached to the DHCP Request message from the client. As a result, the client could get assigned an IP address from the wrong scope. To resolve this, you would need to verify the DHCP Relay Agent configuration. To verify the binding, follow these steps:

  1. Open the DHCP console and connect to the server if necessary.

  2. Right-click the server node and click Properties.

  3. Click the Advanced tab.

  4. Click the Bindings button.

  5. In the Bindings dialog box shown in Figure 5-13, ensure that the server has a binding to a network adapter on at least one IP address. If no connections and bindings are listed, the server might not have a static IP address.

    Figure 5-13. Verify the server bindings for the DHCP Server service.

  6. Click OK.

5.2.10.7. Verifying database integrity

Many inconsistencies in the DHCP database can be resolved by reconciling the server's leases. When you reconcile the database, the operating system compares the information in the database to the information stored in the Registry, and uses this comparison to determine whether the DHCP database accurately reflects the current leases and reservations. To reconcile all scopes on a server, right-click the server node in the DHCP console and then select Reconcile All Scopes. When prompted to verify the action, click the Verify button. Any inconsistencies are listed. If there are no inconsistencies, you'll see a prompt stating "The database is consistent."



Previous page
Table of content
Next page
MCSE Core Required Exams in a Nutshell
MCSE Core Required Exams in a Nutshell: The required 70: 290, 291, 293 and 294 Exams (In a Nutshell (OReilly))
ISBN: 0596102283
EAN: 2147483647
Year: 2006
Pages: 95
Authors: William R. Stanek
BUY ON AMAZON
MySQL Stored Procedure Programming
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
MySQL Cookbook
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
An Introduction to Design Patterns in C++ with Qt 4
802.11 Wireless Networks: The Definitive Guide, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy