Assume that you replaced failed DHCP server with a new one configured with the same scope. This can possibly lead to situation when your new DHCP server can lease addresses which were earlier issued by failed server if it was configured with the same scope.
To mitigate this you can use Conflict detection attempts setting which can be found on Advanced tab of your scope properties:
By default it is set to 0 which means that your DHCP server won’t attempt to perform any conflict detection before issuing an address. As soon as you set this parameter to something higher that 0, let’s say N, your DHCP server query the network N times before it assigns an IP address to make sure that address is not already in use.
Of course this is a good option to be aware of, but real solution here is to add extra DHCP server and configure DHCP Failover which is available in Windows Server 2012 or newer versions and ensures that you won’t need to have any headache if one of your DHCP servers fails.
I’ve recently configured DHCP Failover in Load Balance mode in my Lab environment setting up two Server 2012 R2 based DHCP servers. Configuring it was rather easy (at least if your aim is get in up and running quickly and you doing “spousal mode” installation) as you just go to Configure Failover on zone level and mostly all you need to do is to select mode (Standby or NLB) and type in shared secret. And this feature is so much cooler of those split scope aka 70/30 arrangements which you had to deal with in the past 🙂 But I bump into another problem in the process – my 2nd DHCP server was not authorized before I configured failover, so it showed me this red down arrow icon which definitely hints you that something is wrong.
To know what exactly these icons supposed to tell you have to read “DHCP Console Icons Reference – Server-related icons” and “DHCP Console Icons Reference – DHCP console icons added for Windows Server 2012.” MSFT documentation on these icons is a bit disjointed as first link which covers server icons is Server 2008 documentation and second is just delta of newly added icons in 2012 (icons related to newly added features like DHCP failover and DHCP policies). Why not to consolidate it into one document valid for 2012 R2?
Anyhow I know that my second DHCP server is not authorized and clicked on Authorize option, alas no errors and server keeps showing Authorize option as available. After clicking Authorize about 3 times I decided to restart DHCP console and it partially fixed things – now Authorize was grayed out so it was more clear that my DHCP server is authorized. But pesky red down arrow still persisted and I erroneously thought that it has something to do with my attempt to configure failover before authorizing second DHCP server. In the end solution turned out to be more trivial: it was necessary to restart DHCP service on 2nd server and after this DHCP console – voila, problem fixed! So once again these old consoles a bit too sluggish and often require extra refresh/restart. It is just a question of time when MMC based things will be phased out and fully replaced by PowerShell and new GUI consoles (similar to ADAC maybe?). Another example which tends to behave similarly is NLB console which is one of the oldest which still exist intact in modern versions of Windows Server).
Anyhow I now have DHCP failover configured:
Red circle with cross indicates that my 1st server is switched off, and orange arrow directed to the left means that “Failover is configured on the DHCP server.” You will see this orange arrow icon only if failover is configured and one of the servers goes down – otherwise you will see check marks in green circle everywhere with no indication of configured failover on icons level.
I decided that it make sense for me to jot down different things as I prepare to 70-410 and other MSFT exams from MCSA Server 2012 track, though since recently I have strange feeling that I’m trying to take MSFT exams when they about to retire 🙂 .
One of the questions/topics we had since Server 2008 is WDS and there are some facts to be aware of when it comes to WDS.
- Port 67. WDS server uses UDP 67 and this is the same port on which DHCP server listening too. In case of coexistence of DHCH and WDS on the same server you have to configure WDS not to listen on port 67. When you add WDS role on a server which already hosts DHCP role all configuration settings for such coexistence (points 1 & 2 in this list) being configured for you automagically. But if WDS installed first and then you adding DHCP role you have to take care about this manually.
- DHCP Option 60. Once you configured DHCP server not to listen on port 67, you have to configure DHCP option 60 which will tells DHCP clients that their DHCP server is also WDS server/PXE (Preboot eXecution Environment) server. You have to switch on DCHP option 60 and set it to “PXEClient”. In addition to this TFTP should be allowed on FDS along with BINL service (UDP 4011). Note: DHCP option 060 PXE Client does not appear unless your server has the WDS role installed.
- RFC 1542. If your DHCP/WDS server is on a different subnet from one your client reside in then you have to have RFC 1542 compliant router between these subnets, and most modern routers are RFC 1542 compliant. Such routers can be configured to pass BOOTP broadcasts (i.e. broadcast messages which use ports 67 and 68). If you don’t have router compliant with such standard you have to leverage RRAS role and configure DHCP Relay agent.