Tuesday, November 15, 2011

Configuring and Troubleshooting DHCP

Overview of the DHCP Server Role
One of the major problems in networks when the move was made to the TCP/IP protocol, was getting the IP address input onto each machine.

The solution is DHCP (Dynamic Host Configuration Protocol). The DHCP server maintains a pool of IP addresses and DHCP leases out an IP address for a period of time to DHCP-enabled host machines on the network. DHCP provides the IP address along with the subnet mask and default gateway (router). The IP addresses are returned to the pool to be reallocated, when they are no longer in use. DHCP waits for the client to request an IP address using network Broadcasts.

What are the benefits of using DHCP?
DHCP simplifies network administration by using automatic TCP/IP configuration. Manual TCP/IP configuration increases errors exponentially. Not only that, communication errors can cause network problems. The assignment of an IP address to more than one computer, simultaneously, can cause address conflicts. Another problem happens when a computer moves. The administrative effort becomes a real headache. Many companies have thousands of network devices that need IP addresses and it is impossible to enter the data manually.
What are the new DHCP features of Windows Server 2008?
  • Support for DHCPv6 stateful and stateless configuration to allocate IPv6 addresses. Stateful configuration is when the DHCPv6 server assigns the IPv6 address to the client, along with additional DHCP data. Stateless configuration is when the IPv6 address is assigned automatically by the router, and the DHCPV6 server assigns the other configuration settings.
  • Support for NAP (Network Access Protection). Used with DHCP to help isolate potential malware infected machines from the network. NAP helps to ensure clients comply with corporate policy of having up to date antivirus before they are allowed access to the Internet.
  • Ability to install DHCP on the Server Core to be managed from the command line.
How does DHCP allocate IP Addresses?
The IP addresses are allocated dynamically by DHCP. Using the Windows Server Role, DHCP ensures that clients have the correct configuration.

The default in Windows Server 2008, is to lease IP addresses for eight hours for wired clients and three hours for wireless clients. The lease duration can be changed by modifying the DHCP server scope properties of a specific subnet.

A series of messages, known as DHCP conversations or DHCP transactions, are provided to the DHCP client from the DHCP server. The messages are based on the message format used with BOOTP. RFC2131 defines the format for each message sent between the DHCP client and DHCP server.

The DHCP relay agent is a small program that forwards the DHCP messages between the DHCP clients and servers, if they are in another subnet. The server then sends the address back to the client via the relay agent. Relay agents can be used to reduce the number of DHCP servers needed. Routers that connect the subnets need to support DHCP relay as described in Clarifications and Extensions for the Bootstrap Protocol RFC 1542, and most do.

The Bootstrap Protocol (BOOTP) is a UDP/IP-based protocol which
   allows a booting host to configure itself dynamically and without
   user supervision.  BOOTP provides a means to notify a host of its
   assigned IP address, the IP address of a boot server host, and the
   name of a file to be loaded into memory and executed [1].  Other
   configuration information such as the local subnet mask, the local
   time offset, the addresses of default routers, and the addresses of
   various Internet servers can also be communicated to a host using
   BOOTP [2].
If a router cannot support DHCP relay, then check with the router manufacturer to see if a firmware upgrade is available.

If a router cannot function as a relay agent, you can configure Windows Server 2008 as a relay agent. Routing and Remote Access Services (RRAS) must be installed. RRAS is a component of the Network Policy and Access Services server role.

DHCP Server
DHCP Protocols
Request for Comments: Dynamic Host Configuration Protocol
TCP/IP Fundamentals for Microsoft Windows
DHCP Lease Generation
Discovery OfferRequestAcknowledgement

1. The DHCP client broadcasts a DHCPDISCOVER packet. The broadcast goes to every host on that particular subnet. The only computer that will respond is one that has a DHCP server role configured or has a DHCP relay agent running. The relay agent forwards the packet to the DHCP server for which it is configured.
2. The DHCP server(s) will broadcast back a DHCPOFFER packet with a potential IP address.
3. The DHCP client broadcasts a DHCPREQUEST packet. If there are multiple servers, the server requested is the one that responded first with the DHCPOFFER packet.
4. DHCP Server (the server that responded first) broadcasts a DHCPACK packet (acknowledgement). Now the DHCP client has an IP address. If the server is unable to provide the initial address in the DHCPOFFER packet, then it will respond with a DHCPNAK message.
All of the packets contain the MAC address of the client computer and when the client is responding back to the fastest responding DHCP server with a DHCPREQUEST packet, it includes the MAC address of the fastest responding DHCP server.

Dynamic Host Configuration Protocol
Windows Server 2008 R2 and Windows Server 2008
DHCP Lease Renewal
When 50% of the lease duration has expired, the DHCP client sends a DHCPREQUEST packet back to the DHCP server that leased the IP address.

If the DHCP server is running and responding to DHCPREQUESTs, it will send a DHCPACK packet that allows the client to continue with the lease of the IP address.

If the server has a network or server problem and fails to respond to the client with a renewal, the client will wait until 87.5% of the lease duration has expired. The client will then retry with the same server, again.

If the renewal fails after 87.5% of the lease expired and 100% of the lease has expired, the client must go through the entire process again by broadcasting a DHCPDISCOVER packet.

Note: Computers may have the same IP address for a long period of time if the network is not shut down.

Computers attempt to renew the address at startup. The reason for this is the computer may have moved while it was offline and plugged into a new subnet. If the renewal is unsuccessful, the client computer tries to contact the Default Gateway. If the gateway is not responding, the client computer enters the Discovery phase, and attempts to obtain an IP configuration from any DHCP server.

DHCP Server Authorization

DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to support DHCP clients. A DHCP server must be authorized because a DHCP server configured incorrectly can provide invalid information.

You must be a member of Enterprise Administrators because the DHCP service can span multiple subnets and domains.

  • DHCP Server checks with the domain controller to obtain a list of authorized DHCP servers.
  • DHCP Server will see that it is authorized with AD and therefore allowed to service DHCP requests.
Routers can act as a DHCP server. If a client gets its IP address from a rogue DHCP server, you will need a protocol analyzer such as Network Monitor Version 3.4, a free download from Microsoft. The download process adds the Network Monitor Driver to each network adapter, including VPN and remote access adapters. You must install and then enable the driver before Network Monitor collects data from the network adapter. The protocol analyzer will analyze where the IP address is coming from and can then be tracked and eliminated from the network.

Simple tool to quickly get a network trace

By running this tool, you are prompted to install and start a capture. The capture is completed if the user instructs it to, or the allotted time of 2 hours has elapsed. This tool is useful for customer support scenarios.

Microsoft Network Monitor 3.1 OneClick

Example: Your network is configured as an Active Directory domain with multiple subnetworks. Each subnetwork has a least one domain controller. You are experiencing intermittent communication problems across some of the remote links.
You want to determine bandwidth use and the types of network traffic on each of the remote link and collect detailed network traffic information for analysis.
What should you do?

Use Network Monitor. Network Monitor is a protocol analyzer and lets you collect and save detailed network usage statistics, including individual packets transmitted across the network. You can use Network Monitor to determine bandwidth usage and how the bandwidth is being used to troubleshoot applications on the network.

To start Network Monitor:

Start\All Programs\Microsoft Network Monitor 3.4 (or whatever is the current version), and choose Microsoft Network Monitor.

To capture network data by using a command prompt:

NMCap: the easy way to Automate Capturing 
Regardless of the network infrastructure, you can always capture communications to and from your local computer.

All computers connected to a hub can see all other computers' communications.

If a standalone DHCP server detects an authorized DHCP server in the domain, it will shut down. A DHCP standalone server cannot coexist with an authorized DHCP server on the same subnet. When a DHCP standalone server detects the existing DHCP server, the DHCP standalone server will stop leasing IP addresses. The standalone DHCP server needs to be authorized in Active Directory.

note: Enterprise Administrators permission in all domains is required to authorize a DHCP server, except for the root domain which requires the Domain Admins group permission.

Question: Your network has a server with Windows Server 2008 R2 installed and runs the DHCP service. Your network has both desktop computers and wireless laptops that run Windows 7. You also have three wireless access points (WAP). The wireless access points are configured with these settings:
  • DHCP server is enabled
  • SSID broadcast is enabled
  • Firewall is enabled
  • The wireless security key is disabled
The desktop computers are receiving IP addresses from the DHCP server. The wireless laptops are receiving IP address from the wireless access points. A wireless laptop user wants to access a document from one of the desktop computers.

You need to make sure that the wireless laptop users and the desktop users are able to share documents in the same network and that the wireless laptop users are only able to connect to specific network SSIDs. What do you need to do to accomplish this?

Answer: First, you need to disable the DHCP server in the wireless access points. If the DHCP server is enabled in both the wireless access points and Windows Server 2008, the WAP will get its IP address from Windows Server 2008 and the WAP will provide a different range of IP addresses to the wireless clients, causing the desktop computers and the wireless clients to be on two different networks. If you disable the DHCP server on the WAP, the problem will be resolved.

Second, you should configure a GPO in Windows Server 2008 to control wireless access, so that the wireless clients connect only to the allowed SSIDs. Windows Server 2008 allows you to configure an allowed and denied list of SSIDs within the wireless range.

note: you can modify any of the information provided during the installation wizard, by using the DNS Manager console.

1. Log onto DC1 as Administrator
2. Switch to the client CL1
3. Log onto CL1 as Administrator
4. Switch back to DC1

5. Click on Server Manager: START | Administrative Tools | Server Manager
6. Right-click Roles and click Add Roles

7. The Add Roles Wizard appears. Click Next

8. Select the DHCP Server checkbox and Click Next
9. Read the information describing the DHCP Server Role and click Next

10. In the Select Network Connection Bindings dialog box, select the network adapter this DHCP server will use for servicing clients and click Next

11. In the Specify the IPV4 DNS Server Settings dialog box, in the Parent Domain box, verify the DNS domain name that will be used for name resolution.

In the Preferred DNS server IPv4 address box, type the IPv4 address of your preferred DNS server, and click Validate.

If needed, type in the IPv4 address in the Alternate DNS server IPv4 address box and Validate. Click Next.

12. In the Specify IPv4 WINS Server Settings dialog box, either select WINS is not required for applications on the network or select WINS is required for applications on this network. Click Next. In this example, we will choose WINS is not required for applications on the network.

13. In the Add or Edit DHCP Scopes, click Add and the Add Scope dialog box appears. If you want to add scopes later, click Next (see Configuring a DHCP Scope), below this section.
14. In the Add Scope dialog box, type values for the required items and in the Subnet Type box, select Wired or Wireless. Then, either Activate this scope to automatically activate the scope after DHCP installation is complete, or you can manually activate the scope later using the DHCP MMC. Click OK.
15. This returns you to the Add or Edit DHCP Scopes page. If you have multiple subnets with this DHCP server, repeat the steps to Add Scope (#13 and #14). Click Next.

16. In the Configure DHCPv6 Stateless Mode dialog box, select whether you want to configure the DHCP server for DHCPv6 stateless operation and click Next. In this example, we will choose to Disable DCPv6 stateless mode for this server. The option must match the IPv6 router configuration on the network.

17. In Authorize DHCP Server, specify credentials to be used to authorize the DHCP server in AD DS. Click Next. note: the DHCP server must be authorized in Active Directory before it can lease IP addresses. In this example, we will choose to Skip authorization of this DHCP server in AD DS.

18. On the Confirm Installation Selections page, review and click Install.
19. On the Installation Results page, review and click Close.
20. Close Server Manager

21. Open DHCP: START | Administrative Tools | DHCP
22. In the list pane on the left hand side of the DHCP dialog box, expand and highlight the domain and right-click. Click Authorize. To authorize, you need to be an Enterprise Administrator. Press F5 to refresh.

23. In the list pane, expand IPv4 and you will see the IPv4 server icon with a green up arrow meaning this server is authorized in Active Directory.

Configuring DHCP Scopes and Options

What are DHCP Scopes?

A DHCP scope is a range of IP addresses available to be leased. Remember, the DHCP server has an IP address and thus should be listed in Add Exclusions when defining the DHCP scope.

Scope Properties:

Network ID
• Subnet Mask (for IPv4 scopes only)
• Lease duration
• Network IP address range
• Scope name
• Exclusion range

What is a Superscope?

A superscope is a collection of scopes that we group together as a single unit for administrative purposes. This allows clients to receive an IP address from multiple logical subnets, even if they are on the same physical subnet.

Superscopes are good for situations where the number of IP addresses in a scope are nearing the end and more IP addresses are needed for expansion purposes.

If you have two DHCP servers on a network for redundancy purposes, superscopes would help.

If the network needs to be renumbered, a superscope is good for this.

What is a Multicast Scope?

A multicast scope gives a collection of class D addresses or multicast addresses that a multicast group will share, IP address range of – Applications can request these addresses to send data out to multiple hosts without having to send out to each host, individually. Multicast Address Allocation Protocol Scopes (MADCAP). Applications that use these addresses must support the MADCAP API.

Steps to Configuring a DHCP Scope

1. Right-click Ipv4.
2. Select New Scope and the New Scope Wizard appears.

3. Type PcRepair Office Scope into the Name: text box and demo into the Description: text box.
4. Input into the Start IP address.
5. Input into the End IP address.
6. Input 16 into the Length text box. will display.
6. Click Next.

7. In the Add Exclusions dialog box, click Next. (An exclusion is a range of IP addresses the DHCP server is not allowed to hand out. Exclusions can be active on the network. The DHCP server just will not hand it out. You should indicate exclusions for any address that must be statically configured.)

8. Specify the Lease Duration. Click Next.

9. In the Configure DHCP Options dialog box, click No, I will configure these options later, and click Next. We will configure the DHCP Options in another section.
10. Click Finish.

11. Click on Scope in the list pane. The scope appears with a red "down" arrow, and right-click. Click Activate.
12. Close the DHCP console.

Steps to Configure a Superscope

1. Right-click on the Ipv4 node.
2. Select New Scope.

3. The Welcome to the New Scope Wizard appears. Click Next.
4. Type: PcRepair Scope2 and demo2 in the Name: and Description: boxes. Click Next.

5. In the IP Address Range dialog box, type in an IP Address range of – Click Next.

6. Exclusions not needed right now. Click Next.
7. Lease Duration of 8 days is sufficient. Click Next.

8. In the Configure DHCP Options dialog box, select No, I will configure these options later. Click Next.
9. Click Finish.

Activate Scope:

10. In the list pane, you will see a red down arrow beside the scope. Select the Scope, right-click and Activate.

11. Right click Ipv4 and select New Superscope...
12. The New Superscope Wizard displays. Click Next.

13. In the Name: text box, type: PcRepairSuper. Click Next.

14. On the Select Scopes dialog box, select the Available scopes: you want by holding down the CNTL key. Click Next. Review and click Finish.

15. In the list pane, you will see the Superscope.

Switch to the Client CL1 machine.
  1. Click START | right-click Network | Properties
  2. The Network and Sharing Center window appears.
  3. Under Tasks, click Manage Network Connections.  The Network Connections dialog box appears.
  4. Right-click Local Area Connections and choose Properties.
  5. In the Local Area Connection Properties dialog box, choose Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  6. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Obtain and IP address automatically and Obtain DNS server address automatically. Click OK.
  7. Close LAC Properties.
  8. Close Network Connections.
  9. Close the Network and Sharing Center.
  10. Restart CL1 Client machine.
  11. Log onto CL1.
  12. START | All Programs | Accessories
  13. Right-click Command Prompt, and click Run as administrator.
  14. At the command prompt, type: ipconfig and press Enter.
  15. At the command prompt, type: ipconfig/release and press Enter.
  16. At the command prompt, type: ipconfig/renew and press Enter.
  17. At the command prompt, type: ipconfig/all and press Enter.
  18. Close the command prompt window.
  19. You will notice under Ethernet adapter Local Area Connection:, the Default Gateway is blank because the option has not yet been configured. We will define it in Steps to Configuring a DHCP Scope Option, below.
What are DHCP Options?

DHCP options are values for common configuration data that applies to the server, scopes, reservations, and class options. Most option codes come from the Request for Comments (RFC) documentation on the Internet Engineering Task Force (IETF) website.

Common scope options are:

DNS Servers
• DNS Name
• Default Gateway
• WINS Servers

Dynamic Host Configuration Protocol
DHCP Options and BootP Vendor Extensions

Steps to Configuring a DHCP Scope Option:

Expand the domain and then expand the IPV4 node.
  1. Expand Scope.
  2. Select Scope Options and right-click.
  3. Click Configure Options.
  4. In the Scope Options dialog box, select 003 Router. note: Normally, you will configure option 003 - Router (default gateway), 006 - DNS Servers, and option 015 - DNS suffix.

    In the IP address: box, type:, and click Add. Click OK.
  5. Switch to Client CL1.
  6. START | All Programs | Accessories
  7. Right click Command Prompt and click Run as administrator.
  8. At the command prompt, type: ipconfig /release, press Enter.
  9. At the command prompt, type: ipconfig /renew, press Enter.
  10. At the command prompt, type: ipconfig /all, press Enter.
  11. Notice the default gateway is now listed.
What are DHCP Class-Level Options?

DHCP class-level options are scope options that apply to a specific type of device.

Vendor-class: configured by vendors such as Microsoft, HP, and Sun
User-class: Set and viewed by the user with the ipconfig /set classid command

Example: Suppose you want to be able to differentiate among users across different floors in the same building and among remote users. You want to assign a shorter lease duration for some users and specific DNS settings to users on different floors. A method for accomplishing this using minimum administrative effort is to create user classes on the DHCP server.  User classes are created to differentiate specific DHCP configurations from the default DHCP configuration. When a client computer sends a request to the DHCP server for an IP address, the DHCP server checks for user class information and assigns an IP address to the client. If the client does not carry any user class information, the DHCP server assigns the default IP configuration to the client.

Assign a specific DHCP class ID for a client computer:

ipconfig /setclassid adapter_name class_id

example: if the network adapter is named Local Area Connection and has a user class ID named SalesUserClass, you would run the following command:

ipconfig /setclassid Local Area Connection SalesUserClass

DHCP Server
More About Predefined DHCP Options

What is a DHCP Reservation?

A DHCP Reservation is a specific IP address, within a scope, that is reserved permanently for lease to a specific DHCP client. Many times printers and servers will have a reserved IP address. The reservation ties the MAC address of the computer into the IP address, and is actually made on the network card. So, if you need to change the network card, you need to recreate the reservation.

Configuring reservations allows you to centralize management of fixed IP addresses. Custom DHCP options for reservations will override all other DHCP options configured at a higher level.

Why is DHCP Sizing and Availability Important?

When DHCP scopes are configured, the scope needs to include IP address for all clients. Typically, you configure 20% above the physical amount of clients.
DHCP availability is mission critical. If the leases are approaching the expiration date and the number of leases are exhausted, there could be serious problems
The recommendation is to have some type of fault tolerance by using multiple DHCP servers. On the servers, there is commonly an 80/20 rule.
 On the first DHCP server, you would have 20% of the addresses:
·         Scope range: –
·         Excluded addresses: – (the first 80% of the addresses)
On the second DHCP server, you would have 80% of the addresses:
·         Scope range: –
·         Excluded addresses: – (20% of addresses leased from server 
Order that DHCP Options are Applied
·         Server
·         Scope
·         Class
·         Reserved client

How to configure DHCP Server Options?

This example assumes you have SVR1 and the scope has already been configured.
Server Options:

·         START | Administrative Tools |DHCP
·         Expand SVR1
·         Expand Ipv4 node
·         Highlight Server Options and right-click
·         Select Configure Options
·         Insert a check mark in the 006 DNS Servers box to add a DNS server
·         In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button. This should resolve the server name to an IP address listed under IP address:
·         Click the Add button
·         For this example, insert a check mark to add a WINS server, 004 WINS/NBNS Servers. Under Server name: , enter pcrepair-dc1 and click Resolve.
·         Click the Add button
·         Insert another check mark beside 046 WINS/NBT Node Type. Scroll to the right of the node type and see the description. Note the byte value of the node type desired. Below, under Data entry, enter the node type value. For this exampe, we are using Hybrid type 0x8.
·         Click Apply.
Scope Options:
·         Highlight Scope Options and right-click
·         Select Configure Options
·         Insert a check mark in the 003 Router box to add a Router
·         In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button. This should resolve the server name to an IP address listed under IP address:
·         Click the Add button
·         Click Apply.
Option Classes:
·         Highlight Server Options and right-click
·         Select Configure Options
·         Go to the Advanced menu
·         You will see the Vendor class: and the User class:
·         In this example, we will add options to the Default User Class (one of the User Class: options available in the drop down box)
·         Now, under Available Options, we will insert a check mark beside 072 World Wide Web (WWW) Servers
·         In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button.
·         Click the Add button
·         Click Apply.
·         Highlight Reservations and right-click
·         Select New Reservation
·         In the New Reservation dialog box, enter a Reservation name: as Offsite Printer
·         Enter the IP address: of the reservation.
·         Enter the MAC address: by doing an IPCONFIG /all on the client to determine the network adapter you want to associate this IP address with.
·         Enter a Description:
·         Select one of the Supported types:
o    Both    
o    DHCP only
o    BOOTP only
·         Click Add
·         Click Close
·         When you return, you will see the reservation you just added. Right-click the added reservation.
·         Select Configure Options to add options, if desired.

Managing a DHCP Database

What is a DHCP Database?

The DHCP Database contains configuration information and uses the Jet Database engine technology. It is dynamic and contains info relating to IP scopes, IP leases, and reservations. The DHCP database is stored in the %Systemroot%\System32\Dhcp folder. The files include:

Dhcp.mdb (the DHCP database)

• Tmp.edb (used as a swap file during database index maintenance operations)

• J50.log and J50*.log (transaction log file)

• Res*.log (reserves an area of space in case we run low on the physical disc space)

• J50.chk (last committed transaction into the DHCP database from the log files)

The DHCP database is backed up periodically and the standard backup interval is 60 minutes. The Jet database does not recover disc space from expired leases, so we will have to run maintenance to recover disc space, periodically.

DHCP Database Backup and Restore

The DHCP database is backed up to a local directory on computer hard disc. However, it is a good practice to back it up onto a separate volume. If the database fails to load, the backup on the local hard drive will be restored.

Best practice is for the administrator to move a copy of the backed up DHCP database to an offline storage location. If the server hardware fails, the administrator can restore only from the offline storage location.

The DHCP backup utility backs up all scopes, reservations, leases, and all options. All registry keys and configuration settings are also backed up.

How is the DHCP Database Reconciled?

Sometimes there are inconsistencies in the DHCP database and the DHCP register. IP lease information is in the DHCP database, but a summary of lease information is held in the registry.

The DHCP Database is compared to the registry and inconsistencies are reconciled in the DHCP Database.

Moving a DHCP Database

1.       Backup the database on the old server.

2.       Put the backup onto some form of backup media.

3.       Stop the old DHCP server.

4.       Copy/restore the database over to the new DHCP server.

5.       Start the DHCP server role.

DHCP Server Configuration Options:

·         Input how often to update statistics on the General tab

·         Whether to enable DHCP audit logging on the General tab

·         Configure DNS and whether or not to enable DNS dynamic updates on the DNS tab

·         Configure Network Access Protection (NAP) settings on the Network Access Protection tab

·         Configure what would happen if a Network Policy Server (NPS) is unreachable on the Network Protection tab

·         Choose the audit log file path on the Advanced tab

·         Modify server connection bindings and DNS registration credentials on the Advanced tab

1.       START | Administrative Tools | DHCP

2.       Right-click the server and select Properties to view the Database path and Backup path.

3.       If you want to move the backup volume using the command line:

a.       Launch a command prompt

b.      Type: netsh dhcp server set databasebackupinterval 1440 (sets the backup interval to every 24 hours in minutes, as opposed to the default 60 minutes)

c.       Type: netsh dhcp server set databasebackuppath d:\dhcp\backup

4.       Right-click the DHCP server and choose Backup and select the desired directory.

5.       Click OK. The DHCP server is now backed up.

6.       Go to your backup directory and verify.

Perform DHCP Reconciliation

1.       START | Administrative Tools | DHCP

2.       Expand Scope. Select Scope and right-click.

3.       Select Reconcile and the Reconcile dialog box appears.

4.       Click the Verify button.

DHCP Statistics

DHCP stats are collected at the server level or at the scope level to determine if there is a problem with the DHCP service or with the network’s DHCP clients.

DHCP Audit Log File

The DHCP audit log is a log of service-related events. The log file can be used to track lease request, grants, or denials and to troubleshoot DHCP server issues, and is stored in the %Windir%\system32\Dhcp file. The name is based on day of the week, an example is DhcpSrvLog-Mon.log.

More About DHCP Audit and Event Logging

How to Monitor DHCP Server Performance

·      Use the built-in Server 2008 utility, Performance Monitor. Objects and counters are added automatically when a new server role is installed.

·      Check the counters and monitor server performance. Test against the baseline, very important.

·       Review the counters for significant changes in DHCP traffic. If there are high values, then check the server for bottlenecks.

What counters to check

1.       Packets received/second – sudden changes can reflect network problems

2.       Requests/second - sudden changes can reflect network problems

3.       Active queue length – sudden or gradual increases can indicate increased load or decreased server capacity

4.       Duplicates dropped/second – can indicate more than one requests is being transmitted to client indicating the clients are timing out too fast or the server is not responding quickly enough

Monitoring DHCP Server Performance

1.       Start | Administrative Tools | DHCP

2.       Expand the server

3.       Expand IPV4

4.       Right-click IPV4 and select Display Statistics

5.       Close

6.       Right-click IPV4 and select Properties

7.       Go to the Advanced tab

8.       Check the Audit log file path

9.       Open the log file contained in %Windir%\system32\Dhcp by going to My Computer to the file name and open up corresponding day. Match the ID number to the Event ID to review the statistics.

10.   Go to Start | type into the Search box: per

11.   This brings up Reliability and Performance Monitor

12.   Under Monitoring Tools, select Performance Monitor

13.   Go to the menu and click the big green + sign to add a counter

14.   Under Available counters, we will choose DHCP Server

15.   Click on the + button to the right of DHCP Server

16.   Select the counters you would like. We will select:

a.       Requests/sec and click the Add button

b.      Releases/sec and click the Add button

c.       Offers/sec and click the Add button

d.      Discovers/sec and click the Add button

17.   Select the OK button

18.   To highlight an option, select the highlight button on the menu (beside the red X)

19.   In the menu, you can look at Log data, change the graphic displayed, and get a report view, along with other selections

How to Prevent an Unauthorized User from Obtaining a Lease

·         Make sure unauthorized persons do not have physical or wireless access to the network. Unplug wiring that is not needed. Do not broadcast SSID. Use WPA encryption.

·         Enable audit logging for all DHCP servers on the network.

·         Review the audit logging on a regular basis.

·         Use 802.1X-enabled LAN switches or wireless access points to access the network.

·         Configure NAP to validate uses and security policy compliance.

Network Access Protection

Authorize the DHCP server in the domain. When a DHCP server is configured on a domain controller or member server, the server checks itself against the domain's list of authorized DHCP servers. If the computer's IP address is not on the list, the DHCP server will not complete the initialization process and will shut itself down. 

You can use the Netsh command to authorize the DHCP server.

Restrict Unauthorized, Non-Microsoft DHCP Servers from Leasing IP Addresses

DHCP authorization began with Windows Server 2000, Windows Server 2003, and most recently Windows Server 2008.

Authorization is not required on other DHCP implementations. Either decommission the server or disable the DHCP service.

·       To restrict unauthorized, non-Microsoft DHCP servers from leasing IP addresses, ensure that unauthorized persons do not have access to the network.                                                                                                                                                                 

·        Limit the DHCP Administrators group.

·        Add users that need read-only access to the DHCP Users group.

DHCP Server Authorization

DHCP Best Practices

No comments:

Post a Comment

"Comment As:" anonymous if you would rather not sign into an account!