• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

Share single DHCP database

What is the best way to share a single DHCP datebase between to DHCP servers.  One is running, the other will be on standy.  Should i store it on a 3rd location and simply point both to that location?
0
Mark Walden
Asked:
Mark Walden
  • 9
  • 7
1 Solution
 
PberSolutions ArchitectCommented:
The database is designed not to be shared.  You could point it to a third server, but if the 3rd server goes down, your DHCP is down.  So you've only gained complexity and not really any more reliablility.  The best way to do this is to leave the local databases and use the 80/20 rules and have one DHCP server server up 80% of the subnet in each scope and the other servering the other 20% of the addresses.  

See this:
http://technet2.microsoft.com/WindowsServer/en/library/75cd0e1f-f464-40ea-ac88-2060e6769f331033.mspx?mfr=true

If you have clustering you could do this with shared disk.
0
 
PberSolutions ArchitectCommented:
Here's the 80/20 rule info, it refers to 2000, but still valid for 2003:

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncb_dhc_ogjw.mspx?mfr=true
0
 
Mark WaldenInformation Security EngineerAuthor Commented:
Our network is too large to use a 80/20 setup.  Plus, my bosses dont want to split it up.  I have about 433 Scopes, 9000 or so clients.  Some scopes are near capacity.  I will have the database backed up somewhere else.  But with the network so reliant on DHCP, i can afford zero downtime.  Cluster will be in place, but i need to know how to share the database (Special accounts if needed, how to point to database, permissions to what).  I agree with you on the complexity, but this is what i need.  Thanks for the help.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
PberSolutions ArchitectCommented:
You mentioned cluster will be in place?  Are you planning on putting this on a Windows Cluster?  Because if this is what you are trying to do, this is easy.  We do this with our DHCP and it's about the same size as yours.

Do you need a hand configuring that?
0
 
Mark WaldenInformation Security EngineerAuthor Commented:
Yes, windows clustering will be in place.  I just want to get the database issue resolved first.  I know there are some permissions and reg keys that need changed, but im not sure as to which ones.
0
 
PberSolutions ArchitectCommented:
Well if you are using Windows Clustering, you put the the DHCP on the shared disk that belongs to the DHCP Resource Group.  Then in the DHCP service parameters in the cluster administrator, you point the database path to your shared disk in the DHCP resource group.

If you are migrating to a cluster from a standalone, during cut over time, turn off the old dhcp service, copy the database to the cluster shared disk.  Then point the DHCP service parameters to the folder that contains the dhcp on the shared disk.  You can also keep the same IP address as your old server (this way you don't have to update every single IP helper on your routers).  Turn on the service and it should pick up the database seamlessly



0
 
Mark WaldenInformation Security EngineerAuthor Commented:
But, can i do this without cluster inplace.  I can not config clustering yet.  Just want to see if i can get the database working with the 2 machines.  You have been a great help so far.  The points are yours.
0
 
PberSolutions ArchitectCommented:
I haven't done this, but To do what you want to do, you'll probably need to configure the DHCP service to run under a domain account as opposed to the local system account.

So stop the dhcp service, create a domain service account for dhcp to run under.
You'll need to add that account to the local admins of both servers hosting the dhcp service.  You'll need to create a share on the 3rd server (\\server\dhcpshare) with modify rights on the share and ntfs for the domain service account mentioned above (You might need to set this to Full Control, but try Modify first).  You may also have to add this service account to the local DHCP administrators on each of the DHCP servers (You need to add DHCP admin users to each DHCP Administrators group on each server - this has to also be done this way with a server cluster).  
In the DHCP manager on each dhcp, right click the server and click parameters and select the advanced TAB.  Point the Audit/Database/Backup paths to the UNC path of the 3rd server (\\server\dhcpshare).

One problem that will probably come up is IP addresses of the DHCP server.  You'll need to change the ip address of the dhcp server each time you fail over to match the ip helper address you have defined, or add multiple ip helper addresses on your routers to match your 2 servers (same as the 80/20 rule config).

You should be able to fire up the service one at a time on either server.  






0
 
Mark WaldenInformation Security EngineerAuthor Commented:
Sounds about right.  Thanks for the help.  Im sure i will post more on this issue in the future.
0
 
PberSolutions ArchitectCommented:
Not a problem
0
 
Mark WaldenInformation Security EngineerAuthor Commented:
still not working.  If i start the DHCP service with a network account, i can not access the DHCP console.  It says im not auth (but i am).  If i start the service with my network account, i still cant get in to dhcp.  Ideas?
0
 
PberSolutions ArchitectCommented:
Are you in the local Admin of both servers as well as in the local DHCP Administrators Group?
0
 
Mark WaldenInformation Security EngineerAuthor Commented:
Yes, im in both.
0
 
PberSolutions ArchitectCommented:
What are the permissions on the share\NTFS?  Try bumping that up to Full Control.

What happens if you move the database back to the local server?  
I know we're going backwards, but it will narrow things down a bit.  This setup might not work as the DHCP might be internally coded to only use the SYSTEM account.  With a cluster the shared disk is considered local and the SYSTEM can access it fine
0
 
Mark WaldenInformation Security EngineerAuthor Commented:
Yea, i think ill have to find a SAN.  I believe we have one thats not used.  Ill post a new question (with points) if i need help on the config.  Thanks for all you help.
0
 
PberSolutions ArchitectCommented:
Fair enough.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 9
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now