KDL_IT
asked on
DHCP not working
I am moving my AD from Server 2003 to Server 2008 R2. I have the two new 2008 servers up, DCpromo so they are DCs and DNS servers. I now have 4 DCs with the 5 FSMO services moved over to one of the new servers with DHCP on one of the 2003 servers.
I attempted to move the DHCP from the 2003 server to the 2008 server. I installed the DHCP role on the new 2008 server but did not configure it. Deleted the DHCP database off the new server. I exported the DHCP database using the export, all switch in the netsh command. Stopped and disabled the DHCPserver service on the 2003 server and imported the database into the new server. Restarted the DHCPserver service.
Everything looked good. I only had a ndsregister warning which I resolved. The DHCP logged was renewing IP addresses (IPV4), no error message and my virtual desktops were picking up IP addresses. I went home feeling good.
The next morning I receive a call that devices were not picking up IP address. I had the tech stop the DHCPserver services on the 2008 server and restart the DHCPserver service on the previous 2003 server. Everything good except a few IP address conflicts which I expected since the database on the old 2003 server had not been updated for 18 hours.
The one thing I can think of missing is the authorize DHCP server. I did not know to unauthorized the 2003 server. When the tech moved DHCP back to the old 2003 server, he noticed that the new 2008 server and the old 2003 server both were authorized and removed the new 2008 server from the list.
I cannot find any error or warnings in the logs. The DHCP logs on the 2008 server showed renewals etc up to the time the service was stopped with on errors. The old 2003 DHCP logs show renewal etc from the time the old DHCP service was restarted, no errors. The one interesting thing is, there was no problems with devices on the same side of the router as the DHCP server. All the DHCP issues were at locations on the other side of the router but not all. I was showing some devices on the 2008 logs before the service was stopped.
The only thing I can think of is that the old server was still a registered DHCP. The device was asking for an IP address, saw the old 2003 server was registered to be a DHCP server and when it could not it, failed. I do not know how the device queries for an address. Does this make since? I would like to have a better feeling about this before I attempt this again.
Thanks for any ideas.
Larry K. Meyer
Network System Specialist
Kent District Library
I attempted to move the DHCP from the 2003 server to the 2008 server. I installed the DHCP role on the new 2008 server but did not configure it. Deleted the DHCP database off the new server. I exported the DHCP database using the export, all switch in the netsh command. Stopped and disabled the DHCPserver service on the 2003 server and imported the database into the new server. Restarted the DHCPserver service.
Everything looked good. I only had a ndsregister warning which I resolved. The DHCP logged was renewing IP addresses (IPV4), no error message and my virtual desktops were picking up IP addresses. I went home feeling good.
The next morning I receive a call that devices were not picking up IP address. I had the tech stop the DHCPserver services on the 2008 server and restart the DHCPserver service on the previous 2003 server. Everything good except a few IP address conflicts which I expected since the database on the old 2003 server had not been updated for 18 hours.
The one thing I can think of missing is the authorize DHCP server. I did not know to unauthorized the 2003 server. When the tech moved DHCP back to the old 2003 server, he noticed that the new 2008 server and the old 2003 server both were authorized and removed the new 2008 server from the list.
I cannot find any error or warnings in the logs. The DHCP logs on the 2008 server showed renewals etc up to the time the service was stopped with on errors. The old 2003 DHCP logs show renewal etc from the time the old DHCP service was restarted, no errors. The one interesting thing is, there was no problems with devices on the same side of the router as the DHCP server. All the DHCP issues were at locations on the other side of the router but not all. I was showing some devices on the 2008 logs before the service was stopped.
The only thing I can think of is that the old server was still a registered DHCP. The device was asking for an IP address, saw the old 2003 server was registered to be a DHCP server and when it could not it, failed. I do not know how the device queries for an address. Does this make since? I would like to have a better feeling about this before I attempt this again.
Thanks for any ideas.
Larry K. Meyer
Network System Specialist
Kent District Library
ASKER
I did stop the DHCPserver service on the 2003 server and was disabled in the event the server was restarted. The restart of the DHCP was on the new 2008 server. I do understand that I should of unauthorized the 2003 server but did not know that at the time. The question is, would this be the reason for devices not picking up the IP address off the new 2008 server that is running DHCP and was authorized or do I need to be looking for another reason before I attempt this again?
Let's hope someone more knowledgeable than I answers your last question.
As I understand DHCP, if the service was stopped on the 2003 box when clients tried to connect, it would have had no impact. That is, the 2008 DHCP should have properly serviced the requests.
Is it clear that there were enough available IP addresses for the clients?
As I understand DHCP, if the service was stopped on the 2003 box when clients tried to connect, it would have had no impact. That is, the 2008 DHCP should have properly serviced the requests.
Is it clear that there were enough available IP addresses for the clients?
ASKER
Yes. We had that issue in the past. In the past 2 or 3 months, the scope was expanded and we increased the IP address. By how many, I not sure but told we need not need to worry about that anymore. I was not involved in that project. Also once we reverted back, we did not have any issues. The logs also do not show any indication of any type of rejection.
Thanks for the input.
Thanks for the input.
There is nothing preventing you from running dhcp on two servers provided they are issuing different IPs.
Devices not picking up may have been a result that they were sending their requests to the old server.
The same thought that one keep at least two DCs can be followed with having two DHCP server same scope with different block of IPs excluded from allocation.
Was the device in question a reserved static IP?
What are the lease times?
Devices not picking up may have been a result that they were sending their requests to the old server.
The same thought that one keep at least two DCs can be followed with having two DHCP server same scope with different block of IPs excluded from allocation.
Was the device in question a reserved static IP?
What are the lease times?
ASKER
There were several devices not able to pick up an address and none of these had reserved or static IPs. Lease time is low, exactly I do not remember but was purposely set low because of the nature of using non-persistence VDI desktops. I understand we can have two dhcp servers but because we are a relatively small organization and choose to keep it simple, there is no need for the second one. If we loss the DHCP server, we would simply install another one on the other DC and import the backup copy of the dhcp database. The only thing I can think of is the fact I forgot about unauthoring the 2003 dhcp server after I stopped the 2003 dhcpserver service. Logs are showing me that the new 2008 was issuing and renewing IP even to locations on the other side of the router. The problem came up in the morning when the branch libraries started to open and the number of request increased. All devices on the same side of the router were renewing IPs on the new server, some on the other side of the router was renewing IPs on the new server, many on the other side fot the router were not renewing IPs. The question is, Is is probable because the shut down 2003 dhcp server was still an authorize dhcp server, that the devices were attempting to communicate with the 2003 server instead of the 2008 dhcp server or is there something else I missed. I will be attempting this again on Tuesday night but am trying to avoid the issue we had last time.
The existance of multiple DHCP server in the authorized list, will not cause any issues when the DHCP server is inactive.
DHCP packets are broadcast by the devices. A response from a DHCP server directs the client to transmit the request to the IP of the DHCP server.
Do you have multiple segments/super scopes?
You may have forgotten to update the DHCP relay agent on the other side to direct the requests to the new DHCP server (2008) since it is likely configured to send the requests to the old win2k3 system.
Having two DHCP servers running that share the reserved list while having a 70%/30% distribution of the allocatable IPs using exclusion.
i.e. 192.168.0.2-192.168.0.254 as the scope
There are configuration properties for the DHCP server that you can use to delay ones response
On both
exclude 0.2-0.31 for server static segment
on serverA
exclude 0.164-0.254 (Allocatable by ServerB)
on ServerB
exclude 0.32-0.163 (Allocatable by serverA)
This way when a client broadcasts to locate a DHCP server, it will get a response from the primary if delay setting is added to the other. In the absence of the response from the primary, the secondary will respond after the delay has passed.
With 2008 there are other options including clustering all links included in the article below
http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/b9f25149-f51e-441b-83b3-b68762c776c2
DHCP packets are broadcast by the devices. A response from a DHCP server directs the client to transmit the request to the IP of the DHCP server.
Do you have multiple segments/super scopes?
You may have forgotten to update the DHCP relay agent on the other side to direct the requests to the new DHCP server (2008) since it is likely configured to send the requests to the old win2k3 system.
Having two DHCP servers running that share the reserved list while having a 70%/30% distribution of the allocatable IPs using exclusion.
i.e. 192.168.0.2-192.168.0.254 as the scope
There are configuration properties for the DHCP server that you can use to delay ones response
On both
exclude 0.2-0.31 for server static segment
on serverA
exclude 0.164-0.254 (Allocatable by ServerB)
on ServerB
exclude 0.32-0.163 (Allocatable by serverA)
This way when a client broadcasts to locate a DHCP server, it will get a response from the primary if delay setting is added to the other. In the absence of the response from the primary, the secondary will respond after the delay has passed.
With 2008 there are other options including clustering all links included in the article below
http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/b9f25149-f51e-441b-83b3-b68762c776c2
ASKER
Thank you for your response. After the last post, I starting looking at the routers at the other end. I found an entry "ip helper-address 192.168.8.40" This is the address of the 2003 DHCP server. I am thinking this is my issue and will be working with my router colleage for more information. It will be a couple days before I will be able to test this. Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. I will be converting tonight. My router guy also found an accept list because we use vLans to separate for the staff and public so he added the new DHCP to this list. Hopefully this will do it. Your statement about the existence of the server in the authoriation list not causing a problem prompted me to dig into the router side. Thanks.
Next time, unauthorize it from the DHCP admin program on the 2003 server. Just right-click on the server and you should see the option.