The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello - I have a Security Device Scope set on my DHCP server. /20

What I want to do is assign another scope within my Security Device Scope for 10 Camera, 10 Card Readers and 2 Media Servers. How would I break that scope up into other scopes for the following devices, however using the Security Device Scope?


On Demand Webinar: Networking for the Cloud Era
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

I have a task assigned to event id 1020 (windows 2008 r2) to send an email when a dhcp scope hits 80% usage.  It had been working fine before when usage was high, but now it is showing that a particular scope is over 80% used when it isn't.  When I look at the scope statistics, it shows there are 41 (82%) addresses in use with only 9 available.  However, when I refresh the lease list, there are only 17 addresses being used, not 41.  How is this possible?
Hey guys. I need some help for... a friend. (It's a Monday. Please don't ask)

2 Domain controllers running Server 2012 Datacenter
Veeam BR 9 on Server 2012 Datacenter

Leadup to issue
DHCP scope was acting funny... a few tinkerings later and the entire service was hosed. A restore of that DC on Veeam and now the entire sync between both DCs was not working, even after attempts to get them synced (dcdiag, repadmin, etc.).

A restore of both DCs to the same backup time should work, right? NO. Veeam restores DCs into non-authoritative mode...

Current situation:
DC1 is restored from Friday night's backup but shut down for now. Attempts to log in with DSRM password failed. (Just great, right?)

DC2 is running and serving DNS, AD, etc. but it fails dcdiag tests:
-time server advertising
-Replication attempts (obv.)
- etc (too many to list)

Before my uhhh... friend breaks anything else, just throw me in the right direction. He's a little out of sorts and just needs to be reminded what to do at this point.
I would tell him to do a non-authoritative restore of DC1 and let DC2 be "the boss", but both servers were restored from Veeam in non-authoritative mode and the DSRM password isn't working. Attempts on DC2 to change the password failed. Yaaay!
Hello -

I presently have a CIsco ASA 5505 (running ASA version 8.2(1) ) sitting behind my Comcast Business gateway. I have a static public IP through Comcast. The Comcast gateway is in pass-through mode (i.e. its LAN DHCP, WiFi, and MoCa are turned off).

I have configured my Cisco with the necessary VLANs and interfaces such that I have an inside network of 10.0.10.xxx and a DMZ of 192.168.10.xxx.

I am fairly certain that I have the correct NAT and ACL settings done.

From the ASA, I can successfully ping my Comcast static IP and the Comcast gateway address - but nothing else. And, of course, any client devices connected to either the ASA's inside interfaces or DMZ cannot access the Internet.

FWIW, I have also checked with Comcast to make sure there are no compatibility issues with their device and Cisco ASAs (because I'm only getting an orange LED on the Comcast gateway's Ethernet port - no green link light). The ASA is set to auto duplex and speed.

If I configure a laptop with the static IP and plug it directly into the Comcast gateway, it works fine.

I have attached a text file with my ASA configuration.

Can anyone suggest a possible fix?

Thanks much.
Dear All,

We have internet and intranet are separate on physical layer due to company security policy. We are using DHCP for ip release on both intranet and internet. At times user use the intranet computer on the internet by unplug the intranet cable and plug the internet which we do not want. To avoid this we have configured the static ip on the intranet computers and minimize the privileges to change the IP. Through this the user can not use the internet on the intranet computer due to non release of ip address.

My question is is there any way through firewall or Windows Active directory through which our intranet user cannot connect to internet on the intranet computer using dhcp. In other word , can we limit the user not to connect to internet.
I am setting up my hardware firewall to issue DHCP IPs and associated DNS servers ( instead of having my Windows 2012 R2 server do DHCP

 1. What method do you recommend I use when decativating DHCP on my Windows 2012 R2 server ?
         a. stop the DHCP service OR
         b. uninstall the DHCP role OR
         c. click "Deactivate" via the DHCP console like https://technet.microsoft.com/en-us/library/dd183590(v=ws.10).aspx talks about

 2. Do I need to do a release/renew on all non-static devices (i.e. a few switches, a few PCs, etc) after doing this so my firewall does not issue IPs that were already issued via the Windows 2012 R2 and have leases that are not expired yet ?

 3. Anything else I need to know ?
Need another pair of eyes to check my DC specs.  Mostly for AD purposes box.  DC, DHCP, DNS.  Maybe Print server as additional.  I will dial another DC on VM.  

Win2016 DC
FT-E5-2603V4, Intel Xeon E5-2603V4 1.7GHz 1U
* (1) Intel Xeon Processor E5-2603V4 Haswell (6 Cores)
* (1) Supermicro Motherboard X10SRW-F
* On Board Dual 1GB NIC Ports
* On Board VGA
* On Board IPMI 2.0
* 16GB DDR4 2400 RAM ECC/REG Installed, Lifetime
* (1) Riser Card w/ 2x PCIe x16 GEN 3.0 FHFL
* (1) Riser Card w/ 1x PCIe x8 GEN 3.0 LPHL
* (1) LSI 9271-4i RAID Controller
* (2) 1TB Enterprise SATA 7200RPM 3.5" HDD
* (4) Hard drive Bays for 3.5" or 2.5" as an option
* (2) PCI-e 16X GEN 3 Slots available
* (2) 500W Hotswap redundant PSU
* (1) Microsoft Windows Server 2016 Standard Operating System
64-bit English (16 Core), OEM
* 3 Years Full Warranty w/ advance ship replacement
Hello Experts!

I have a 2008 R2 domain running with 2 domain controllers, a virtual 2012 R2 instance (named DC1) and a physical 2008 R2 server (named FS1).  DC1 is also part of a DHCP server team.

Lately, I've seen a number of my workstations (most Win7 Pro) begin to exhibit long delays during the logon process, in addition to long delays in response from our ERP system clients.  Looking in the event logs showed NETLOGON Event ID 5719 (no logon servers available to service the request) and Group Policy processing failures with Event ID 1055 (Name Resolution failed or there is an Active Directory Replication issue).  The computers eventually become responsive, although users report numerous hang conditions during the day.

Troubleshooting the two domain controllers led me to notice that the DNS BPA was failing on both DCs with the following error:

'This domain controller must register a DNS SRV resource record, which is required for replication to function correctly.'

To try to better understand what is happening, I ran DCDIAG /test:DNS on each DC, and both returned the same errors:

 TEST: Records registration (RReg)
                  Network Adapter [00000010] vmxnet3 Ethernet Adapter:
                     Missing SRV record at DNS server

                     Missing SRV record at DNS server…
I am using an older Cisco ISA500 router, and a SF200-48 Smart Switch and an SG110-24 dumb switch.

I have GE3 on the ISA router configured as (VLAN ID 3, PCI network) which is uplinked to the SG110-24.
I have GE6 on the ISA router configured as (VLAN ID 1, non PCI network) which is uplinked to the SF200-48.

The scenario is that this is a grocery store, and all of their POS equipment is plugged into the SG110-24 24 port dumb switch uplinked GE3 on the router which is configured for VLAN ID 3 for PCI compliance.
We have two UniFi APs that are plugged into ports 24 and 48 on the SF200-48. I have ports 24 and 48 on this switch untagged for VLAN ID 1 and tagged for VLAN 3.

I have two SSID's configured on these UniFi AP's.. one for the store network that issues out DHCP addresses from the default VLAN 1 network which works fine, and one for the PCI network that should issue out DHCP addresses on the subnet, however,I am not receiving an IP address via DHCP when connecting to my SSID tagged to VLAN 3 on my access points.
Can someone tell me where I'm going wrong? I don't really have any experience implementing VLANs.
If I plug directly into the SF110-24, I am getting an IP via DHCP on the subnet so DHCP is working for that VLAN.
Hi Guys,

I am playing around in my lab making sure I can do what I need to do for a job I have coming up. I have a 3750 and a 1941 to play with and a bunch of ip phones. The practice was supposed to ensure I can configure the switch to assign correct VLAN to cisco phones and ensure that the data port on the back of the phone is assigned to the correct VLAN also. However that aside, I have found since configuring the data vlans and assigning my wifi access point to the vlan that the internet is flakey. I mean it works however some sites just don't, when I do a speedtest.net check, it takes forever to execute the ping test however then does the transfer which is fine. I have another Wi-Fi access point that is not vlanned or going through the 1941 however using the same internet gateway and it works flawlessly.

I have configured two VLANS on the switch, I have one switch port configured for trunking passing the two vlans through to the 1942 for gateway and also DHCP.

My 3750 config:

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname my01suj01sw01
enable secret 5
enable password
username root privilege 15 secret 5
aaa new-model
aaa session-id common
switch 2 provision ws-c3750-24p
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip domain-name rancho-relaxo.com
ip ssh time-out 60
ip ssh authentication-retries 5
What is SQL Server and how does it work?
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

my Cisco router 881 does not provide ip address to ports thru vlan after configuring the DHCP pool
when i made the configuration at first time it was working after erase it stopped. if ip assigned manually to pc  it works.
I'm attempting to set up a Pfsense router on an old notebook with one NIC.
I've configured 2 VLANs on the notebook, VLAN100(WAN) and VLAN200(LAN).
On the Dell switch I want the Cable Modem to go in port 1 and the Pfsense notebook to go in port 2. I've reserver port 24 for managing the switch. Ports 3-23 are for LAN traffic.
On the switch I've set VLAN100 on ports 1 and 2, both Tagged.
VLAN200 ports 1 and 2 Tagged, ports 3-23 Untagged.
VLAN1 port 24 untagged.
PVID for ports 1 and 2 is 100, ports 3-23 is 200, and port 24 is 1.
With a notebook plugged into any port 3-23 I can access Pfsense GUI Management.
The problem is that I cannot get an IP from the Modem from DHCP on VLAN100.
I've rebooted the Modem multiple times, but still do not get an IP address from the Modem.
I'm pretty sure the problem is in my configuration on the switch.
What should I change?
I have a server 2012 R2 and have RDS installed. Its a single server that has all the roles, DC, DHCP, DNS, File, RDS,  i installed a 90day cert from comodo . If i go to a windows 7 machine and go to https://rds.domain.com/RDWeb and login when i run an app i get this error
"Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable" Try Reconnecting later or contact experts-exchange for assistance. "

If i do this from the server itself the apps open fine.

We have a setup with users that change out 3 times a day. Each meeting is about ~150 users of so. The problem that we run into is that we only have a Centurylink c2100 modem and it is not always handing out DHCP addresses even after a reboot. It has the latest firmware. We have even upgraded to this modem as it also does 5ghz wireless. Is there an enterprise device to fix this situation?

DHCP scope time is 4 hours currently

Current setup -
C2100z Zyxel

Planned on doing -
C2100z -> Fortinet 60e -> Ubiquiti AC PRO
Static IP on WAN for Fortinet, Fortinet serves as DHCP server for hosts, Ubiquiti does wireless

Hoping to do -
Reliable DSL Enterprise Router -> Ubiquiti AC PRO

I know that if this were cable or fiber there are many choices, but with DSL I have not found a stable solution yet.

Thank you for looking at this
I have taken over a network that someone else setup.  I have VMWare with 3 Windows 2008 servers running on one box.  My local network has IP addresses in the range of through  My domain controller is also my DHCP server.  For some reason the person who preceeded me assigned the following network addresses to the servers,, and  I can access the VMWare client through or  Would I cause any problem if I were to change the IP address for the server from to  I have had a couple times when I have had problems with the server and could not access the VMWare client through so it would be more convenient if the server had a different address.
We have a standard office network with Windows 2012 DHCP/DNS and Windows 7 laptops that use Ethernet-connected docks and office WiFi--so two IP addresses (same subnet).  Users dock and undock multiple times per day depending on meetings, collaboration, etc.  

We also have dedicated desktop computers in our conference rooms, from which users often RDP to their laptop for presentations and projecting their documents.  It's common practice for users to undock their laptops, carry them to a conference room, then use the conference room computer to RDP to their now-wireless laptop.

Because each laptop creates two DNS entries for itself, one for WiFi and one for Ethernet, DNS name resolution has a 50/50 chance on getting the wrong IP to connect to the laptop.  When this happens, the user is stuck with no steps or ability to continue without immediate support assistance.

(On top of this, it’s not uncommon for me to check DNS in these situations and find only one entry for a given laptop—and naturally it’s for the network connection that’s not connected at that moment.  When this occurs, I confirm the reserved DHCP leases, then register DNS on the laptop, and confirm that the DNS entries have updated.  But this still doesn't address the 50/50 chance of getting the disconnected IP for the laptop.)

Is there a clean solution for this?   Hardly believing this is an uncommon issue, and can't help thinking I'm missing a simple solution.

Humble thanks in advance for any …
Hi All,

I want to configure test lab using VMware tool without internet configure ad, dhcp, pxeboot server in windows server 2012  from the scratch step by step .
i've actibe on win 2012 r2 (3 DCs) and installed dns on it, and dhcp on other win2008 r2 server when i run nslookup command to get the hostname of pc ip i got an error like that:
 primary name server = localhost
        responsible mail addr = nobody.invalid
        serial  = 1
        refresh = 600 (10 mins)
        retry   = 1200 (20 mins)
        expire  = 604800 (7 days)
        default TTL = 10800 (3 hours)
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available

so what's the missing configuration that can fix it?
I will be building a new 2012 R2 domain controller and joining it to the current domain which has a 2003 domain controller. The new server will have a new subnet of say with VLAN 10. The existing subnet is no VLANs.

- What is the best method to join this DC to the domain and ensure they are able to replicate correctly
- I will need to make the 2012 R2 server the primary DC and demote the 2003 DC once replicated
- I will need to update how DHCP will work with multiple subnets and ensure that the existing and new can run side-by-side until i stop the existing subnet and allow the new subnet to be pushed out to workstations

Someone mentioned that i need to do some configuration on sites and services to get it to work correctly?

Free Tool: SSL Checker
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have a Shoretel MPLS network and a Windows data network. For the past year these networks have been physically separate and distinct but on the same racks. The problem is there is a large user community with many of them not technically savvy. Under each desk are live jacks for their workstations and their phones. Sometime over this past weekend a cross-connect occurred on the production floors of the building.

As a result, I have had twelve workstation that I know of dump static IP addresses and pull a DHCP lease instead (first oddity since none of them have power saving enabled on the NICs). I attempted to reset the winsock stack but no change in behavior. All workstations are protected with layered A/V and malware protection. Second problem is now the data network is offering phone network DHCP. Obviously someone has plugged in a rogue switch or messed with under desk cabling. It could be as easy as looping a connection between jacks.

All my workstations are identical build windows 7 Pro systems. All of these systems have been assigned static IP addresses, some for over a year. Why would a workstation that has worked perfectly on a static IP suddenly drop it and try for DHCP? And it's not just one or two - it every workstation I've been called about so the behavior is distributed.
So currently a site has no VLANs configured and is on subnet. We are changing this so they have several subnets for servers, workstations, wifi, printers, so for instance, etc etc.
Also moving the DHCP server 2003 R2 to a new server 2012 R2 server before upgrading to server 2016.

What is the best practice you would say at setting the new subnet up on the new DHCP server?
Do i just create a superscope with the different subnets and leave the old subnet off it completely? OR import the current DHCP config into the new server, then create a new scope with the new vlans, disable the old scope and test internet access?

We have two locations not connected.  I split two DHCP servers.  Shut down the DHCP server service on the 1st server.  Withing 5 minutes the 2nd server had address leases.   One server is 2008 R2 the other is 2012 R2

At the second location I did the exact same thing.  The 1st server has had DHCP Server turned off all night.  The 2nd server does not have any leases.   Both servers are 2008 R2.
I've logged on to a few of the computers that have the shutdown DHCP server as their server.  They show active leases that expire in a few days.

Why are the two locations not performing the same?
I have a multi host cluster using a Distributed Switch on esx. I have 50 ports and 29 available. Currently there are at least 6 vm's running server 2012 with static LAN addresses and have WAN connectivity.  I just created 6 more vm's and assigned static addreses but cannot get WAN. I have verified subnet/gateway etc. I am able to ping the domain controllers and gateway when there is a static assignment. When set with a DHCP address, the servers have WAN. I have tried to remove the virtual NIC, reset tcp/ip stack. I cannot figure why i get no connection on a static address but do on DHCP. I have even tried to enter the DHCP settings manually, exactly the same. Any ideas?
I'm testing our AD environment.  We have 3 DC's all are DNS servers.  2 of them are DHCP servers.  Both DHCP servers have all 3 DNS servers listed in the DNS server settings of the DHCP scope.  The server that I'm shutting down is listed first in the settings.

When I shut down one of the DNS/DHCP servers and then reboot a workstation, the workstation doesn't get a new logon server
After migrating over to 2012 r2 Essentials from a 2003 server I am unable to demote the 2003 server.  It comes back as being the only global catalog server even though the 2012 r2 box is showing global catalog checked.  Run checks on FSMO and all roles are owned by the new server.  On the new server I can see and modify AD, but the WDS Server is failing to start.  I believe this is also causing the AD management center to not respond correctly as it cannot find a domain.  I currently have both servers running as when the 2003 is rebooted or disconnected the 2012 r2 is not handling any of the AD functions.  DNS appears fine, DHCP is running on a different box, file shares are on a NAS with AD connectivity and is working.


The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).