We help IT Professionals succeed at work.






The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).

Earlier this week I started setting up an RDP Gateway on a Windows 2016 Essentials Server so a few employees could remote in.  I did this by going to “Add Roles”…., which I’ve since found out I should have done via the Dashboard.  OK.  

Anyway, this morning the office called and said nobody could access the server, and several didn’t have Internet access.  I was able to remote into the server and looking at the logs I could see there were problems with the DHCP.  We got the DHCP Server to start (removed the role and re-added it) but can’t get the DHCP Client service to start as we always end up with the error “Error 5: Access is Denied”.  

We started looking at the permissions in the registry and comparing them to another server of the same specs, and they were all screwed up.  So I started adding back things like “System”, “Network Service”, etc.  Still end up with the “access denied” error.  In the Server Manager Dashboard, there are 8 services that aren’t running.  They are:  Diagnostic Policy Service, Network Location Awareness, DHCP Client, IP Helper, Base Filtering Engine, Downloaded Maps Manager, and Windows Firewall.  Several of them give me the “access denied” error when trying to start, while others (like Network Location Awareness” won’t start because their dependency service or group failed to start.

One of the errors that I’m seeing in the logs is " The DHCP service is not servicing any DHCPv4 clients because none of the active network interfaces have …
We are currently carrying out server virtualization and consolidation project of our domain controllers. We have;
    one domain we could call security.local with 3 domain controllers for the security department, Domain functional level is currently on server 2008 and Forest functional level is on server 2003.
      4 domains we could call;
        aci.local( 2 DCs, Forest function = 2003, Domain Function = 2012R2)
                [list=2][/list]aci2.local(2 DCs, Forest function = 2003, Domain function = 2003)
                [list=3][/list]aci3.local( 2 DCs, Forest function = 2003, Domain function = 2012R2)
                [list=4][/list]aci4.local( 1 DC, Forest function = 2003, Domain function = 2012R2)
        For the Engineering department

        There are no DHCP servers in any of the domains, but all domain controllers have DNS service.

        Our requirement is to migrate and consolidate the above design using the newly set up VMWare datacenter and highlighting on security and segregation of the 2 departments, so please advice on how we should approach this. We thought about setting up a new Root domain with 2 domain controllers and creating 2 child domains for both departments and creating an active directory design that consolidates engineering domains into OUs and using the Active Directory Migration Tool to do an inter\cross forest migration of computer and user accounts.
        After upgrading our Cisco Communications Manager to 12.5.1, we have SOME phones that are unable to get an IP address from the publisher or subscriber.  Additionally, with some other models we needed to power cycle the phones.  The model most affected is the 7841, but not all of them are problematic.  We have factory reset a bunch, set static ip addresses, all to no avail.  I am interested in what could be the issue with DHCP and any steps I should take to fix it.  The phones in question are typically stuck at "verify your network settings" screen or some other network message.

        We have a case open with TAC, but I wanted to get real live end user suggestions.  Thank you for any assistance you can provide EE!
        In several of our WSE 2012 R2 networks, one or more of the workstations are laptops, which serve dual purposes.  They function as a network workstation on the Essentials domain office network.  In that environment, the laptops are set up with the standard Essentials configuration (e.g., DNS service provided by the Essentials server, which has a fixed IP address, etc.).  That works fine until the second laptop purpose is invoked.

        The management personnel that have laptop workstations also need to use them when they travel.  When used this way, they primarily connect to wireless networks.  Unlike the office Essentials domain network, when traveling, the laptops obtain everything (including DNS) from the wireless router in each location.  The first problem we encountered was that the traveling laptop could not access the Internet, although it was connected to the wireless network with strong signal strength.  Apparently the laptop was trying to reach the fixed IP address of the domain server, which of course was nowhere to be found.  Without working DNS, the laptop was unable to reach any destination on the Internet (such as google.com, msn.com, etc.).  The only way we were able to work around this was to manually change the DNS source setting from "always obtain DNS" from the server to having DNS automatically assigned by the wireless router.

        On the flip side, when the laptops returned home to the WSE domain office network, they experienced frequent problems with mapped …
        Hello IT people 😁
        I need to build a data center. from servers point of view, how to do or what is the best practice for the followings:
        1- for the DHCP I Need the setup to be HA or Cluster.
        2-for WSUS I Need the setup to be Cluster.
        3-for  SMTP I Need the setup to be HA.
        4- for MYSQL DB I Need the setup to HA with Sync.
        5-For NTP I Need the setup to be HA or Cluster.
        6-For AD please note that's required to moving FSMO, maybe TLS needed, trust configuration between Server Farm and DMZ domains if used and GPO for all Systems.

        feel free to ask any questions to help me 😅
        I work in a corporate environment. I am based in the USA, corporate IT is in Germany. They image all of our computers via Matrix42. We have received a batch of new HP Elitebook 850 G5 laptops. I have them on our network and powered on. I have accessed the BIOS via F10 and have found that the PXE boot is enabled, but Germany does not see it. When the laptop boot, normally I would see the startup screen indicating IP addresses, DHCP info, etc. With the new batch, all I see is 'Protected by HP Secure Start'. I have access to the internet, so I know I am on the network. I can run IPCONFIG /all and see all my network info.

        How do I configure this laptop for Network PXE boot?

        Thanks in advance.
        DHCP Logging Question:  I am running DHCP services on a Windows Server 2016.  I would like to know how I can capture all of the DHCP log activity for an indefinite amount of time in a format that humans can read.  Any suggestions are appreciated.
        Could someone please help me understand what needs to be done transitioning from Cisco VOIP to Avaya?  Specifically, Option 242 that needs to be configured on DHCP Voice Pool? The client claims that the phones are staying in Data Vlan (Vlan 1) and not going over to Voice Vlan (Vlan 900).

        The setup is pretty straight forward. There is one building (3 closets total) and only 2 Vlans: Data and Voice.  

        Vlan 1 Data
        Vlan 900 Voice

        The Cisco 2921 Router is configured for Voice DHCP like this:
        ip dhcp pool VOIP
         option 150 ip
         dns-server is the Call Manager IP.

        I believe there is an Avaya server (controller) onsite that will be acting as DHCP for the new Avaya phones.

        What needs to be done for the Avaya phones to obtain 10.13.x.x IP addresses and not 10.12.x.x ? I've read about Options 242 (or 176) that need to be configured but I'm not sure how to go about it. I haven't really worked with Avaya phones before.

        What about LLDP? The switches are Cisco, 2960x. Switchport are configured to access vlan 1 and Voice vlan 900.

        Any help would be appreciated!
        I have a Vlan set in one Layer3 Dell 6248 switch, this vlan purpose is to connect our PBX, I have two subnets, my Native has the scope and the vlan 7 has now if I have my facts right I created the vlan in the switch  and gave it IP with IP Helper Address that in it self should be able to route to my DHCP server where I created the scope, I think that I have everything cover so I can plug phones into the switch and they will be able to reach the subnet to get an IP from that scope but I connect the phones that are programmed to look for vlan 7 and they cannot reach, but some of my devices that are in scope are reporting to the scope, can anyone help me to understand what did I do wrong ?
        I want to document DFS within an organisation, whats best way to do this?

        I have good notes on AD, DHCP, DNS etc just looking for DFS

        Environment is 2012 r2 environment

        Found this


        Any other ways appreciated
        I'm still having issues getting my new server fully online. I created my new domain on Windows Server Essentials 2016, and migrated all the computers from the Windows Server 2012 domain onto the new domain.

        Everything seems to be working except for DNS/DHCP. I have to set a static IP as well as define an outside DNS server such as in order to get internet on my devices.

        If I power back on the old server which no devices are connected to, I can connect to the internet without settings a static IP or DNS server.

        I'm thinking there's a problem with the DNS on my new server, though I'm not sure what it is. The server is brand new, on a new domain as the primary DC. I migrated the DHCP settings from the old server and adjusted them to remove references to the old server, and set references to the new server.

        When I run dcdiag /fix I get the following output:

        Starting test: SystemLog
                 An error event occurred.  EventID: 0x0000168F
                    Time Generated: 04/04/2019   22:05:16
                    Event String:
                    The dynamic deletion of the DNS record '_kerberos._tcp.dc._msdcs.ad.domain.com. 600 IN SRV 0 100 88 SVR-HVDC1.ad.domain.com.' failed on the following DNS server:
                 An error event occurred.  EventID: 0x0000168F
                    Time Generated: 04/04/2019   22:05:16
                    Event String:
                    The dynamic deletion of the DNS record '_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ad.domain.com. 600 IN SRV 0 100 88 

        Open in new window

        a client has a Hyper V machine, server 2012 r2 standard.  this acts as their Domain Controller, recently they ran out of IP addresses and a new PC wouldn't get an IP address, so we expanded the scope from 1.1 - 1.200 to 1.1 - 1.254 so it gives them more IP's.  obviously they have servers with static IP's of .222 etc so we made sure all these would be put as reservations for those devices (i believe they were exclusions anyway).  when we did all of that the problematic PC got an IP and it was fine,  this morning the client has come in to say that the PC hasn't got an IP address again, in DHCP the lease is still valid for that machine, so i deleted it, got the PC rebooted and then it got an IP address, the same IP as it had the day before.

        can anyone shed some light on this issue and why it would do this?
        Hello fellow Experts Exchange members:

        I have a very strange situation.  This morning, one of our workstations with a static IP address set reported "IP address conflict" upon logon to Windows.

        The IP address in question was reserved in DHCP, and there are no rogue DHCP servers on the network.

        After modifying the DHCP reservation to use a different IP address, I tried to determine the device using the conflicting IP address but was unable to do so.

        The device responds to pings and somehow acquired an IP address that is valid for accessing on our network but would not have been assigned by DHCP.

        Here is one of the unusual parts: the device has an unregistered MAC address.  By that, I mean that when I enter the MAC address into online MAC address vendor query websites I get a "Not found"-or-similar message.

        I have also tried to isolate which part of the network the device could be on, and here is the second unusual part: with the servers off, a static IP address (using public DNS servers) set on one of the workstations not using the conflicting IP address, and all network devices disconnected from the network switch besides the perimeter firewall, the conflicting IP address *STILL RESPONDS TO PINGS*.

        Neither the perimeter firewall nor the managed switch nor the workstation used the conflicting IP address, and there were no other network devices of any kind including the wireless router and any wireless clients reachable.  (They were physically disconnected …
        We have a problem with our remote clients that are terminating across the cisco anyconnect VPN.  Currently we are unable to browse to the \\unc path of the said remote client, but not all machines.   The problem has been intermittent for a over a year now.  It has gotten worse since 1809 update to Win10.

        We can browse from remote client to the LAN and UNC paths.
        We can ping both ways i.e. 172 (local LAN) to the remote vpn client IP 10.255.255.*.
        DNS is registering the 10.255.255.* IP in reversse lookup.
        DNS is also registering local IPs on the forward lookup zone domain.local - this seems to be what is being resolved.

        Im thinking its DNS wrongly configured but hesitant to make changes...

        Any ideas?

        Looks like I'm back again.

        I created a new domain on my Windows Server 2016 Essentials domain controller, and transferred all my users to it. Everything seemed to be going well until I took off the static ip I had set on one of my user machines.

        This led me to check my Server Manager on my one and only domain controller, and I found the following errors.

        Error 1202: DFSR
        Additional Information:
        Error: 160 (One or more arguments are not correct.)

        Error 1202: ADWS
        This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.
         Directory instance: NTDS
         Directory instance LDAP port: 389
         Directory instance SSL port: 636

        Warning 4013: Microsoft-Windows-DNS-Server-Service
        The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial …
        Hello Team.
        I’m hoping some DNS, DHCP masters will help to understand a bit more how Secure dynamic DNS registration works and tell me if my solution is the best approach.

        Problem Description
        From time to time when users are connecting to different VLAN or VPN, The DHCP Server or the Client is not creating either a A record or PTR record


        Users would use either Windows 7 or Windows 10. We don’t have any lower OS.
        DHCP, DNS roles are installed on Domain Controllers. DHCP is running on 3 Windows Server 2012, and DNS is running on 3 Windows Servers 2012 and 1 Windows Server 2016.

        This issue seems to be since a long time as another IT departments from time to time where telling our team that DNS is not working proper. The problem is that when they were telling that their issue got already resolved, so we never got the opportunity to understand what the issue really was until recently where I finally got a incident and hands on a laptop where the Registration really wasn’t working. When I saw that I started to dig into that issue more details.
        First I checked if the problem is not with some VPN connection but quickly with Networks team we were able to prove that VPN is not the issue as two laptops where having no issues at all getting a A and PTR record.
        I started to look into the Configuration on the DHCP scopes and DNS Forward Lookup zones and discovered following:
        The DHCP Server under the DNS setting has …
        3rd party wants access to a customers DC for changing DHCP

        Just wanted to check what the best practice was for this?

        Which acccount is best suited to this purpose?
        Our DHCP server about every week has been causing us issues. It won't hand out IP addresses to clients. What happens is when I log into the DHCP server and go to task manager I see that the service: svchost.exe is running our CPU at 100%. When I kill the service and it restarts itself the issue is resolved. What is causing this issue? Or what can I look at to see where I can further research this.

        Our server is Windows 2008 R2 Standard

        When I go into the logs I don't see anything under DHCP to me that stands out.
        I have an SBS 2011 which runs exchange/DNS/DHCP/VPN but I had to remove the DHCP from it and use the routers DHCP for reasons that I cannot explain. Everything works fine but I cannot find anything online that says that VPN will work with an external DHCP.

        I've just had my first remote user complain that she cannot connect so I rerun the fix my network and setup the vpn again and she appears to be connected fine. Is there anything else I need to check/do on the server or the router to ensure proper operation of the VPN?
        Hi Experts,

        We are moving to a new Mitel Cloud service and have IP485G phones.

        I setup a VLAN on our switches along with a DHCP scope on a windows 2012r2 DC.

        We receive the correct IP, router, dns  from the VOIP VLAN but the option .156 is not populating in order to get config files and firmware updates.

        I am using the string below configServers="update.sky.shoretel.com"  

        Thank You
        I have 2 AD-Integrated DNS servers that have been running on the domain for about 5+ years. It's full of old A records and as a result, a single IP address (for example may point to 3 or 4 different computers. I see lots of records with old timestamps (2017, 2016 for example). Although I am tempted, I don't want to assume they are stale (or incorrect) and blindly start deleting A records.

        'Scavenge Stale Resource Records' is enabled. No-refresh interval is set to 7 days and the Refresh interval is also set to 7 days. I am assuming the servers are using the default security settings (I am not the one who set them up). Dynamic update is set to 'Secure only'. IPs are assigned using the Microsoft DHCP server on the same domain.

        (I am only referring to DNS records added automatically, not static records). So if a computer was decommissioned 3 years ago (for example), why is the A record still there?
        What would you recommend as the best way to clean up to non-static A records on this DNS server?

        Could someone please explain the practical difference between these two dns settings in DHCP?
        I am currently set to "Dynamically update DNS records only if requested by DHCP" but I have read that best practice is to use "Always dynamically update DNS and PTR records"

         Why should I do this? I do see many duplicate/old A records in my DNS. Will changing the setting to "always" stop these duplicate records?
        Thank you very much
        Hello folks, need another pair of eyes to check my DC Win2016 hardware specs.  Only for AD purposes box.  DC, DHCP, DNS.  It'll be sitting separately from VM environment and crunching only AD specific purposes.  

        HPE ProLiant DL360 Gen10 Performance - rack-mountable -Xeon Silver 4110 2. - x1
        Intel Xeon Silver 4110 / 2.1 GHz processor- x1
        HPE SmartMemory - DDR4 - 16 GB - DIMM 288-pin -registered - x1
        HPE Read Intensive - solid state drive - 480 GB - SATA 6Gb/s - x2
        HPE Foundation Care 24x7 Service - extended service agreement - 3 years - o - x1
        Hardware Option(s) Install into a Server (CDW ConfigurationServices) - x1
        Switchport in an err-disable state due to MAC Adress conflict.

        Have cleared the DHCP bindings which cleared the err-disable error, but now have no connectivity.

        I have two questions regarding our DHCP server.

        We have a DC running DHCP  on a server that we will shut down (SERVER 1), and therefore we need to move the DHCP service to another server (SERVER 2), can I just deactivate it on the first server (SERVER 1), and then active it on the other server (SERVER 2)?
        Even if I can I have a problem because our active DHCP is configured on all our routers at out ISP who connect our offices as DHCP relay with IP-address x.x.x.x, and therefore I come to my second question, can I after shutting down the old DC (SERVER 1), configure the new DC (SERVER 2) with that old IP address that (SERVER1) had, will that work?






        The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).

        Top Experts In