Você está na página 1de 10

About Tina

More

Follow Tina

Tina FAVS

CALL TINA AT PCREPAIRNORTHSHORE

Next Blog
Contact

Home

Create Blog Sign In


General Insurance (Property & Casualty)

TUESDAY, NOVEMBER 15, 2011

Configuring and Troubleshooting DHCP


Overview of the DHCP Server Role
One of the major problems in networks when the move was made to the TCP/IP protocol, was
getting the IP address input onto each machine.
Serving the North Shore of
Long Island 516-313-1077

Search

The solution is DHCP (Dynamic Host Configuration Protocol). The DHCP server maintains a pool
of IP addresses and DHCP leases out an IP address for a period of time to DHCP-enabled host
machines on the network. DHCP provides the IP address along with the subnet mask and default
gateway (router). The IP addresses are returned to the pool to be reallocated, when they are
no longer in use. DHCP waits for the client to request an IP address using network
Broadcasts.

SHARE

Computer Repair
0

MOST POPULAR POSTS

Configure and
Manage
Distributed
File System
(DFS)
Internet
Explorer
encountered a
problem and
needs to close
Tips on How to
Configure DNS
Zones

What are the benefits of using DHCP?


DHCP simplifies network administration by using automatic TCP/IP configuration. Manual TCP/IP configuration
increases errors exponentially. Not only that, communication errors can cause network problems. The
assignment of an IP address to more than one computer, simultaneously, can cause address conflicts. Another
problem happens when a computer moves. The administrative effort becomes a real headache. Many companies
have thousands of network devices that need IP addresses and it is impossible to enter the data manually.
What are the new DHCP features of Windows Server 2008?
Support for DHCPv6 stateful and stateless configuration to allocate IPv6 addresses. Stateful
configuration is when the DHCPv6 server assigns the IPv6 address to the client, along with
additional DHCP data. Stateless configuration is when the IPv6 address is assigned automatically by
the router, and the DHCPV6 server assigns the other configuration settings.
Support for NAP (Network Access Protection). Used with DHCP to help isolate potential malware
infected machines from the network. NAP helps to ensure clients comply with corporate policy of
having up to date antivirus before they are allowed access to the Internet.
Ability to install DHCP on the Server Core to be managed from the command line.
How does DHCP allocate IP Addresses?

Windows Hang
and Crash Dump
Analysis
Webcast Review

About Routing
and Remote
Access in
Server 2008

Quick Check
Facts for
Microsoft
Windows Server
2008 Active
Directory,

The IP addresses are allocated dynamically by DHCP. Using the Windows Server Role, DHCP ensures that clients
have the correct configuration.
The default in Windows Server 2008, is to lease IP addresses for eight hours for wired clients and three
hours for wireless clients. The lease duration can be changed by modifying the DHCP server scope properties
of a specific subnet.
A series of messages, known as DHCP conversations or DHCP transactions, are provided to the DHCP client from
the DHCP server. The messages are based on the message format used with BOOTP. RFC2131 defines the format
for each message sent between the DHCP client and DHCP server.
The DHCP relay agent is
servers, if they are in
agent. Relay agents can
subnets need to support
RFC 1542, and most do.

a small program that forwards the DHCP messages between the DHCP clients and
another subnet. The server then sends the address back to the client via the relay
be used to reduce the number of DHCP servers needed. Routers that connect the
DHCP relay as described in Clarifications and Extensions for the Bootstrap Protocol

Configuring
SQL Subqueries

Need a Windows XP tuneup?


The Case of
the
Unexplained
2010
SysInternals
Review
SQL Table
Joins

The Bootstrap Protocol (BOOTP) is a UDP/IP-based protocol which


allows a booting host to configure itself dynamically and without
user supervision. BOOTP provides a means to notify a host of its
assigned IP address, the IP address of a boot server host, and the
name of a file to be loaded into memory and executed [1]. Other
configuration information such as the local subnet mask, the local
time offset, the addresses of default routers, and the addresses of
various Internet servers can also be communicated to a host using
BOOTP [2].
If a router cannot support DHCP relay, then check with the router manufacturer to see if a firmware upgrade
is available.
If a router cannot function as a relay agent, you can configure Windows Server 2008 as a relay agent.
Routing and Remote Access Services (RRAS) must be installed. RRAS is a component of the Network Policy and
Access Services server role.
DHCP Server
DHCP Protocols
Request for Comments: Dynamic Host Configuration Protocol
TCP/IP Fundamentals for Microsoft Windows

BROWSE TINA'S BLOG BY CATEGORY

Access-Based Enumeration
(2)
Active Directory (31)
ActiveX (3)
Address Labels (1)
AOL (1)
Backup (4)
Beep codes (1)
BitLocker (3)
Blogger (4)
cabling (7)
Certificates (6)
CMAK (1)

DHCP Lease Generation

DORA:
Discovery

Offer

Request

Acknowledgement

1. The DHCP client broadcasts a DHCPDISCOVER packet. The broadcast goes to every host on that particular
subnet. The only computer that will respond is one that has a DHCP server role configured or has a DHCP
relay agent running. The relay agent forwards the packet to the DHCP server for which it is configured.
2. The DHCP server(s) will broadcast back a DHCPOFFER packet with a potential IP address.
3. The DHCP client broadcasts a DHCPREQUEST packet. If there are multiple servers, the server requested is
the one that responded first with the DHCPOFFER packet.
4. DHCP Server (the server that responded first) broadcasts a DHCPACK packet (acknowledgement). Now the DHCP
client has an IP address. If the server is unable to provide the initial address in the DHCPOFFER packet,
then it will respond with a DHCPNAK message.

converted by Web2PDFConvert.com

command line (39)


Connection Request Policy
(4)
database (8)
DBMS (8)
Device Manager (8)
DFS (2)
DHCP (7)
DirectAccess (1)
Display (4)
DNS (16)
Drivers (14)
EFS (2)
Elevation prompt (3)
Ethernet (2)
Exam 70-640 (13)
Exam 70-642 (20)
Fax (1)
File and Folder Issues
(16)
File Recovery (5)
File Signature
Verification (4)
Firewall (11)
FireWire (1)
freeware (7)
FSRM (1)
Google (5)
Group Policy (31)
Hardware (18)
Installation (8)
Internet Explorer (14)
Internet Favorites (1)
Internet Options (9)
Iphone (4)
IPSec (3)
IPv4 (9)
IPv6 (4)
IPv6 Subnetting (1)
LCD (1)
Lenovo (3)
Logon (3)
Mac (8)
Meeting Space (1)
Memory (5)
Mouse (4)
MS Access (8)
msconfig (4)
NAP (3)
Network (49)
Network Access Services
(1)
Network Monitor (1)
Network Policy (1)
NPS (2)
NTFS (11)
Offline (3)
Parental Controls (1)
Password (4)
PC Repair North Shore (2)
Performance (9)
Permissions (4)
power options (7)
PowerShell (2)
Printer (25)
RADIUS (5)
Ready Boost (1)
Recovery Console (4)
Register (4)
Remote Access (7)
Remote Assistance (1)
Remote Desktop (2)
Restore (8)
Roaming profiles (1)
safe mode (2)
Screensaver (2)
Security (23)
Shadow Copy (4)
Shutdown Problems (3)
Slow Startup (8)
SMB (1)
SQL (8)
Standby mode (5)
Startup problems (16)
Sysinternals (8)
System Restore (7)

All of the packets contain the MAC address of the client computer and when the client is responding back to
the fastest responding DHCP server with a DHCPREQUEST packet, it includes the MAC address of the fastest
responding DHCP server.
Dynamic Host Configuration Protocol
Windows Server 2008 R2 and Windows Server 2008
DHCP Lease Renewal

When 50% of the lease duration has expired, the DHCP client sends a DHCPREQUEST packet back to the DHCP
server that leased the IP address.
If the DHCP server is running and responding to DHCPREQUESTs, it will send a DHCPACK packet that allows the
client to continue with the lease of the IP address.
If the server has a network or server problem and fails to respond to the client with a renewal, the client
will wait until 87.5% of the lease duration has expired. The client will then retry with the same server,
again.
If the renewal fails after 87.5% of the lease expired and 100% of the lease has expired, the client must go
through the entire process again by broadcasting a DHCPDISCOVER packet.
Note: Computers may have the same IP address for a long period of time if the network is not shut down.
Computers attempt to renew the address at startup. The reason for this is the computer may have moved while
it was offline and plugged into a new subnet. If the renewal is unsuccessful, the client computer tries to
contact the Default Gateway. If the gateway is not responding, the client computer enters the Discovery
phase, and attempts to obtain an IP configuration from any DHCP server.
DHCP Server Authorization

DHCP authorization is the process of registering the DHCP Server service in the Active Directory domain to
support DHCP clients. A DHCP server must be authorized because a DHCP server configured incorrectly can
provide invalid information.
You must be a member of Enterprise Administrators because the DHCP service can span multiple subnets and
domains.
DHCP Server checks with the domain controller to obtain a list of authorized DHCP servers.
DHCP Server will see that it is authorized with AD and therefore allowed to service DHCP requests.
Routers can act as a DHCP server. If a client gets its IP address from a rogue DHCP server, you
will need a protocol analyzer such as Network Monitor Version 3.4, a free download from
Microsoft. The download process adds the Network Monitor Driver to each network adapter,
including VPN and remote access adapters. You must install and then enable the driver before
Network Monitor collects data from the network adapter. The protocol analyzer will analyze where
the IP address is coming from and can then be tracked and eliminated from the network.

Simple tool to quickly get a network trace


By running this tool, you are prompted to install and start a capture. The capture is completed if the user instructs it to, or the
allotted time of 2 hours has elapsed. This tool is useful for customer support scenarios.

Microsoft Network Monitor 3.1 OneClick

Example: Your network is configured as an Active Directory domain with multiple subnetworks. Each
subnetwork has a least one domain controller. You are experiencing intermittent communication
problems across some of the remote links.
You want to determine bandwidth use and the types of network traffic on each of the remote link
and collect detailed network traffic information for analysis.
What should you do?

Use Network Monitor. Network Monitor is a protocol analyzer and lets you collect and save
detailed network usage statistics, including individual packets transmitted across the network.
You can use Network Monitor to determine bandwidth usage and how the bandwidth is being used to
troubleshoot applications on the network.

To start Network Monitor:

Start\All Programs\Microsoft Network Monitor 3.4 (or whatever is the current version), and choose
Microsoft Network Monitor.

To capture network data by using a command prompt:

NMCap: the easy way to Automate Capturing


Regardless of the network infrastructure, you can always capture communications to and from your local
computer.

converted by Web2PDFConvert.com

Task Manager (3)


TCPIP (22)
UAC (1)
USB (6)
virus (7)
Vista (20)
VMware (1)
VPN (4)
WCZ (1)
Windows 7 (9)
Windows 98 (3)
Windows Aero (2)
Windows ME (2)
Windows Server 2008 (33)
Windows Sidebar (1)
Windows version (3)
Windows Virtual PC (1)
Windows XP (28)
WINS (2)
wireless (13)
WSUS (2)

All computers connected to a hub can see all other computers' communications.

If a standalone DHCP server detects an authorized DHCP server in the domain, it will shut down. A DHCP
standalone server cannot coexist with an authorized DHCP server on the same subnet. When a DHCP standalone
server detects the existing DHCP server, the DHCP standalone server will stop leasing IP addresses. The
standalone DHCP server needs to be authorized in Active Directory.

note: Enterprise Administrators permission in all domains is required to authorize a DHCP server, except for
the root domain which requires the Domain Admins group permission.

Question: Your network has a server with Windows Server 2008 R2 installed and runs the DHCP service. Your
network has both desktop computers and wireless laptops that run Windows 7. You also have three wireless
access points (WAP). The wireless access points are configured with these settings:
DHCP server is enabled
SSID broadcast is enabled
Firewall is enabled
The wireless security key is disabled
The desktop computers are receiving IP addresses from the DHCP server. The wireless laptops are receiving IP
address from the wireless access points. A wireless laptop user wants to access a document from one of the
desktop computers.

FOLLOW TINA'S BLOG

Followers (12)

You need to make sure that the wireless laptop users and the desktop users are able to share documents in
the same network and that the wireless laptop users are only able to connect to specific network SSIDs. What
do you need to do to accomplish this?
Answer: First, you need to disable the DHCP server in the wireless access points. If the DHCP server is
enabled in both the wireless access points and Windows Server 2008, the WAP will get its IP address from
Windows Server 2008 and the WAP will provide a different range of IP addresses to the wireless
clients, causing the desktop computers and the wireless clients to be on two different networks. If you
disable the DHCP server on the WAP, the problem will be resolved.
Second, you should configure a GPO in Windows Server 2008 to control wireless access, so that the wireless
clients connect only to the allowed SSIDs. Windows Server 2008 allows you to configure an allowed and denied
list of SSIDs within the wireless range.
note: you can modify any of the information provided during the installation wizard, by using the DNS Manager console.

Follow this blog

DAISY

1.
2.
3.
4.

Log onto DC1 as Administrator


Switch to the client CL1
Log onto CL1 as Administrator
Switch back to DC1

5. Click on Server Manager: START | Administrative Tools | Server Manager


6. Right-click Roles and click Add Roles
7. The Add Roles Wizard appears. Click Next
8. Select the DHCP Server checkbox and Click Next
9. Read the information describing the DHCP Server Role and click Next
10. In the Select Network Connection Bindings dialog box, select the network adapter this DHCP server will
use for servicing clients and click Next

DANNY

11. In the Specify the IPV4 DNS Server Settings dialog box, in the Parent Domain box, verify the DNS domain
name that will be used for name resolution.
In the Preferred DNS server IPv4 address box, type the IPv4 address of your preferred DNS server, and click
Validate.
If needed, type in the IPv4 address in the Alternate DNS server IPv4 address box and Validate. Click Next.
Like

12

12. In the Specify IPv4 WINS Server Settings dialog box, either select WINS is not required for applications
on the network or select WINS is required for applications on this network. Click Next. In this example, we
will choose WINS is not required for applications on the network.

DANNY AND DAISY

13. In the Add or Edit DHCP Scopes, click Add and the Add Scope dialog box appears. If you want to add
scopes later, click Next (see Configuring a DHCP Scope), below this section.
14. In the Add Scope dialog box, type values for the required items and in the Subnet Type box, select Wired
or Wireless. Then, either Activate this scope to automatically activate the scope after DHCP installation is
complete, or you can manually activate the scope later using the DHCP MMC. Click OK.
15. This returns you to the Add or Edit DHCP Scopes page. If you have multiple subnets with this DHCP
server, repeat the steps to Add Scope (#13 and #14). Click Next.
NEW WORLD TRADE CENTER

16. In the Configure DHCPv6 Stateless Mode dialog box, select whether you want to configure the DHCP server
for DHCPv6 stateless operation and click Next. In this example, we will choose to Disable DCPv6 stateless
mode for this server. The option must match the IPv6 router configuration on the network.
17. In Authorize DHCP Server, specify credentials to be used to authorize the DHCP server in AD DS. Click
Next. note: the DHCP server must be authorized in Active Directory before it can lease IP addresses. In this
example, we will choose to Skip authorization of this DHCP server in AD DS.
18. On the Confirm Installation Selections page, review and click Install.
19. On the Installation Results page, review and click Close.
20. Close Server Manager
21. Open DHCP: START | Administrative Tools | DHCP
22. In the list pane on the left hand side of the DHCP dialog box, expand and highlight the domain and
right-click. Click Authorize. To authorize, you need to be an Enterprise Administrator. Press F5 to refresh.

TINA'S BLOG ARCHIVE

converted by Web2PDFConvert.com

2013 (9)
2012 (18)
2011 (68)
12/18/11 - 12/25/11 (1)

23. In the list pane, expand IPv4 and you will see the IPv4 server icon with a green up arrow meaning this
server is authorized in Active Directory.
Configuring DHCP Scopes and Options

12/11/11 - 12/18/11 (1)


11/27/11 - 12/4/11 (1)
11/13/11 - 11/20/11 (1)
Configuring and
Troubleshooting DHCP

11/6/11 - 11/13/11 (1)


10/30/11 - 11/6/11 (1)
10/23/11 - 10/30/11 (1)
10/16/11 - 10/23/11 (1)
10/9/11 - 10/16/11 (2)
10/2/11 - 10/9/11 (1)
9/25/11 - 10/2/11 (2)

What are DHCP Scopes?

A DHCP scope is a range of IP addresses available to be leased. Remember, the DHCP server has an IP address
and thus should be listed in Add Exclusions when defining the DHCP scope.
Scope Properties:

Network ID
Subnet Mask (for IPv4 scopes only)
Lease duration
Network IP address range
Scope name
Exclusion range

What is a Superscope?

9/18/11 - 9/25/11 (1)


9/4/11 - 9/11/11 (1)
8/28/11 - 9/4/11 (1)

A superscope is a collection of scopes that we group together as a single unit for administrative purposes.
This allows clients to receive an IP address from multiple logical subnets, even if they are on the same
physical subnet.

7/17/11 - 7/24/11 (2)


7/10/11 - 7/17/11 (2)
6/26/11 - 7/3/11 (1)
6/12/11 - 6/19/11 (1)

Superscopes are good for situations where the number of IP addresses in a scope are nearing the end and more
IP addresses are needed for expansion purposes.
If you have two DHCP servers on a network for redundancy purposes, superscopes would help.

5/22/11 - 5/29/11 (1)


5/8/11 - 5/15/11 (1)
5/1/11 - 5/8/11 (1)

If the network needs to be renumbered, a superscope is good for this.


What is a Multicast Scope?

4/24/11 - 5/1/11 (1)


4/17/11 - 4/24/11 (1)
4/10/11 - 4/17/11 (1)
4/3/11 - 4/10/11 (1)
3/27/11 - 4/3/11 (1)

A multicast scope gives a collection of class D addresses or multicast addresses that a multicast group will
share, IP address range of 224.0.0.0 239.255.255.255. Applications can request these addresses to send
data out to multiple hosts without having to send out to each host, individually. Multicast Address
Allocation Protocol Scopes (MADCAP). Applications that use these addresses must support the MADCAP API.
Steps to Configuring a DHCP Scope

3/20/11 - 3/27/11 (1)


3/6/11 - 3/13/11 (1)
2/27/11 - 3/6/11 (2)
2/20/11 - 2/27/11 (3)
2/13/11 - 2/20/11 (4)
2/6/11 - 2/13/11 (3)
1/30/11 - 2/6/11 (5)

1. Right-click Ipv4.
2. Select New Scope and the New Scope Wizard appears.
3.
4.
5.
6.
6.

Type PcRepair Office Scope into the Name: text box and demo into the Description: text box.
Input 192.168.0.1 into the Start IP address.
Input 192.168.0.254 into the End IP address.
Input 16 into the Length text box. 255.255.0.0 will display.
Click Next.

1/23/11 - 1/30/11 (4)


1/16/11 - 1/23/11 (2)
1/9/11 - 1/16/11 (4)

7. In the Add Exclusions dialog box, click Next. (An exclusion is a range of IP addresses the DHCP server is
not allowed to hand out. Exclusions can be active on the network. The DHCP server just will not hand it out.
You should indicate exclusions for any address that must be statically configured.)

1/2/11 - 1/9/11 (9)


8. Specify the Lease Duration. Click Next.
2010 (112)
2009 (20)

9. In the Configure DHCP Options dialog box, click No, I will configure these options later, and click Next.
We will configure the DHCP Options in another section.
10. Click Finish.

TINYURL

Enter a long URL to make tiny:

11. Click on Scope in the list pane. The scope appears with a red "down" arrow, and right-click. Click
Activate.
12. Close the DHCP console.

Make TinyURL!
Steps to Configure a Superscope
SUPPORT WIKIPEDIA

1. Right-click on the Ipv4 node.


2. Select New Scope.
3. The Welcome to the New Scope Wizard appears. Click Next.
4. Type: PcRepair Scope2 and demo2 in the Name: and Description: boxes. Click Next.
5. In the IP Address Range dialog box, type in an IP Address range of 192.168.1.1 192.168.1.254. Click
Next.
6. Exclusions not needed right now. Click Next.
7. Lease Duration of 8 days is sufficient. Click Next.

Subscribe in a reader

8. In the Configure DHCP Options dialog box, select No, I will configure these options later. Click Next.
9. Click Finish.

DEER VALLEY, UTAH


Activate Scope:

10. In the list pane, you will see a red down arrow beside the scope. Select the Scope, right-click and
Activate.
11. Right click Ipv4 and select New Superscope...
12. The New Superscope Wizard displays. Click Next.
13. In the Name: text box, type: PcRepairSuper. Click Next.
14. On the Select Scopes dialog box, select the Available scopes: you want by holding down the CNTL key.
Click Next. Review and click Finish.

converted by Web2PDFConvert.com

15. In the list pane, you will see the Superscope.


Switch to the Client CL1 machine.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.

ITALIAN ALPS

Click START | right-click Network | Properties


The Network and Sharing Center window appears.
Under Tasks, click Manage Network Connections. The Network Connections dialog box appears.
Right-click Local Area Connections and choose Properties.
In the Local Area Connection Properties dialog box, choose Internet Protocol Version 4 (TCP/IPv4) and
click Properties.
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, select Obtain and IP address
automatically and Obtain DNS server address automatically. Click OK.
Close LAC Properties.
Close Network Connections.
Close the Network and Sharing Center.
Restart CL1 Client machine.
Log onto CL1.
START | All Programs | Accessories
Right-click Command Prompt, and click Run as administrator.
At the command prompt, type: ipconfig and press Enter.
At the command prompt, type: ipconfig/release and press Enter.
At the command prompt, type: ipconfig/renew and press Enter.
At the command prompt, type: ipconfig/all and press Enter.
Close the command prompt window.
You will notice under Ethernet adapter Local Area Connection:, the Default Gateway is blank because
the option has not yet been configured. We will define it in Steps to Configuring a DHCP Scope Option, below.

What are DHCP Options?

PARK CITY, UTAH

DHCP options are values for common configuration data that applies to the server, scopes, reservations, and
class options. Most option codes come from the Request for Comments (RFC) documentation on the Internet
Engineering Task Force (IETF) website.
Common scope options are:

DNS Servers
DNS Name
Default Gateway
WINS Servers

Dynamic Host Configuration Protocol


DHCP Options and BootP Vendor Extensions
Steps to Configuring a DHCP Scope Option:

Expand the domain and then expand the IPV4 node.


LONG ISLAND 2010 SNOW STORM

1.
2.
3.
4.

5.
6.
7.
8.
9.
10.
11.

Expand Scope.
Select Scope Options and right-click.
Click Configure Options.
In the Scope Options dialog box, select 003 Router. note: Normally, you will configure option 003 Router (default gateway), 006 - DNS Servers, and option 015 - DNS suffix.

In the IP address: box, type: 192.168.1.1, and click Add. Click OK.
Switch to Client CL1.
START | All Programs | Accessories
Right click Command Prompt and click Run as administrator.
At the command prompt, type: ipconfig /release, press Enter.
At the command prompt, type: ipconfig /renew, press Enter.
At the command prompt, type: ipconfig /all, press Enter.
Notice the default gateway is now listed.

What are DHCP Class-Level Options?


FRENCH ALPS

DHCP class-level options are scope options that apply to a specific type of device.
Vendor-class: configured by vendors such as Microsoft, HP, and Sun
User-class: Set and viewed by the user with the ipconfig /set classid command
Example: Suppose you want to be able to differentiate among users across different floors in the same
building and among remote users. You want to assign a shorter lease duration for some users and specific DNS
settings to users on different floors. A method for accomplishing this using minimum administrative effort
is to create user classes on the DHCP server. User classes are created to differentiate specific DHCP
configurations from the default DHCP configuration. When a client computer sends a request to the DHCP
server for an IP address, the DHCP server checks for user class information and assigns an IP address to the
client. If the client does not carry any user class information, the DHCP server assigns the default IP
configuration to the client.
Assign a specific DHCP class ID for a client computer:
KILLINGTON, VERMONT

ipconfig /setclassid adapter_name class_id


example: if the network adapter is named Local Area Connection and has a user class ID named SalesUserClass,
you would run the following command:
ipconfig /setclassid Local Area Connection SalesUserClass
DHCP Server
More About Predefined DHCP Options

converted by Web2PDFConvert.com

What is a DHCP Reservation?

A DHCP Reservation is a specific IP address, within a scope, that is reserved permanently for lease to a
specific DHCP client. Many times printers and servers will have a reserved IP address. The reservation ties
the MAC address of the computer into the IP address, and is actually made on the network card. So, if you
need to change the network card, you need to recreate the reservation.
Configuring reservations allows you to centralize management of fixed IP addresses. Custom DHCP options for
reservations will override all other DHCP options configured at a higher level.

Why is DHCP Sizing and Availability Important?

When DHCP scopes are configured, the scope needs to include IP address for all clients. Typically, you configure 20% above
the physical amount of clients.
DHCP availability is mission critical. If the leases are approaching the expiration date and the number of leases are
exhausted, there could be serious problems
The recommendation is to have some type of fault tolerance by using multiple DHCP servers. On the servers, there is
commonly an 80/20 rule.
On the first DHCP server, you would have 20% of the addresses:
Scope range: 192.168.1.10 192.168.1.254
Excluded addresses: 192.168.1.10 192.168.1.205 (the first 80% of the addresses)

On the second DHCP server, you would have 80% of the addresses:
Scope range: 192.168.1.10 192.168.1.254
Excluded addresses: 192.168.1.26 192.168.1.254 (20% of addresses leased from server

Order that DHCP Options are Applied

Server
Scope
Class
Reserved client

How to configure DHCP Server Options?

This example assumes you have SVR1 and the scope has already been configured.
Server Options:

START | Administrative Tools |DHCP


Expand SVR1
Expand Ipv4 node
Highlight Server Options and right-click
Select Configure Options
Insert a check mark in the 006 DNS Servers box to add a DNS server
In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button. This should
resolve the server name to an IP address listed under IP address:
Click the Add button
For this example, insert a check mark to add a WINS server, 004 WINS/NBNS Servers. Under Server name: ,
enter pcrepair-dc1 and click Resolve.
Click the Add button
Insert another check mark beside 046 WINS/NBT Node Type. Scroll to the right of the node type and see the
description. Note the byte value of the node type desired. Below, under Data entry, enter the node type value.
For this exampe, we are using Hybrid type 0x8.
Click Apply.

Scope Options:

Highlight Scope Options and right-click


Select Configure Options
Insert a check mark in the 003 Router box to add a Router
In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button. This should
resolve the server name to an IP address listed under IP address:

Click the Add button

Click Apply.

Option Classes:

Highlight Server Options and right-click


Select Configure Options
Go to the Advanced menu
You will see the Vendor class: and the User class:
In this example, we will add options to the Default User Class (one of the User Class: options available in the
drop down box)
Now, under Available Options, we will insert a check mark beside 072 World Wide Web (WWW) Servers
In the Server name: text box, add pcrepair-dc1 as an example and click the Resolve button.
Click the Add button
Click Apply.

Reservations:

Highlight Reservations and right-click


Select New Reservation
In the New Reservation dialog box, enter a Reservation name: as Offsite Printer
Enter the IP address: of the reservation.
Enter the MAC address: by doing an IPCONFIG /all on the client to determine the network adapter you want to
associate this IP address with.
Enter a Description:
Select one of the Supported types:
o Both
o DHCP only
o BOOTP only
Click Add
Click Close
When you return, you will see the reservation you just added. Right-click the added reservation.
Select Configure Options to add options, if desired.

converted by Web2PDFConvert.com

MANAGING A DHCP DATABASE


WHAT IS A DHCP DATABASE?
THE DHCP DATABASE CONTAINS CONFIGURATION INFORMATION AND USES THE JET DATABASE ENGINE TECHNOLOGY. IT IS DYNAMIC AND CONTAINS INFO
RELATING TO IP SCOPES, IP LEASES, AND RESERVATIONS. THE DHCP DATABASE IS STORED IN THE %SYSTEMROOT%\SYSTEM32\DHCP FOLDER. THE
FILES INCLUDE:

DHCP.MDB (THE DHCP DATABASE)


TMP.EDB (USED AS A SWAP FILE DURING DATABASE INDEX MAINTENANCE OPERATIONS)
J50.LOG AND J50*.LOG (TRANSACTION LOG FILE)
RES*.LOG (RESERVES AN AREA OF SPACE IN CASE WE RUN LOW ON THE PHYSICAL DISC SPACE)
J50.CHK (LAST COMMITTED TRANSACTION INTO THE DHCP DATABASE FROM THE LOG FILES)
THE DHCP DATABASE IS BACKED UP PERIODICALLY AND THE STANDARD BACKUP INTERVAL IS 60 MINUTES. THE JET DATABASE DOES NOT RECOVER DISC SPACE
FROM EXPIRED LEASES, SO WE WILL HAVE TO RUN MAINTENANCE TO RECOVER DISC SPACE, PERIODICALLY.

DHCP DATABASE BACKUP AND RESTORE


THE DHCP DATABASE IS BACKED UP TO A LOCAL DIRECTORY ON COMPUTER HARD DISC. HOWEVER, IT IS A GOOD PRACTICE TO BACK IT UP
ONTO A SEPARATE VOLUME. IF THE DATABASE FAILS TO LOAD, THE BACKUP ON THE LOCAL HARD DRIVE WILL BE RESTORED.
BEST PRACTICE IS FOR THE ADMINISTRATOR TO MOVE A COPY OF THE BACKED UP DHCP DATABASE TO AN OFFLINE STORAGE LOCATION. IF THE
SERVER HARDWARE FAILS, THE ADMINISTRATOR CAN RESTORE ONLY FROM THE OFFLINE STORAGE LOCATION.
THE DHCP BACKUP UTILITY BACKS UP ALL SCOPES, RESERVATIONS, LEASES, AND ALL OPTIONS. ALL REGISTRY KEYS AND CONFIGURATION
SETTINGS ARE ALSO BACKED UP.

HOW IS THE DHCP DATABASE RECONCILED?


SOMETIMES THERE ARE INCONSISTENCIES IN THE DHCP DATABASE AND THE DHCP REGISTER. IP LEASE INFORMATION IS IN THE DHCP
DATABASE, BUT A SUMMARY OF LEASE INFORMATION IS HELD IN THE REGISTRY.

THE DHCP DATABASE IS COMPARED TO THE REGISTRY AND INCONSISTENCIES ARE RECONCILED IN THE DHCP DATABASE.

MOVING A DHCP DATABASE


1. BACKUP THE DATABASE ON THE OLD SERVER.
2. PUT THE BACKUP ONTO SOME FORM OF BACKUP MEDIA.
3. STOP THE OLD DHCP SERVER.
4. COPY/RESTORE THE DATABASE OVER TO THE NEW DHCP SERVER.
5. START THE DHCP SERVER ROLE.

DHCP SERVER CONFIGURATION OPTIONS:

INPUT HOW OFTEN TO UPDATE STATISTICS ON THE GENERAL TAB

WHETHER TO ENABLE DHCP AUDIT LOGGING ON THE GENERAL TAB

CONFIGURE DNS AND WHETHER OR NOT TO ENABLE DNS DYNAMIC UPDATES ON THE DNS TAB

CONFIGURE NETWORK ACCESS PROTECTION (NAP) SETTINGS ON THE NETWORK ACCESS PROTECTION TAB

CONFIGURE WHAT WOULD HAPPEN IF A NETWORK POLICY SERVER (NPS) IS UNREACHABLE ON THE NETWORK PROTECTION TAB

CHOOSE THE AUDIT LOG FILE PATH ON THE ADVANCED TAB

MODIFY SERVER CONNECTION BINDINGS AND DNS REGISTRATION CREDENTIALS ON THE ADVANCED TAB

1. START | ADMINISTRATIVE TOOLS | DHCP


2. RIGHT-CLICK THE SERVER AND SELECT PROPERTIES TO VIEW THE DATABASE PATH AND BACKUP PATH.
3. IF YOU WANT TO MOVE THE BACKUP VOLUME USING THE COMMAND LINE:
A. LAUNCH A COMMAND PROMPT
B. TYPE: NETSH DHCP SERVER SET DATABASEBACKUPINTERVAL 1440 (SETS THE BACKUP INTERVAL TO EVERY 24 HOURS IN
MINUTES, AS OPPOSED TO THE DEFAULT 60 MINUTES)
C. TYPE: NETSH DHCP SERVER SET DATABASEBACKUPPATH D:\DHCP\BACKUP
4. RIGHT-CLICK THE DHCP SERVER AND CHOOSE BACKUP AND SELECT THE DESIRED DIRECTORY.
5. CLICK OK. THE DHCP SERVER IS NOW BACKED UP.
6. GO TO YOUR BACKUP DIRECTORY AND VERIFY.

converted by Web2PDFConvert.com

PERFORM DHCP RECONCILIATION


1. START | ADMINISTRATIVE TOOLS | DHCP
2. EXPAND SCOPE. SELECT SCOPE AND RIGHT-CLICK.
3. SELECT RECONCILE AND THE RECONCILE DIALOG BOX APPEARS.
4. CLICK THE VERIFY BUTTON.

DHCP STATISTICS

DHCP STATS ARE COLLECTED AT THE SERVER LEVEL OR AT THE SCOPE LEVEL TO DETERMINE IF THERE IS A PROBLEM WITH THE DHCP SERVICE OR
WITH THE NETWORKS DHCP CLIENTS.

DHCP AUDIT LOG FILE

THE DHCP AUDIT LOG IS A LOG OF SERVICE-RELATED EVENTS. THE LOG FILE CAN BE USED TO TRACK LEASE
REQUEST, GRANTS, OR DENIALS AND TO TROUBLESHOOT DHCP SERVER ISSUES, AND IS STORED IN THE
%WINDIR%\SYSTEM32\DHCP FILE. THE NAME IS BASED ON DAY OF THE WEEK, AN EXAMPLE IS DHCPSRVLOGMON.LOG.
MORE ABOUT DHCP AUDIT AND EVENT LOGGING
HOW TO MONITOR DHCP SERVER PERFORMANCE

USE THE BUILT-IN SERVER 2008 UTILITY, PERFORMANCE MONITOR. OBJECTS AND COUNTERS ARE ADDED AUTOMATICALLY WHEN A
NEW SERVER ROLE IS INSTALLED.

CHECK THE COUNTERS AND MONITOR SERVER PERFORMANCE. TEST AGAINST THE BASELINE, VERY IMPORTANT.
REVIEW THE COUNTERS FOR SIGNIFICANT CHANGES IN DHCP TRAFFIC. IF THERE ARE HIGH VALUES, THEN CHECK THE SERVER FOR
BOTTLENECKS.

WHAT COUNTERS TO CHECK

1. PACKETS RECEIVED/SECOND SUDDEN CHANGES CAN REFLECT NETWORK PROBLEMS


2. REQUESTS/SECOND - SUDDEN CHANGES CAN REFLECT NETWORK PROBLEMS
3. ACTIVE QUEUE LENGTH SUDDEN OR GRADUAL INCREASES CAN INDICATE INCREASED LOAD OR DECREASED SERVER CAPACITY
4. DUPLICATES DROPPED/SECOND CAN INDICATE MORE THAN ONE REQUESTS IS BEING TRANSMITTED TO CLIENT INDICATING THE
CLIENTS ARE TIMING OUT TOO FAST OR THE SERVER IS NOT RESPONDING QUICKLY ENOUGH

MONITORING DHCP SERVER PERFORMANCE


1. START | ADMINISTRATIVE TOOLS | DHCP
2. EXPAND THE SERVER
3. EXPAND IPV4
4. RIGHT-CLICK IPV4 AND SELECT DISPLAY STATISTICS
5. CLOSE
6. RIGHT-CLICK IPV4 AND SELECT PROPERTIES
7. GO TO THE ADVANCED TAB
8. CHECK THE AUDIT LOG FILE PATH
9. OPEN THE LOG FILE CONTAINED IN %WINDIR%\SYSTEM32\DHCP BY GOING TO MY COMPUTER TO THE FILE NAME AND OPEN UP
CORRESPONDING DAY. MATCH THE ID NUMBER TO THE EVENT ID TO REVIEW THE STATISTICS.
10. GO TO START | TYPE INTO THE SEARCH BOX: PER
11. THIS BRINGS UP RELIABILITY AND PERFORMANCE MONITOR
12. UNDER MONITORING TOOLS, SELECT PERFORMANCE MONITOR
13. GO TO THE MENU AND CLICK THE BIG GREEN + SIGN TO ADD A COUNTER
14. UNDER AVAILABLE COUNTERS, WE WILL CHOOSE DHCP SERVER
15. CLICK ON THE + BUTTON TO THE RIGHT OF DHCP SERVER
16. SELECT THE COUNTERS YOU WOULD LIKE. WE WILL SELECT:
A. REQUESTS/SEC AND CLICK THE ADD BUTTON
B. RELEASES/SEC AND CLICK THE ADD BUTTON
C. OFFERS/SEC AND CLICK THE ADD BUTTON
D. DISCOVERS/SEC AND CLICK THE ADD BUTTON

converted by Web2PDFConvert.com

17. SELECT THE OK BUTTON


18. TO HIGHLIGHT AN OPTION, SELECT THE HIGHLIGHT BUTTON ON THE MENU (BESIDE THE RED X)
19. IN THE MENU, YOU CAN LOOK AT LOG DATA, CHANGE THE GRAPHIC DISPLAYED, AND GET A REPORT VIEW, ALONG WITH OTHER
SELECTIONS
HOW TO PREVENT AN UNAUTHORIZED USER FROM OBTAINING A LEASE

MAKE SURE UNAUTHORIZED PERSONS DO NOT HAVE PHYSICAL OR WIRELESS ACCESS TO THE NETWORK. UNPLUG WIRING THAT IS NOT
NEEDED. DO NOT BROADCAST SSID. USE WPA ENCRYPTION.

ENABLE AUDIT LOGGING FOR ALL DHCP SERVERS ON THE NETWORK.

REVIEW THE AUDIT LOGGING ON A REGULAR BASIS.

USE 802.1X-ENABLED LAN SWITCHES OR WIRELESS ACCESS POINTS TO ACCESS THE NETWORK.

CONFIGURE NAP TO VALIDATE USES AND SECURITY POLICY COMPLIANCE.

NETWORK ACCESS PROTECTION


STEP-BY-STEP GUIDE: DEMONSTRATE NAP DHCP ENFORCEMENT IN A TEST LAB
AUTHORIZE THE DHCP SERVER IN THE DOMAIN. WHEN A DHCP SERVER IS CONFIGURED ON A DOMAIN CONTROLLER OR
MEMBER SERVER, THE SERVER CHECKS ITSELF AGAINST THE DOMAIN'S LIST OF AUTHORIZED DHCP SERVERS. IF THE
COMPUTER'S IP ADDRESS IS NOT ON THE LIST, THE DHCP SERVER WILL NOT COMPLETE THE INITIALIZATION PROCESS AND
WILL SHUT ITSELF DOWN.
YOU CAN USE THE NETSH COMMAND TO AUTHORIZE THE DHCP SERVER.

RESTRICT UNAUTHORIZED, NON-MICROSOFT DHCP SERVERS FROM LEASING IP ADDRESSES

DHCP AUTHORIZATION BEGAN WITH WINDOWS SERVER 2000, WINDOWS SERVER 2003, AND MOST RECENTLY WINDOWS SERVER 2008.

AUTHORIZATION IS NOT REQUIRED ON OTHER DHCP IMPLEMENTATIONS. EITHER DECOMMISSION THE SERVER OR DISABLE THE DHCP SERVICE.

TO RESTRICT UNAUTHORIZED, NON-MICROSOFT DHCP SERVERS FROM LEASING IP ADDRESSES, ENSURE THAT UNAUTHORIZED PERSONS
DO NOT HAVE ACCESS TO THE NETWORK.

LIMIT THE DHCP ADMINISTRATORS GROUP.

ADD USERS THAT NEED READ-ONLY ACCESS TO THE DHCP USERS GROUP.

DHCP SERVER AUTHORIZATION

DHCP BEST PRACTICES

Posted by Tina Thorsen


Related Posts: Active Directory, DHCP, DNS, Exam 70-642, IPv4, Network, Network Monitor, Performance, Remote Access,
TCPIP, Windows Server 2008, WINS

No comments:
Post a Comment
"Comment As:" anonymous if you would rather not sign into an account!

Enter your comment...

Comment as: Select profile...

Publish

Preview

LINK this post in your blog


Create a Link
Newer Post

Home

Older Post

Subscribe to: Post Comments (Atom)

converted by Web2PDFConvert.com

TOTAL PAGEVIEWS

Like

208,388

12

Computer Repair

Powered by Blogger.

converted by Web2PDFConvert.com

Você também pode gostar