1.

DHCP Relay agent

DHCP Relay agent provides the IP address in to the remote network. A DHCP relay agent
is network device configured specifically to relay DHCP traffic to a nearby DHCP server.
Essentially, you must have a DHCP Relay agent or DHCP server on every network
segment where DHCP client computer reside. In Windows Server 2008, the DHCP Relay
agent is enabled in the Routing and Remote access Server Role. Note that a computer
cannot be configured as both a DHCP server and a DHCP relay agent. The DHCP Relay
agent is, essentially, a routing protocol that is installed on an appropriate device.
Typically, a router is set up as a DHCP relay agent so that DHCP discovery traffic will be
routed to the appropriate DHCP server.

How relay agents work

A relay agent relays DHCP/BOOTP messages that are broadcast on one of its connected physical
interfaces, such as a network adapter, to other remote subnets to which it is connected by other physical
interfaces. The following illustration shows how client C on Subnet 2 obtains a DHCP address lease from
DHCP server 1 on Subnet 1.

1. DHCP client C broadcasts a DHCP/BOOTP discover message (DHCPDISCOVER) on Subnet 2, as a

User Datagram Protocol (UDP) datagram using the well-known UDP server port of 67 (the port
number reserved and shared for BOOTP and DHCP server communication).

2. The relay agent, in this case a DHCP/BOOTP relay-enabled router, examines the gateway IP
address field in the DHCP/BOOTP message header. If the field has an IP address of 0.0.0.0, the
agent fills it with the relay agent or router's IP address and forwards the message to the remote
Subnet 1 where the DHCP server is located.

3. When DHCP server 1 on remote Subnet 1 receives the message, it examines the gateway IP
address field for a DHCP scope that can be used by the DHCP server to supply an IP address
lease.

4. If DHCP server 1 has multiple DHCP scopes, the address in the gateway IP address field (GIADDR)
identifies the DHCP scope from which to offer an IP address lease.
 For example, if the gateway IP address (GIADDR) field has an IP address of 10.0.0.2, the DHCP
server checks its available set of address scopes for a scope range of addresses that matches the
class A IP network that includes the gateway address as a host. In this case, the DHCP server
would make a check for a scope of addresses between 10.0.0.1 and 10.0.0.254. If a matching
scope exists, the DHCP server selects an available address from the matched scope to use in an IP
address lease offer response to the client.

5. When DHCP server 1 receives the DHCPDISCOVER message, it processes and sends an IP address
lease offer (DHCPOFFER) directly to the relay agent identified in the gateway IP address (GIADDR)
field.

6. The router then relays the address lease offer (DHCPOFFER) to the DHCP client.

The client IP address is still unknown, so it has to be broadcast on the local subnet. Similarly, a
DHCPREQUEST message is relayed from client to server, and a DHCPACK message is relayed from
server to client, according to RFC 1542.

Types of scopes in windows dhcp ?

Normal Scope - Allows A, B and C Class IP address ranges to be specified
including subnet masks, exclusions and reservations. Each normal scope defined
must exist within its own subnet.
Multicast Scope - Used to assign IP address ranges for Class D networks.
Multicast scopes do not have subnet masks, reservation or other TCP/IP
options.
Multicast scope address ranges require that a Time To Live (TTL) value be
specified (essentially the number of routers a packet can pass through on the
way to its destination).
Superscope - Essentially a collection of scopes grouped together such that they
can be enabled and disabled as a single entity.

APIPA ?
Short for Automatic Private IP Addressing, a feature of later Windows operating systems. With
APIPA, DHCP clients can automatically self-configure an IP address and subnet mask when a DHCP server isn't
available. When a DHCP client boots up, it first looks for a DHCP server in order to obtain an IP address and subnet
mask. If the client is unable to find the information, it uses APIPA to automatically configure itself with an IP address
from a range that has been reserved especially for Microsoft. The IP address range is 169.254.0.1 through
169.254.255.254. The client also configures itself with a default class B subnet mask of 255.255.0.0. A client uses the
self-configured IP address until a DHCP server becomes available.

backup and restore of DHCP ?

DHCP servers store DHCP lease and reservation information in database files. By default, these files
are stored in the %SystemRoot%\System32\DHCP directory. The key files in this directory are used as
follows:
Dhcp.mdb The primary database file for the DHCP server
J50.log A transaction log file used to recover incomplete transactions in case of a server malfunction
J50.chk A checkpoint file used in truncating the transaction log for the DHCP server
Res1.log A reserved log file for the DHCP server
Res2.log A reserved log file for the DHCP server
Tmp.edb A temporary working file for the DHCP server
 Backing Up the DHCP Database
The Backup directory in the %SystemRoot%\System32\DHCP folder contains backup information for
the DHCP configuration and the DHCP database. By default, the DHCP database is backed up every
60 minutes automatically. To manually back up the DHCP database at any time, follow these steps:
1. In the DHCP console, right-click the server you want to back up, and then click Backup.
2. In the Browse For Folder dialog box, select the folder that will contain the backup DHCP database,
and then click OK.

Registry keys that control the location and timing of DHCP backups, as well as other DHCP settings,
are located under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters.

The following keys control the DHCP database and backup configuration:
BackupDatabasePath Sets the location of the DHCP database. You should set this option through the
DHCP Properties dialog box. Click the Advanced tab, and then set the Database Path field as appropriate.
DatabaseName Sets the name of the primary DHCP database file. The default value is DHCP.mdb.
BackupInterval Determines how often the DHCP client information database is backed up. The default is
60 minutes.
DatabaseCleanupInterval Determines how often the DHCP service deletes expired records from the
DHCP client information database. The default is four hours.

Restoring the DHCP Database from Backup

In the case of a server crash and recovery, you might need to restore and then reconcile the DHCP
database. To force DHCP to restore the database from backup, follow these steps:
1. If necessary, restore a good copy of the %SystemRoot%\System32\DHCP\Backup directory from
the archive. Afterward, start the DHCP console, right-click the server you want to restore, and then
click Restore.
2. In the Browse For Folder dialog box, select the folder that contains the backup you want to
restore, and then click OK.
3. During restoration of the database, the DHCP Server service is stopped. As a result, DHCP clients
are temporarily unable to contact the DHCP server to obtain IP addresses.

35 .
The peakload is indicating Vusers fail status due to
insufficient memory allocations in system called memory
leakage
36.
Today here I am going to explain about how to analyze the memory dump.
As in my previous post I have describe to you: How to create memory dump
and where you can find that dump file.
Lets say you have configured a memory dump on a server and server got
unexpected down with BSOD.

Now you need to go to the default location

i.e. %SystemRoot%\Memory.dmp for the memory dump file.
You can find the memory.dmp as below.

This memory.dmp file is the dump file for complete dump. Now you need to analyze it ;)
There are bundle of software in the market for the same, some are free of cost and some
are licensed.
Microsoft has tool that we can use to analyze the memory dump on Microsoft platforms
called as windows debugger (dbg_x86_6.11.1.404). You can download it from here.

After downloading the debugger you need to do little bit configuration before analyzing the
dump.

Now you need to configure the symbol path for it. Before doing it just do the following

1. Create a folder named symbols without quotes in the root drive.

2. Open the Windbg and then go to FileSymbol file path.
3. Set the path to
 SRV*c:\symbols*http://msdl.microsoft.com/download/symbols without quotes.

Symbol Path:- Symbol files provide a footprint of the functions that are contained in
executable files and dynamic-link libraries (DLLs).Additionally, symbol files can present a
roadmap of the function calls that lead to the point of failure.
Now the configuration is done, now you need to open the dump file in the debugger.

Now you need to open dump file , To do this goto File-->Open Crash Dump

After you open the Memory.dmp, it will make some calculation and load the symbols as
below.
Now you need to write the command "!analyze -v " to get the details

After this command you will get the details about the reason behind the Crash :)

The reason for the crash was fltmgr.sys file.

As you all are System Admins so you must have good google search skills,Now just google it
and get the reason for the same.
I have found the reason and the there is some Hotfix from Microsoft for this error.

37.
Performance Monitor is a simple yet powerful visualization tool for viewing performance data, both in real
time and from log files. With it, you can examine performance data in a graph, histogram, or report.
Membership in the local Performance Log Users group, or equivalent, is the minimum required to
complete this procedure.
To start Performance Monitor
1. Click Start , click in the Start Search box, type perfmon , and press ENTER.
2. In the navigation tree, expand Monitoring Tools , and then click Performance Monitor .
You can also use Performance Monitor to view real-time performance data on a remote computer.
Membership in the target computer's Performance Log Users group, or equivalent, is the minimum
required to complete this procedure.
To connect to a remote computer with Performance Monitor
1. Start Performance Monitor.
2. In the navigation tree, right-click Reliability and Performance , and then click Connect to
another computer .
3. In the Select Computer dialog box, type the name of the computer you want to monitor, or
click Browse to select it from a list.
4. Click OK .

42 .

iLO makes it possible to perform activities on an HP server from a remote location. The iLO card has a
separate network connection (and its own IP address) to which one can connect via HTTPS. Possible
options are:

Reset the server (in case the server doesn't respond anymore via the normal network card)
Power-up the server (possible to do this from a remote location, even if the server is shut down)
Remote console (in some cases however an 'Advanced license' may be required for some of the
utilities to work)
Mount remote physical CD/DVD drive or image
Access the server's IML (Integrated Management Log)
Can be manipulated remotely through XML-based Remote Insight Board Command Language
(RIBCL)
Full CLI support through RS-232 port (shared with system), though the inability to enter Function
keys prevents certain operations
iLO provides some other utilities like virtual media (CD, floppy), virtual power and a remote console. iLO is
either embedded on the system board, or available as a PCI card

iLO Management - Tips & Tricks

What is iLO?
iLO stands for Integrated Lights Out Remote Management. A lot of ProLiant customers don't even know
they have this on their server. iLO is an onboard management ASIC providing complete out of band
remote managment of the server. Almost all HP ProLiant servers from Generation 2 systems onwards
have included the iLO management port as standard.

What does it do?

How would you like complete secure remote management and control of your server? iLO provides this;
there is nothing and I mean nothing that cannot be done remotely bar physically touching the server of
course. For example - you can power the server down and watch it reboot, jump in and configure the
BIOS should you need to; watch the OS load up (note iLO doesn't require an OS to be already installed)
and then mount your local desktop USB or DVD to the remote server (it appears as a USB connected
device on the remote server). You can even have the server boot from an ISO image on the network
should you so wish. This is but a sample of the power and control iLO gives you over your server. Best
of all it is all out of band management so it is very secure and you are not using valuable data NIC
bandwidth.
 Integrated Lights-Out (iLO) virtualizes ProLiant system resources over a network so you are always in
control as if you are at-the-server. iLO Standard provides basic remote management features standard
with ProLiant servers. The optional iLO Advanced provides key-activated features that enable remote
access to system console with full keyboard and mouse control during any server state. iLO Advanced
also allows administrators to maintain system firmware or run diagnostics on remote servers from an
image on a workstation floppy or CD drive or network web server. These "do-it-yourself" capabilities
enable industry leading remote management of ProLiant servers anywhere, anytime from a secure,
standard Web browser, command line or script. You get a free 60 day trial license of the advanced
pack with every iLO on every server. Customers can register for evaluation licenses for all ProLiant
Essentials products online at www.hp.com/go/tryessentials.

Benefits of using iLO.

Reduces travel and operational costs:

iLO users avoid travel costs for administrative, maintenance and remedial activities on systems in
remote locations or datacenters. The virtualized system resources allow administrators to perform
many system tasks of from any network access point without leaving the office or relying on local
assistance.
Automates system support functions:
iLO scripting automates key tasks such as unattended ROM updates for multiple systems
simultaneously. iLO integrates with other tools such as HP Systems Insight Manager for seamless
execution of administrative tasks.
Increases availability:
iLO Advanced Pack shortens the time to complete administrative, maintenance and remedial tasks by
enabling instant remote control of key system resources over a network.
Ensures reliable, efficient access and data security:
iLO provides full remote control over the Internet or LAN without increasing the vulnerability of
valuable IT assets to unauthorized access and malicious activity. Industry standard data encryption
and directory services based user access provide a reliable, secure remote management
infrastructure.

How do I enable iLO?

There are 2 simple ways to get up and running.

1. If the server is powered off

Power the server on and watch it boot - you will see a prompt to hit F8 which will allow you to
configure iLO. Every server cotaining iLO ships with a sticker or tag containing iLO default specific
information i.e. username and password, DNS name etc. Once you have logged on you can configure
iLO with a fixed IP address and configure security parameters for access control.
2. If the server is already power on and running
iLO needs to be plugged onto your ETHernet network and uses TCP/IP (it will request an IP addrss from
 your DHCP server by default). Every server containing iLO will include a sticker or a tag containing the
default DNS name for that specific iLO. You can then check your DHCP server and see what IP address
was allocated to the iLO. Open a browser and http to that address. Use the username and password
from the tag to gain access.

TIP -Once you have enabled iLO you should remove the tag and change the logon credentials for
security purposes. iLO can also integrate with your directory for security logon credentials. If you have
lost the tag or sticker with the default logon credentials please contact HP suppport and they will giude
you through the process to reset iLO security.

How do I optimise iLO performance?

There are now 2 versions of iLO. iLO 2 arrived this year with the launch of our new cClass Blade
servers, G5 Intel Xeon and G2 AMD Opteron based servers. The remote console performance of iLO 2 is
amazing and is the equivalent of KVM over IP console switch performance. For iLO 1 users the biggest
single request to HP has been to improve the graphical remote console performance which we have
done but unfortunately not alot of people know about nor have applied these updates. Bear in mind
that iLO technology launched almost 10 years ago with the RiLOE PCI board. The primary purpose being
to give administrators complete OS independent, out of band management and remote control of their
servers. It was not built for 24x7 management.

Improve Remote Console Performance

There are a number of ways for improving remote console performance some of which are dependent
on the OS running on the host server. For Windows 2000 or 2003 servers the simplest and most
effective way is by enabling Terminal Services functionality through iLO. This allows iLO to accept
Microsoft Remote Desktop Connections on the iLO management port instead of doing this through your
data NIC.

Other tips to improve the graphical remote console on Windows servers include...

Server display properties

Plain Background (no wallpaper pattern)

Smaller display resolutions (800x600 or 1024x768 pixels)
256 color mode or 24 bits per pixel color setting (iLO only)

Server mouse properties (iLO only)

Select None for mouse pointer Scheme.

Uncheck Enable pointer shadow.
Select Motion or Pointer Options and set the pointer Speed slider to the middle position.
Disable pointer Acceleration to None (on Windows NT or Windows 2000).
Uncheck Advanced Pointer Precision (on Windows Server 2003).
 I strongly urge you to download and read the iLO Best Practices Guide v4published Oct'06 from hp.com.
It is full of advice on how to maximise your iLO performance and productivity with step by step guides
and details.

Recent features added to iLO which is available by simply upgrading your iLO firmware

Schema-free Active Directory Integration

Two-factor authentication
USB flash drive virtual media
Power Regulator for ProLiant reporting
Intelligent iLO Advanced activation keys
Terminal Services Pass Through
enhanced remote console mouse