Understanding DHCP Securing DHCP Servers Monitoring and Troubleshooting the DHCP Server DHCP Leasing DHCP and

Remote Access Managing the DHCP Server Configuring DHCP DHCP Relay Agents

Start Here Understanding DHCP

DHCP Overview
An IP address can be defined as a unique numeric identifier (address) that is assigned to each computer operating in a TCP/ IP based network. Manually configuring computers with IP addresses and other TCP/IP configuration parameters is not an intricate task. However, manually configuring thousands of workstations with unique IP addresses would be a time consuming, and cumbersome experience. When you manually assign IP addresses, you increase the risk of duplicating IP address assignments, configuring the incorrect subnet masks, and incorrectly configuring other TCP/IP configuration parameters. This is where the Dynamic Host Configuration Protocol (DHCP) becomes important. The Dynamic Host Configuration Protocol (DHCP) is a service that does the above mentioned tasks for administrators, thereby saving simplifying the administration of IP addressing in TCP/IP based networks. TCP/IP configuration was basically a manual process before the DHCP protocol was introduced. One of the main disadvantages of manually assigning IP addresses to hundreds of computers is that it could result in the assigned IP addresses not being unique. In a TCP/IP based network, to uniquely identify computers on the network, each computer must have a unique IP address. To communicate on the Internet and private TCP/IP network, all hosts defined on the network must have IP addresses. The 32-bit IP address identifies a particular host on the network. You should only use manual address assignment under these circumstances:

When there are no configured DHCP servers on the network and the network haves multiple network segments. When you are configuring a computer as a DHCP server, you assign that computer a static IP address.

When you configure computers as important network servers such as domain controllers, or DNS servers; you manually assign the IP address to these computers.

DHCP is a service and protocol which runs on a Windows Server 2003 operating system. DHCP functions at the application layer of the TCP/IP protocol stack. One of the primary tasks of the protocol is to automatically assign IP addresses to DHCP clients. A server running the DHCP service is called a DHCP server. The DHCP protocol automates the configuration of TCP/IP clients because IP addressing occurs through the system. You can configure a server as a DHCP server so that the DHCP server can automatically assign IP addresses to DHCP clients, and with no manual intervention. IP addresses that are assigned via a DHCP server are regarded as dynamically assigned IP addresses. The DHCP server assigns IP addresses from a predetermined IP address range(s), called a scope. The functions of the DHCP server are outlined below:

Dynamically assign IP addresses to DHCP clients. Allocate the following TCP/IP configuration information to DHCP clients:
o o o o

Subnet mask information Default gateway IP addresses

Domain Name System (DNS) IP addresses Windows Internet Naming Service (WINS) IP addresses

You can increase the availability of DHCP servers by using the 80/20 Rule if you have two DHCP servers located on different subnets. The 80/20 Rule is applied as follows:

Allocate 80 percent of the IP addresses to the DHCP server which resides on the local subnet. Allocate 20 percent of the IP addresses to the DHCP Server on the remote subnet.

If the DHCP server that is allocated with 80 percent of the IP addresses has a failure, the remote DHCP server would resume assigning the DHCP clients with IP addresses. Because the DHCP service is a very important service in a TCP/IP based network, the following implementations are strongly recommended.

Small networks should have at least one DHCP server. Large networks should have multiple implementations of DHCP servers. This implementation configuration enables the following benefits:
o

Fault tolerance is provided 2

The address space can be split.

The framework for the DHCP protocol is defined in RFC 2131. The DHCP protocol stems from the Bootstrap Protocol (BOOTP) protocol. BOOTP enables clients to boot up from the network instead of booting up from the hard drive. The DHCP server has a predefined pool of IP addresses, from which it allocates IP addresses to DHCP clients. During the boot process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server. When the DHCP client boots on the network, a negotiation process called the DHCP lease process occurs between the DHCP server and client. The negotiation process comprises of four messages, sent between the DHCP server and the DHCP client.

Two messages from the client Two messages from the DHCP server

DHCP scopes
A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within the particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. Scopes for DHCP servers are configured by administrators. A DHCP has to have at least one scope, which includes the following properties.

The specified range of IP addresses which are going to be leased to DHCP clients. The subnet mask The DHCP scope options (DNS IP addresses, WINS IP addresses). The lease duration. The default of 8 days is suitable for small networks. Any reservations. Reservations include elements such as a client always receiving the same IP addresses and TCP/IP configuration information when it starts.

Therefore, when you start designing your DHCP strategy, and you are defining the scopes for your DHCP servers, you should clarify the following.

The start and end addresses which would define the range of addresses you want to utilize. The subnet mask of the particular subnet. The amount of time that the lease should be for the IP addresses leased from your scopes. 3

All other TCP/IP configuration information which you want assigned to DHCP clients. Determine those IP addresses that you want to reserve for clients. Determine whether any clients using statically assigned IP addresses need to be excluded from the address pool.

If you have multiple scopes, remember that clients can only obtain IP addresses from the subnet to which they belong. Clients cannot obtain IP addresses from scopes that are connected with different subnets. However, if your clients should be able to obtain IP addresses from other scopes, you can configure a superscope. A superscope is the grouping of scopes under one administrative entity that enables clients to obtain IP addresses, and renew IP addresses from any scope that is part of the superscope. Superscopes are typically created for under the following circumstances:

The existing scope.s IP addresses supply is being depleted. You want to use two DHCP servers on the same subnet. This is usually for providing redundancy. You need to move clients from one range of IP addresses to a different range of IP addresses.

The DHCP Lease Process

The DHCP lease process, also known as the DHCP negotiation process, is a fairly straightforward process. The DHCP lease process is described below: 1. The DHCP Discover message is sent from the client to the DHCP server. This is the message used to request an IP address lease fro a DHCP server. The message is sent when the client boots up. The DHCP Discover message is a broadcast packet that is sent over the network, requesting for a DHCP server to respond to it. 2. The DHCP servers that have a valid range of IP addresses, sends an offer message to the client. The DHCP Offer message is the response that the DHCP server sends to the client. The DHCP Offer message informs the client that the DHCP server has an available IP address. The DHCP Offer message includes the following information:
o

IP address of the DHCP server which is offering the IP address. 4

o o o

MAC address of the client. Subnet mask Length of the lease

3. The client sends the DHCP server a DHCP Request message. This message indicates that the client accepted the offer from the first DHCP server which responded to it. It also indicates that the client is requesting the particular IP address for lease. The client broadcasts the acceptance message so that all other DHCP servers who offered addresses can withdraw those addresses. The message contains the IP address of the DHCP server which it has selected. 4. The DHCP server sends the client a DHCP Acknowledge message. The DHCP Acknowledge message is actually the process of assigning the IP address lease to the client.

Understanding DHCP and DNS Integration

With Windows Server 2003 Active Directory, Domain Name System (DNS) is the main name resolution method used to provide clients with name to IP address resolution. This in turn enables clients to locate resources on the network. The Dynamic DNS (DDNS) feature, initially introduced in Windows 2000, enables clients to automatically register their IP addresses and host names with a DNS server. When the DHCP service is running on a server, the DHCP server register the IP address of clients in DNS when the clients receive IP addresses from the DHCP server. The client no longer contacts the DDNS server to register its IP addresses because the Windows Server 2003 DHCP service dynamically updates the DNS records on behalf the client. With Windows Server 2003 DHCP, three options are available for registering IP addresses in DNS. The options can be configured for the DHCP server, or for each individual scope. The options which can be specified to enable/disable the DHCP service to dynamically update DNS records on behalf the client are:

The DHCP server can be configured to not register any IP address of the DHCP clients when it assigns IP addresses to these clients.

The DHCP server can be configured to at all times register all IP address of clients when they receive IP addresses from the DHCP server. The default option results in the DHCP server registering the IP addresses of clients with the authoritative DNS server, based on the client.s request for an IP address.

The Advantages of using DHCP

The main advantages of using DHCP are summarized below:

DHCP is included with Windows Server 2003: To implement DHCP requires no additional costs. Centralized, simpler management of IP addressing: You can manage IP addressing from a central location. DHCP also provides for the simple deployment of other configuration options, such as default gateway and DNS suffix. Because the system assigns IP addresses, it leads to less incorrect configurations of IP addresses. This is mainly due to IP configuration information being entered at one location, and the server distributing this information to clients. Duplicated IP addresses are prevented. IP addresses are also preserved. DHCP servers only allocate IP addresses to clients when they request them. The DHCP service of Windows Server 2003 can assign IP addresses to both individual hosts, and multicast groups. Multicast groups are used when communication occurs with server clusters. The Windows Server 2003 DHCP service supports clustering. This enables you to set up high availability DHCP servers. In Windows Server 2003, DHCP integrates with Dynamic DNS (DDNS). This facilitates dynamic IP address management because the DHCP server registers the client computer.s Address (A) records and pointer (PTR) records in the DNS database when the client obtains an IP address. This is made possible through DHCP integration with Dynamic DNS (DDNS). 6

You can monitor the pool of available IP addresses, and also be notified when the IP address pool reaches a certain threshold. Through authorizing DHCP servers in Active Directory, you can restrict your DHCP servers to only those that are authorized. Active Directory also allows you to specify those clients that the DHCP server can allocate addresses to. Dynamic IP addressing through DHCP easily scales from small to large environments. networking

The Disadvantages of using DHCP

The main disadvantages of using DHCP are summarized below:

The DHCP server can be a single point of failure in networking environments that only have one DHCP server. If your network has multiple segments, you have to perform either of the following additional configurations:
o o o

Place a DHCP server on each segment Place a DHCP relay agent on each segment Configure routers to forward Bootstrap Protocol (BootP) broadcasts.

All incorrectly defined configuration information will automatically be propagated to your DHCP clients. There are a few DHCP client implementations that do not function correctly with a Windows Server 2003 DHCP server.

Designing a DHCP Strategy

In order for DHCP to operate successfully, all of your client computers should be able to contact the DHCP server, and contact it at any time. DHCP relies on the network topology, and is in turn relied on by all TCP/IP based hosts within your networking environment. The factors that should be included or determined, when you design a DHCP strategy and determine the placement of the DHCP servers are listed below:

Determine the network topology. 7

Determine the number of hosts on your network. Determine the number of subnets that DHCP will be supporting Determine the location of your routers. Determine the transmission speed between your network segments. Determine whether Dynamic DNS (DDNS) will be used. Determine the number of clients that DHCP will be allocating IP addresses to. Determine the location of these clients. Identify those clients, if any, which could possibly not be able to use DHCP for IP addresses allocation. Identify clients which will be using BOOTP. Identify the WAN links which could possibly cause a failure that could prevent clients from accessing the DHCP server. Define the dedicated or reserved IP addresses that should be excluded from the DHCP address pool range.

The main design requirements associated with DHCP are:

It is recommended to implement at least two DHCP servers to provide redundancy. Having two different DHCP servers ensures a highly available DHCP infrastructure because it could prevent issues which arise when network link failure occurs. If your network has multiple segments, you have to perform either of the following:
o o o

Place a DHCP server on each segment Place a DHCP relay agent on each segment Configure your routers to forward Bootstrap Protocol (BootP) broadcasts.

The failover methods which you should consider implementing when you design a DHCP implementation are:

Deploy a standby DHCP server: In this failover method, the standby DHCP server is configured with the same scope of the primary DHCP server. The standby DHCP server is only brought online when the 8

primary DHC server has a failure.

Deploy a clustered server: Implementing a clustered server provides failover capabilities. Split the scopes: You can split the scopes of your DHCP servers when they are placed on different subnets. This provides failover when the DHCP server has a failure, or when a subnet fails. When splitting the scopes, bear in mind that you do not need to split the scopes in equal proportions. It is recommended to place a larger portion of the scope on the DHCP server that actually serves the local subnet.

Determining the number of DHCP servers and placement

The number of DHCP servers you would need to implement is determined by the following factors:

Network topology Server hardware would influence the number of DHCP clients which the DHCP server would be capable of servicing. Server hardware also affects the performance of your DHCP servers. Network configuration Routing configuration Availability requirements of the DHCP servers The number of clients which the DHCP servers are going to service.

In a routed network, you would need DHCP relay agents if you plan to implement only one DHCP server. The systems that can use the DHCP Relay Agent are: Windows NT Server, Windows 2000 Server, and Windows Server 2003. It is recommended to place the DHCP server on the subnet that has the majority of hosts.

DHCP server requirements

If you are implementing only one DHCP server, you should definitely test that the DHCP server is capable of handling the client load. When deciding on which server to use to run the DHCP service, bear in mind that the performance of the server influences the performance of the DHCP service. The performance of a server can be enhanced when the server has:

Multiple CPUs 9

Multiple network cards High performance hard drives.

If you are implementing multiple DHCP servers, place DHCP servers on all subnets which are connected via slow, unstable WAN links. This in turn prevents DHCP messages from being transmitted over the WAN.

Enabling DHCP support for non Microsoft DHCP clients

For networks that have only Microsoft client computers, setting up your DHCP clients is a fairly easy task. The type of clients which you want your DHCP server to service could lead to additional DHCP design and DHCP configuration requirements. The different types of clients are:

Non Microsoft DHCP clients: These clients may need support for certain DHCP features. Non Microsoft DHCP clients do not necessarily support vendor extensions. Non DHCP Clients: Clients that do not support DHCP have to be manually assigned with IP addresses. BOOTP Clients: These are clients that do not support IP leases. BOOTP clients request IP addresses whenever they start.

DHCP Security Considerations

The aspects which you need to resolve to secure your DHCP environment are:

Because the IP address number in a scope is limited, an unauthorized user could initiate a denial-of-service ( DoS) attack by requesting/obtaining a large numbers of IP addresses. An unauthorized user could use a rogue DHCP server to offer incorrect IP addresses to your DHCP clients. A denial-of-service (DoS) attack can by launched through an unauthorized user that performs a large number of DNS dynamic updates via the DHCP server. Assigning DNS IP addresses and WINS IP addresses through the DHCP server increases the possibility of an unauthorized user using this information to attack your DNS and WINS servers.

To secure your DHCP environment, use the following strategies: 10

Implement firewalls. Close all open unused ports. If necessary, use VPN tunnels. You can use MAC address filters. Use 128-bit Wired Equivalent Privacy (WEP) encryption in wireless networks.

Disable broadcasting the Service Set IDentifier (SSID) in wireless networks.

DHCP Design Best Practices

The best practices for designing a DHCP environment are summarized below:

Plan your DHCP implementation strategy. You should identify all physical and logical subnets, and each router between your different subnets. If your routers can be configured to forward DHCP broadcasts, apply this configuration. You need to add a DHCP relay agent if your routers cannot be configured to forward DHCP broadcasts. It is recommended to configure a DHCP server for size as follows:
o o

10, 0000 or less clients for which to provide services. 1, 000 or less scopes

Improve the performance of your DHCP. This can be done by using the following:
o o

High performance hard drives Hardware RAID disk controller

The DHCP service should not be running on a domain controller if it is going to update DNS records for legacy clients. You should place your DHCP servers and domain controllers on separate computers. Splitting the address range between two DHCP servers provides fault tolerance. Apply the 80/20 rule when you are creating scopes. All Windows NT 4 domain controllers should be upgraded to Windows Server 2003 before you deploy your DHCP servers.

11

If you have two DHCP servers, and you are using reservations for clients; create the reservations on each DHCP server. This would enable a client to obtain its IP address from either of the DHCP servers. If you are using Windows Server 2003 DHCP services use the following DHCP specific features:
o

Secure Updates: This forces a computer to be authenticated in Active Directory before it can obtain an IP address from a DHCP server. Dynamic DNS (DDNS) services: The DHCP server can register IP addresses in DNS on behalf of clients DHCP authorization: This ensures that a Windows 2000 DHCP server or Windows Server 2003 DHCP has to be authorized in Active Directory in order for it to operate in your networking environment.

Securing DHCP Servers

The DHCP server role is responsible for dynamically assigning IP addresses to DHCP clients, and for assigning additional TCP/IP configuration information to DHCP clients as well. This includes subnet mask information, default gateway IP addresses, Domain Name System (DNS) server IP addresses, and Windows Internet Naming Service (WINS) server IP addresses. A DHCP must have at least one scope which consists of the IP addresses which the DHCP server can allocate or assign to DHCP clients. Scope information for DHCP servers is DHCP server specific. The DHCP scope includes important information, such as the specified range of IP addresses which can be leased to DHCP clients, the subnet mask, the DHCP scope options (DNS IP addresses, WINS IP addresses), the lease duration, and any reservations. Reservations include elements such as a client always receiving the same IP addresses and TCP/IP configuration information when it starts. The common threats to DHCP servers are listed here:

An unauthorized user could start a denial-of-service ( DoS) attack by requesting and obtaining a large number of IP addresses. A denial-of-service (DoS) attack can by launched through an unauthorized user that performs a large number of DNS dynamic updates through the DHCP server. An unauthorized user could use a rogue DHCP server to provide incorrect IP addresses to your DHCP clients. Assigning DNS IP addresses and WINS IP addresses through the DHCP server increases the likelihood of an unauthorized user accessing this information and then using it to attack your DNS servers and WINS servers.

As you can see, clients can obtain IP addresses and DNS and WINS server information from the DNS server. To ensure that only authorized individuals or users connect to the DHCP server and obtain a DHCP lease, you should consider limiting physical access and wireless access to the network. 12

You should also consider configuring only the precise number of IP addresses required for each DHCP scope to make it less simple for hackers to intercept IP addresses. You can use the reservations feature to do this. The DHCP server can be a single point of failure in networking environments that only have one DHCP server. You can increase the availability of DHCP servers and protect your DNS servers from DoS attacks by deploying two DHCP servers, and then using the 80/20 Rule if you have two DHCP servers located on different subnets. The 80/20 Rule is applied as follows:

Allocate 80 percent of the IP addresses to the DHCP server which resides on the local subnet. Allocate 20 percent of the IP addresses to the DHCP Server on the remote subnet.

If the DHCP server that is allocated with 80 percent of the IP addresses has a failure or is attacked, the other DHCP server would be able to assign DHCP clients with IP addresses. With Windows Server2003, the following built-in local groups have rights to manage DHCP servers:

Enterprise Admins group: Group members have forest wide administrative rights, and have full control over the DHCP servers. Group members can also authorize DHCP servers in Active Directory. DHCP Administrators group: The DHCP Administrators group is created on each DHCP server. Group members can perform all DHCP specific management tasks, including create, activate, and delete scopes; create reservations and configure DHCP options; and back up and restore the DHCP server database hosted on your DHCP servers. DHCP Users group: The DHCP Users group is also created on each DHCP server. Group members can only view configuration information and statistical information on the DHCP server, check whether client connectivity issues exist because of the depleton of IP addresses, and check which scopes have been activated.

You should limit membership to the above mentioned groups which include rights to change DHCP server settings. You should as far as possible restrict membership to the Enterprise Admins group. If you are running a Windows Server 2003 DHCP server, consider implementing the following measures to further enhance security for DHCP servers:

DHCP authorization ensures that a Windows 2000 DHCP server or Windows Server 2003 DHCP server has to be authorized in Active Directory in order for it to operate in your networking environment. Secure Updates forces a computer to be authenticated in Active Directory before it can obtain an IP address from a DHCP server.

Basic Security Measures for DHCP Servers Basic security measures for securing the DHCP server role are listed here:

Physically secure your DHCP servers. The NTFS file system should be utilized to protect data on the system volume. Apply and maintain a strong virus protection solution. Software patches should be kept up to date. If applicable, programs and software should only be allowed to be installed if they have trusted sources. All services and applications not being utilized on your DHCP servers should be deleted or uninstalled.

13

You should perform administrative tasks on the DHCP servers with the least amount of privileges required. Your DHCP servers should be located behind a firewall. Close all open unused ports. To further secure the DHCP server, you can use VPN tunnels to secure DHCP traffic. You can also use MAC address filters. You should monitor DHCP activity by reviewing DHCP logs and viewing statistical information on your DHCP servers

Backing up and Restoring the DHCP Database By backing up a DHCP serverTMs DHCP database, you will be in a position to recover a lost or corrupted DHCP database. The full content of the DHCP database on a DHCP server is backed up if you back up the database. This includes DHCP leases, DHCP reservations, and all DHCP scope information and DHCP options. You can manually back up the DHCP database by using the DHCP management console or you can schedule an automatic back up DHCP database. To manually back up the DHCP database,
1. Click Start, Administrative Tools, and then click DHCP to open the DHCP management console. 2. Right-click the DHCP server that hosts the DHCP database that you want to back up, and select Backup from the shortcut menu. 3. When the Browse For Folder dialog box opens, select the folder to which the DHCP database should be backed up. 4. Click OK.

To restore a DHCP database,

1. Click Start, Administrative Tools, and then click DHCP to open the DHCP management console. 2. Right-click the DHCP server for which you want to restore the DHCP database, and select Restore from the shortcut menu. 3. When the Browse For Folder dialog box opens, select the folder that contains the back up of the DHCP database that you want to restore. 4. Click OK. 5. Click Yes when prompted to verify that the DHCP database must be restored immediately, and that the DHCP service can be stopped and restarted.

Monitoring and Troubleshooting the DHCP Server

Using Event Viewer to Monitor DHCP Activity
You can use the Event Viewer tool, located in the Administrative Tools folder, to monitor DHCP activity. Event Viewer stores events that are logged in the system log, application log, and security log. The system log contains events that are associated with the operating system. The application log stores events that pertain to applications running on the computer. Events that are associated with auditing activities are logged in the security log. All events that are DHCP-specific are logged in the System log. The DHCP system event log contains events that are associated with activities of the 14

DHCP service and DHCP server, such as when the DHCP server started and stopped, when DHCP leases are close to being depleted, and when the DHCP database is corrupt. A few DHCP system event log IDs are listed below:

Event ID 1037 (Information): Indicates that the DHCP server has begun to clean up the DHCP database. Event ID 1038 (Information): Indicates that the DHCP server cleaned up the DHCP database for unicast addresses:
o o

IP address leases were recovered.

0 records were deleted.

Event ID 1039 (Information): Indicates that the DHCP server cleaned up the DHCP database for multicast addresses:
o o

IP address leases were recovered.

0 records were deleted.

Event ID 1044 (Information): Indicates that the DHCP server has concluded that it is authorized to start, and is currently servicing DHCP client requests for IP addresses. Event ID 1042 (Warning): Indicates that the DHCP service running on the server has detected the following servers on the network. Event ID 1056 (Warning): Indicates that the DHCP service has determined that it is running on a domain controller, and no credentials are configured for DDNS registrations. Event ID 1046 (Error): Indicates that the DHCP service running on the server has determined that it is not authorized to start to service DHCP clients.

Using System Monitor to Monitor DHCP Activity

The System Monitor utility is the main tool for monitoring system performance. System Monitor can track various processes on the Windows system in real time. The utility uses a graphical display that you can use to view current data, or log data. You can specify specific elements or components that should be tracked on the local computer and remote computers. You can determine resource usage by monitoring trends. System Monitor can be displayed in a graph, histogram, or report format. System Monitor uses objects, counters and instances to monitor the system System Monitor is a valuable tool when you need to monitor and troubleshooting DHCP traffic being passed between the DHCP server and DHCP clients. Through System Monitor, you can set counters to monitor:

The DHCP lease process. 15

The DHCP queue length Duplicate IP address discards DHCP server-side conflict attempts

To start System Monitor, 1. Click Start, Administrative Tools, and then click Performance. 2. When the Performance console opens, open System Monitor The DHCP performance counters that you can monitor to track DHCP traffic are:

Acks/sec; indicates the rate at which DHCPACK messages are sent by the DHCP server. Active Queue Length; indicates how many packets are in the DHCP queue for processing by the DHCP server. Conflict Check Queue Length; indicates how many packets are in the DHCP queue that are waiting for conflict detection. Declines/sec; indicates the rate at which the DHCP server receives DHCPDECLINE messages. Discovers/sec; indicates the rate at which the DHCP server receives DHCPDISCOVER messages. Duplicaed Dropped/sec; indicates the rate at which duplicated packets are being received by the DHCP server. Informs/sec; indicates the rate at which the DHCP server receives DHCPINFORM messages. Milliseconds per packet ( to send a response. Avg.); indicates the average time which the DHCP server takes

Nacks/sec; indicates the rate at which DHCPNACK messages are sent by the DHCP server. Packets Expired/sec; indicates the rate at which packets are expired while waiting in the DHCP server queue. Packets Received/sec; indicates the rate that the DHCP server is receiving packets. Releases/sec; indicates the rate at which DHCPRELEASE messages are received by the DHCP server. Requests/sec; indicates the rate at which DHCPREQUEST messages are received by the DHCP server. 16

Using Network Monitor to Monitor DHCP Lease Traffic

You can use Network Monitor to monitor network traffic, and to troubleshoot network issues or problems. Network Monitor shipped with Windows Server 2003 allow you to monitor network activity and use the gathered information to manage and optimize traffic, identify unnecessary protocols, and to detect problems with network applications and services. In order to capture frames, you have to install the Network Monitor application and the Network Monitor driver on the server where you are going to run Network Monitor. The Network Monitor driver makes it possible for Network Monitor to receive frames from the network adapter. The two versions of Network Monitor are:

The Network Monitor version included with Windows Server 2003: With this version of Network Monitor, you can monitor network activity only on the local computer running Network Monitor. The Network Monitor version (full) included with Microsoft Systems Management Server ( SMS): With this version, you can monitor network activity on all devices on a network segment. You can capture frames from a remote computer, resolve device names to MAC addresses, and determine the user and protocol that is consuming the most bandwidth.

Because of these features, you can use Network Monitor to monitor and troubleshoot DHCP lease traffic. You can use the Network Monitor version included in Windows Server 2003 to capture and analyze the traffic being received by the DHCP server. Before you can use Network Monitor to monitor DHCP lease traffic, you first have to install it. The Network Monitor driver is automatically installed when you install Network Monitor. How to install Network Monitor 1. Click Start, and then click Control Panel.

2. Click Add Or Remove Programs to open the Add Or Remove programs dialog box. 3. Click Add/Remove Windows Components. 4. Select Management and Monitoring Tools and click the Details button. 5. On the Management and Monitoring Tools dialog box, select the Network Monitor Tools checkbox and click OK. 6. Click Next when you are returned to the Windows Components Wizard. 7. If prompted during the installation process for additional files, place the Windows Server 2003 CD- ROM into the CD-ROM drive. 8. Click Finish on the Completing the Windows Components Wizard page. Capture filters disregard frames that you do not want to capture before they are stored in the capture buffer. When you create a capture filter, you define settings that can be used to detect the frames that you do want to capture. You can design capture filters in the Capture Window to only capture 17

specific DHCP traffic, by selecting Filter from the Capture menu. You can also create a display filter after you have captured data. A display filter enables you to decide what is displayed. How to start a capture of DHCP lease traffic in Network Monitor 1. Open Network Monitor. 2. Use the Tools menu to click Capture, and then click Start. 3. If you want to examine captured data during he capture, select Stop And View from the Capture menu.

Understanding DHCP Server log Files

DHCP server log files are comma-delimited text files. Each log entry represents one line of text. Through DHCP logging, you can log many different events. A few of these events are listed below:

DHCP server events DHCP client events DHCP leasing DHCP rogue server detection events Active Directory authorization

The DHCP server log file format is depicted below. Each log file entry has the fields listed below, and in this particular order as well:

ID: This is the DHCP server event ID code. Event codes are used to describe information on the activity which is being logged. Date: The date when the particular log file entry was logged on your DHCP server. Time: The time when the particular log file entry was logged on your DHCP server. Description: This is a description of the particular DHCP server event. IP Address: This is the IP address of the DHCP client. Host Name: This is the host name of the DHCP client. MAC Address: This is the MAC address used by the DHCP client's network adapter.

DHCP server log files use reserved event ID codes. These event ID codes describe information on the activities being logged. The actual log file only describes event ID codes which are lower than 50. A few common DHCP server log event ID codes are listed below: 18

00; indicates the log was started. 01; indicates the log was stopped. 02; indicates the log was temporarily paused due to low disk space. 10; indicates a new IP address was leased to a client. 11; indicates a lease was renewed by a client. 12; indicates a lease was released by a client 13; indicates an IP address was detected to be in use on the network. 14; indicates a lease request could not be satisfied due to the scope's address pool being exhausted. 15; indicates a lease was denied. 16; indicates a lease was deleted 17; indicates a lease was expired 20; indicates a BootP address was leased to a client. 21; indicates a dynamic BOOTP address was leased to a client. 22; indicates a BOOTP request could not be satisfied due to the address pool of the scope for BOOTP being exhausted. 23; indicates a BOOTP IP address was deleted after confirming it was not being used. 24; indicates an IP address cleanup operation has started. 25; indicates IP address cleanup statistics. 30; indicates a DNS update request. 31; indicates DNS update failed. 32; indicates DNS update successful.

The following DHCP server log event ID codes are not described in the DHCP log file. These DHCP server log event ID codes relate to the DHCP server's Active Directory authorization status:

50 - Unreachable domain: The DHCP server could not locate the applicable domain for its Active Directory installation. 51 - Authorization succeeded: The DHCP server was authorized to start on the network. 19

52 - Upgraded to a Windows Server 2003 operating system: The DHCP server was recently upgraded to a Windows Server 2003 OS, therefore, the unauthorized DHCP server detection feature (used to determine whether the server has been authorized in Active Directory) was disabled. 53 - Cached authorization: The DHCP server was authorized to start using previously cached information. Active Directory was not visible at the time the server was started on the network. 54 - Authorization failed: The DHCP server was not authorized to start on the network. When this even occurs, it is likely followed by the server being stopped. 55 - Authorization (servicing): The DHCP server was successfully authorized to start on the network 56 - Authorization failure: The DHCP server was not authorized to start on the network and was shut down by Windows Server 2003 OS. You must first authorize the server in the directory before starting it again. 57 - Server found in domain: Another DHCP server exists and is authorized for service in the same Active Directory domain. 58 - Server could not find domain: The DHCP server could not locate the specified Active Directory domain. 59 - Network failure: A network-related failure prevented the server from determining if it is authorized. 60 - No DC is DS enabled: No Active Directory DC was located. For detecting whether the server is authorized, a domain controller that is enabled for Active Directory is needed 61 - Server found that belongs to DS domain: Another DHCP server that belongs to the Active Directory domain was found on the network. 62 - Another server found: Another DHCP server was found on the network. 63 - Restarting rogue detection: The DHCP server is trying once more to determine whether it is authorized to start and provide service on the network. 64 - No DHCP enabled interfaces: The DHCP server has its service bindings or network connections configured so that it is not enabled to provide service.

How to change DHCP log files location 1. Open the DHCP console. 2. Right-click the DHCP server node and select Properties from the shortcut menu.

3. The DHCP Server Properties dialog box opens. 20

4. Click the Advanced tab. 5. Change the audit log file location in the Audit Log File Path text box. 6. Click OK. How to disable DHCP logging 1. Open the DHCP console. 2. Right-click the DHCP server node and select Properties from the shortcut menu. 3. The DHCP Server Properties dialog box opens. 4. On the General tab, clear the Enable DHCP Audit Logging checkbox to disable DHCP server logging. 5. Click OK.

Troubleshooting the DHCP Client Configuration

A DHCP failure usually exists when the following events occur:

A DHCP client cannot contact the DHCP server. A DHCP client loses connectivity.

When these events occur, one of the first tasks you need to perform is to determine whether the connectivity issues occurred because of the actual DHCP client configuration, or whether it occurred because of some other network issue. You do this by determining the address type of the IP address of the DHCP client. To determine the address type, 1. Use the Ipconfig command to determine if the client received an IP addresses lease from the DHCP server. 2. The client received an IP address from the DHCP server if the Ipconfig /all output displays:
o o

The DHCP server as being enabled The IP address is displayed as IP Address. It should not be displayed as Autoconfiguration IP Address.

3. You can also use the status dialog box for the network connection to determine the IP address type for the client. 4. To view this information, double-click the appropriate network connection in the Network Connections dialog box. 21

5. Click the Support tab. 6. The IP address type should be displayed as being Assigned By DHCP. If after the above checks, you can conclude that the IP address was assigned to the client by the DHCP server, some other network issue is the cause of the DHCP server connectivity issues being experienced. The issue is not due to an IP addressing issue on the client. When clients have the incorrect IP address, it was probably due o the computer not being able to contact the DHCP server. When this occurs, the computer assigns its own IP address through Automatic Private IP Addressing (APIPA). Computers could be unable to contact the DHCP server for a number of reasons:

A problem might exist with the hardware or software of the DHCP server. A data-link protocol issue could be preventing the computer from communicating with the network. The DHCP server and the client are on different LANs and there is no DHCP Relay Agent. A DHCP Relay Agent enables a DHCP server to handle IP address requests of clients that are located on a different LAN.

When a DHCP client is assigned an IP address that is currently being used by another client, then an address conflict has occurred. The process that occurs to detect duplicate IP addresses is illustrated below: 1. When the computer starts, the system checks for any duplicate IP addresses. 2. The TCP/IP protocol stack is disabled on the computer when the system detects duplicate IP addresses. 3. An error message is shown that indicates the hardware address of the other system that this computer is in conflict with. 4. The computer that initially owned the duplicate IP address experiences no interruptions, and operates as normally. 5. You have to reconfigure the conflicting computer with a unique IP address so that the TCP/IP protocol stack can be enabled on that particular computer again. When address conflicts exist, a warning message is displayed:

A warning is displayed in the

system tray

A warning message is displayed in the System log, which you can view in Event Viewer.

Addresses conflicts usually occur under the following circumstances: 22

You have competing DHCP servers in your environment: You can use the Dhcploc.exe utility to locate any rogue DHCP servers. The Dhcploc.exe utility is included with the Windows Support Tools. To solve the competing DHCP server issue, you have to locate the rogue DHCP servers, remove the necessary rogue DHCP servers, and then check that no two DHCP servers can allocate IP address leases from the same IP address range. A scope redeployment has occurred: You can recover from a scope redeployment through the following strategy:
o o

Increase the conflict attempts on the DHCP server. Renew your DHCP client leases

One of the following methods can be used to renew your DHCP client leases:
o o

Use the Ipconfig /renew command The Repair button of the status dialog box (Support tab) of the connection can be used to renew the DHCP client lease.

When you click the Repair button of the status dialog box (Support tab) of the connection to renew the DHCP client lease, the following process occurs: 1. A DHCPREQUEST message is broadcast on the network to renew your DHCP clients' IP address leases. 2. The ARP cache is flushed. 3. The NetBIOS cache is flushed.

4. The DNS cache is flushed. 5. The NetBIOS name and IP address of the client is registered again with the WINS server. 6. The computer name and IP address of the client is registered again with the DNS server. You can enable server-side conflict detection through the following process 1. Open the DHCP console 2. Right-click the DHCP server in the console tree, and select Properties from the shortcut menu. 3. When the Server Properties dialog box opens, click the Advanced tab. 4. Set the number of times that the DHCP server should run conflict detection prior to it leasing an IP address to a client. 23

5. Click OK. A few troubleshooting strtegies which you can use when a DHCP client cannot obtain an IP address from the DHCP server, are summarized below:

Use the Ipconfig /renew command or the Repair button of the status dialog box (Support tab) of the connection to refresh the IP configuration of the client. Following the above, verify that the DHCP server is enabled, and that a configured DHCP Relay Agent exists in the broadcast range. If the client still cannot obtain an IP address from the DHCP server, check that the actual physical connection to the DHCP server, or DHCP Relay Agent is operating correctly and is not broken. Verify the status of the DHCP server and DHCP Relay Agent. If the issue still persists after all the above checks have been performed, you might have an issue at the DHCP server or a scope issue might exist. When troubleshooting the DHCP server:
o o o

Check that the DHCP server is installed and enabled. Check that the DHCP server is correctly configured Verify that the DHCP server is authorized.

When troubleshooting the scope configured for the DHCP server:

o o

Check that the scope is enabled. Check whether all the available IP leases have already been assigned to clients

A few troubleshooting strategies which you can use when a DHCP client obtains an IP address from the incorrect scope are summarized below:

First determine whether competing DHCP servers exist on your network. Use the Dhcploc.exe utility, included with the Windows Support Tools to locate rogue DHCP servers that are allocating IP addresses to clients. If no rogue DHCP servers are located through the Dhcploc.exe utility, your next step is to verify that each DHCP server is allocating IP address leases from unique scopes. There should be no overlapping of the address space. If you have multiple scopes on your DHCP server, and the DHCP server is assigning IP addresses to clients on remote subnets, verify that a DHCP Relay Agent that is used to enable communication with the DHCP server has the correct address 24

Troubleshooting the DHCP Server Configuration

If you have clients that cannot obtain IP addresses from the DHCP server, even though they can contact the DHCP server, verify the following:

Verify that the DHCP Server service is running on the particular server. Check the actual TCP/IP configuration settings on the DHCP server. If you are using the Active Directory directory service, verify that the DHCP server is authorized. The DHCP server could be configured with the incorrect scope. Check that the scope is correct on the DHCP server, and verify that it is active.

When you need to verify the configuration of the DHCP server, use the following process:

First check that the DHCP server is configured with the correct IP address. The network ID of the address being used must be the same for the subnet for which the DHCP server is expected to assign IP addresses to client. Verify the network bindings of the DHCP server. The DHCP server must be bound to the particular subnet. To check this, 1. Open the DHCP console 2. Right-click the DHCP server in the console tree, and select Properties from the shortcut menu. 3. When the Server Properties dialog box opens, click the Advanced tab. 4. Click the Bindings button.

Check that the DHCP server is authorized in Active Directory. You have to authorize the DHCP server in Active Directory so that it can provide IP addresses to your DHCP clients. To authorize the DHCP server: 1. Open the DHCP console. 2. In the console tree, expand the DHCP server node. 3. Click the DHCP server that you want to authorize. 4. Click the action menu, and then select Authorize.

Verify the scope configuration associated with the DHCP server: Check that the scope is activated. To activate a scope, 25

1. Open the DHCP console 2. Right-click the scope in the console tree, and select Activate from the shortcut menu.

Verify that the scope is configured with the correct IP address range. Verify that there are available IP address leases which can be assigned to your DHCP clients. Verify the exclusions which are specified in the address pool. Confirm that all exclusions are valid and necessary. You need to verify that no IP addresses are being unnecessarily excluded. Verify the reservations which are specified. If you have a client that cannot obtain a reserved IP address, check whether the same address is also defined as an exclusion in the address pool. All reserved IP addresses must fall within the address range of the scope. Check too that the MAC addresses were successfully registered for all IP addresses that are reserved If you have DHCP servers that contain multiple scopes, check that each of these scopes is configured correctly.

Troubleshooting DHCP Database Issues

The DHCP service uses a number of database files to maintain DHCP-specific data or information on IP addresses leases, scopes, superscopes, and DHCP options. The DHCP database files that are located in the systemroot\System32\DHCP folder are listed below. These files remain open while the DHCP service is running on the server. You should therefore not change any of these files while the DHCP service is running.

Dhcp.mdb: This is considered the main DHCP database file because it contains all scope information. Dhcp.tmp: This file contains a backup copy of the database file which was created during reindexing of the DHCP database. J50.log: This log file contains changes prior to it being written to the DHCP database. J50.chk: This checkpoint file informs DHCP on those log files that still have to be recovered.

If you need to change the role of the DHCP server, and move its functions to another server, it is recommended that you migrate the DHCP database to the new DHCP server. This strategy prevents errors that occur when you manually attempt to recreate information in the DHCP database of the destination DHCP server. To migrate an existing DHCP database to a new DHCP server, 1. Open the DHCP console. 2. Right-click the DHCP server whose database you want to move to a different server, and select Backup from the shortcut menu. 26

3. When the Browse For Folder dialog box opens, select the folder to which the DHCP database should be backed up. Click OK. 4. To prevent the DHCP server from allocating new IP addresses to clients once the DHCP server database is backed up, you have to stop the DHCP server. 5. Open the Services console. 6. Double-click the DHCP server. 7. When the DHCP Server Properties dialog box opens, select Disable from the Startup Type drop down list. 8. Proceed to copy the folder which contains the backup to the new DHCP server. You now have to restore the DHCP backup at the destination DHCP server. 9. Open the DHCP console. 10. Right-click the destination DHCP server for which you want to restore the DHCP database, and select Restore from the shortcut menu. 11. When the Browse For Folder dialog box opens, select the folder that contains the back up of the database that you want to restore. Click OK. 12. Click Yes when prompted to restore the database, and to stop and restart the DHCP service. If your lease information in the DHCP database does not correspond to the actual IP addresses leased to clients on the network, you can delete your existing database files, and commence with a clean (new) database. To do this, 1. Stop the DHCP service. 2. Remove all the DHCP database files from the systemroot\system32\DHCP folder. 3. Restart the DHCP service. 4. You can rebuild the contents of the database by reconciling the DHCP scopes. The DHCP console is used for this. When DHCP database information is inconsistent with what is on the network, corrupt, or when information is missing, you can reconcile DHCP data for the scopes to recover the database. The DHCP service stores IP addresses lease data as follows:

Detailed IP address lease information is stored in the DHCP database. Summary IP address lease information is stored in the DHCP database

These sets of information are compared when scopes are reconciled. Before you can reconcile the DHCP server's scopes, you first have to stop the DHCP service running on the server. You can repair 27

any inconsistencies which are detected by the comparison between the contents of the DHCP database, and the contents of the Registry.

How to reconcile the DHCP database

1. Open the DHCP console 2. Right-click the DHCP server for which you want to reconcile the DHCP database, and then select Reconcile All Scopes from the shortcut menu. The Reconcile All Scopes command also appears as an Action menu item. 3. When the Reconcile All Scopes dialog box opens, click Verify to start the DHCP database reconciliation process. 4. When no inconsistencies are reported, click OK. 5. When inconsistencies are detected, select the addresses which need to be reconciled, and then click Reconcile. 6. The inconsistencies are repaired.

How to reconcile a single scope

1. Open the DHCP console 2. In the console tree, expand the DHCP server node that contains the scope which you want to reconcile. 3. Right-click the scope and then select Reconcile from the shortcut menu. 4. When the Reconcile All Scopes dialog box opens, click Verify to start the scope reconciliation process. 5. When no inconsistencies are detected, click OK. 6. When inconsistencies are detected, select the addresses which need to be reconciled, and then click Reconcile. 7. The inconsistencies are repaired.

DHCP Leasing
An Overview of DHCP
In TCP/ IP based networks, a unique IP address must be assigned to each computer. An IP address is a unique numeric identifier that identifies computers on the network. The Dynamic Host Configuration Protocol (DHCP) is a service that can be implemented to automatically assign unique IP addresses to DHCP clients. 28

DHCP runs at the application layer of the TCP/IP protocol stack to provide the following functions in TCP/IP networks:

Dynamically assign IP addresses to DHCP clients. Allocate the following TCP/IP configuration information to DHCP clients:
o o o o

Subnet mask information Default gateway IP addresses

Domain Name System (DNS) IP addresses Windows Internet Naming Service (WINS) IP addresses.

RFC 2131 defines the framework for the DHCP protocol. The DHCP protocol stems from the Bootstrap Protocol (BOOTP) protocol. The DHCP server is configured with a predetermined pool of IP addresses, from which it allocates IP addresses to DHCP clients. During the boot process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server. When the DHCP client boots up on the network, a negotiation process called the DHCP lease process occurs between the DHCP server and client. The DHCP lease process is also known as the DHCP negotiation process, and is a fairly straightforward process. The remainder of this Article focuses on the DHCP leasing and the DHCP lease process

DHCP Leases
The DHCP lease process is a process that occurs when a computer which is a DHCP client initially boots up on the network, to provide an IP address and any additional TCP/IP configuration parameters to these clients. The terminology and concepts used when discussing DHCP leasing or the DHCP lease process is summarized below:

DHCP lease: This is the amount of time for which a DHCP client is allowed to make use of a specific IP addresses. The default setting for the DHCP lease is 8 days. DHCP lease process: The process which occurs when the client initially boots up on the network. The DHCP lease process enables DHCP clients to automatically obtain IP addresses from a DHCP server. DHCP Discovery Broadcast message: This is a message sent over the network by a client computer that wants to obtain an IP address from a DHCP server. DHCP Offer message: This is message sent by DHCP servers that serves as a reply to a Discovery Broadcast message. DHCP Request Broadcast message: This message indicates that the client accepted an IP address offer from the first DHCP server which responded to it. The client broadcasts this 29

particular message so that all the other DHCP servers that offered addresses to the client can withdraw their IP addresses.

DHCP Acknowledge message: This message is sent by the DHCP server to the DHCP client, and is the process whereby which the IP address lease is assigned to the client. Unlimited lease duration: If you do not want the IP address assigned for a particular client to expire, you assign an unlimited lease duration. DHCP scopes: A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP clients. A scope contains specific configuration information for clients that have IP addresses which are within a particular scope. Scope information for each DHCP server is specific to that particular DHCP server only, and is not shared between DHCP servers. During the DHCP lease process, the DHCP scopes configured for a DHCP server is used to provide a DHCP client with an IP address. You can configure different lease duration settings for each DHCP scope. The lease duration rules which should be implemented when you determine the lease duration time for the scope of each of your subnets are:
o

Use a shorter lease duration time if you have numerous mobile users, and if you are working in an environment that constantly has configuration changes. Use a longer lease duration time if the following statements are true:

There are no mobile computers The environment does not continually experience configuration changes

Increase the default setting of 8 days if the number of IP addresses for each subnet is by far greater than the number of DHCP devices within your environment. Use a shorter lease duration period if you have a limited number of IP addresses for each subnet, and you are near to meeting limit.

Understanding the DHCP Lease Process

The DHCP lease process is a four-step process that occurs when a DHCP client initially boots up on the network. The DHCP process remains unchanged since its initial introduction with Windows NT 4.0. During the DHCP lease process, negotiation for an IP address occurs between a DHCP server and a client that needs to obtain an IP address. In a TCP/IP based network, to uniquely identify computers on the network, each computer must have a unique IP address. To communicate on the Internet and private TCP/IP network, all hosts defined on the network must have IP addresses. The 32-bit IP address identifies a particular host on the network. With DHCP, the system assigns IP addresses to clients, which in turn leads to less incorrect configurations of IP addresses. This is mainly due to IP configuration information being entered at 30

one location, and the server distributing this information to clients. Duplicated IP addresses are also prevented. The DHCP lease process that occurs between the DHCP server and client is a simple process. The negotiation process for an IP address consists of four messages sent between the DHCP server and the DHCP client.

Two messages from the client Two messages from the DHCP server

When the server assigns IP addresses to DHCP clients, it starts allocating addresses commencing from the bottom of its scope range, and starts moving to the top of its scope range. All unused addresses have to be used before the DHCP server:

Allocates a previously used IP addresses to a new DHCP client. The DHCP server first assigns IP addresses that have not been used for the longest amount of time prior to assigning other previously used IP addresses. Allocates an expired IP addresses to a new DHCP client

During the four-step DHCP lease process, the events that occur are defined by the types of DHCP messages which are exchanged between the DHCP server and DHCP client:

DHCPDISCOVER message: This message is used to request an IP address lease from a DHCP server. The message is sent when the client boots up on the network. The message is sent as a broadcast packet over the network, requesting for a DHCP server to respond to it DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers. DHCPREQUEST message: The client sends the initial DHCP server which responded to its request a DHCP Request message. The message basically indicates that the client is requesting the particular IP address for lease. The other DHCP servers who offered addresses withdraw those addresses at this point. DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.

The four steps involved in the DHCP lease process is often called DORA:

Discover Offer Request 31

Acknowledge

The Different Types of DHCP Messages

A complete list of all the different types of DHCP messages are:

DHCPDISCOVER message: Used by DHCP clients to request an IP address lease from a DHCP server. DHCPOFFER message: The DHCP server sends this message in response to a DHCPDISCOVER message. DHCPREQUEST message: The DHCP client sends this message to one of the DHCP servers that replied to its request to obtain an IP address DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client, and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client. DHCPNACK message: This message is sent by the DHCP server to the DHCP client to indicate that the requested IP address is not invalid any more. DHCPRELEASE message: This is a message which a DHCP client sends to a DHCP server before its specified lease duration limit is reached. DHCPDECLINE message: This is a message sent by the DHCP client to the DHCP server. A DHCPDECLINE message indicates that the DHCP client is refusing the IP addresses lease offered by the particular DHCP server. DHCPINFORM messages: This a message used by the DHCP client and the DHCP server for the following purposes:
o

DHCP server end: This message is used when the DHCP service queries Active Directory to verify that the DHCP server is authorized to offer IP addresses to DHCP clients. DHCP client end: When the DHCP client has an IP address, the message is used to obtain DHCP options.

STEP 1: The Discover Phase

The discovery process is the initial step in the DHCP lease process. The discovery stage is initiated when the following events occur:

When a DHCP client boots up for the first time, and starts the TCP/IP stack. When you move from using a manually assigned IP address to using the DHCP protocol to dynamically assign IP addresses 32

When a particular IP address is requested, and is unavailable.

A DHCP client starts the DHCP lease process by broadcasting for an IP address. A DHCP client can be configured by selecting the Obtain An IP Address Automatically option in the TCP/IP addressing properties of the particular client. The main events that occur, and points to remember about the initial step of the DHCP lease process can be summarized as follows: 1. A DHCP client boots up for the first time and starts the TCP/IP stack 2. The client broadcasts a DHCPDISCOVER message over the network, requesting an IP addresses from a DHCP server. 3. The DHCPDISCOVER message is sent on UDP port 68 and destination port 67. 4. Because the client has no IP address at this stage, and does not know the IP address of the DHCP servers running in the network, the discover message uses the following standard address information:
o o

Address of client: 0.0.0.0 Broadcast destination address: 255.255.255.255

5. The discover message also contains the following information:

o o

Media Access Control (

MAC) address of the requesting

NIC

NetBIOS name of the client.

6. The DHCP servers that responds to the discover message use the MAC address and NetBIOS name to identify the client computer, so that it can forward the correct client computer the DHCP offer message. 7. After the client sends the initial discover message, the client waits for 1 second for an IP addresses offer from a DHCP server. 8. If no offer is received from a DHCP server, the client tries again at intervals of 2, 4, 6, and 16 seconds. 9. If no reply is received after this, the client automatically assigns its own IP address through Automatic Private IP Addressing (APIPA). 10. The client continues though to broadcast the discover message at 5 minute intervals untl it obtains an IP address from a DHCP server.

STEP 2: The Lease Offer Phase

33

The DHCP servers listening on the segment of the client that broadcast the discover message, receives the broadcast message of the client. This step in the DHCP lease process occurs when the DHCP servers which have available valid IP addresses, offer the requesting client an IP address in the form of a DHCPOFFER message. The DHCPOFFER message contains the following information:

IP address of the DHCP server which is offering the IP address. MAC address of the DHCP server. The offered IP address The subnet mask associated with the offered IP address The lease duration/period. MAC address of the client.

When a DHCP server offers an IP address to a client, it reserves that particular IP address in its database for the DHCP client. This reservation prevents a DHCP server from offering the same IP address to a different DHCP client. Only when a client refuses an IP address, is the IP address no longer reserved in the database of a DHCP server. The client accepts the IP address in the DHCP offer message from the first DHCP server which responds to its request. The client basically broadcasts a DHCPREQUEST message to indicate that it has accepted an IP address.

STEP 3: The Lease Selection Phase

The third step in the DHCP lease process occurs when the client selects an IP addresses from the responses which it received from the DHCP servers. The client sends the first DHCP server that offered an IP address, a DHCPREQUEST message. This message indicates that the client accepted the offer from the first DHCP server which responded to it. It also indicates that the client is requesting the particular IP address for lease. The client broadcasts the DHCPREQUEST message so that all other DHCP servers who offered addresses can withdraw those addresses. The DHCPREQUEST message contains the IP address of the DHCP server which it has selected.

STEP 4: The Lease Acknowledgment Phase

When a DHCP server receives the DHCPREQUEST message from a client, it responds to the particular client with a DHCPACK message. At this stage, the DHCP server flags the IP address which it offered to the client as being leased in its database. The DHCPACK message contains the following information:

IP address to be assigned to the client Any other TCP/IP configuration information. 34

It is also possible for a DHCP server to reply to the DHCP client with a DHCPNACK message. This message basically indicates that the DHCP server is withdrawing its previously offered IP address. A DHCPNACK message is sent when the IP address which was previously offered is no longer valid. A DHCPNACK message is usually sent when clients attempt to renew a lease for a previously assigned IP address.

DHCP Lease Renewal

If you do not want the IP address assigned for a particular client to expire, and you have enough IP addresses to assign, you can specify the lease duration as an unlimited lease duration. In instances when the lease duration is not specified as an unlimited lease duration, the lease duration will expire. A DHCP client sends the DHCP server a new lease request message when the DHCP lease period is half over (at 50 percent), requesting the DHCP server to allow it to continue using the same IP address. This process is called lease renewal. During lease renewal, the DHCP server resets the lease period, and passes the client any configuration option changes that need to be applied. If the DHCP server does not respond to a client's initial lease renewal request, the client continues to use the IP addresses. The DHCP client sends another lease renewal request to the DHCP server when 87.5 percent of the lease period has elapsed. At this stage, if the DHCP server does not respond, any other DHCP server responds to the message. The lease renewal process is an automatic process. A DHCP client can however manually initiate the lease renewal process. You can at any time, manually initiate the lease renewal process from the DHCP client end. The ipconfig command's /renew and /release switches can be used to request a renewal of a lease, and to release an existing lease duration. The functions carried out by the switches of the ipconfig command are:

ipconfig /renew: Used to request a lease renewal by the DHCP client. This command is usually used in combination with the ipconfig /release command. ipconfig /release: Used to release an IP address lease. At this stage, the DHCP server flags the released IP address as being available again. The ipconfig /renew command usually follows the ipconfig /release command. ipconfig /setclassid classID: This command is used to set a class ID for the DHCP client.

DHCP and Remote Access

DHCP and Remote Access Overview
When a remote computer connects to a remote access server, it is automatically provided with an IP address when the Point-to-Point Protocol (PPP) connection is established. You can configure the RRAS server to allocate

IP addresses to remote clients from:

A static range of IP addresses: This method is usually implemented when there are no internal DHCP servers. 35

An existing DHCP Server: This is achieved by relaying clients to the DHCP server for IP address allocation.

If you have an internal DHCP server, you should configure the remote access server to allocate IP addresses via this server. If your DHCP server is not within broadcast range of the RRAS server, you must perform the one of the following configuration as well:

Configure the DHCP Relay Agent on the remote access server. Configure the DHCP Relay Agent on the same subnet as the remote access server.

The DHCP Relay Agent enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet. The router will drop DHCP broadcast messages if it is not configured to forward them, and no DHCP Relay Agent exists. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have to configure the DHCP Relay Agent on the subnet that contains the remote client, so that it can relay DHCP broadcast messages to your DHCP server. If the remote access server is configured to obtain IP addresses from a DHCP server, to distribute these IP addresses to clients, the following process occurs: 1. When the remote access server starts for the first time, it obtains a block of IP addresses from the DHCP server. 2. The first IP address is used for the remote access server. 3. The remainder of the IP addresses, the remote access server distributes to all TCP/IP based remote access clients during the PPP connection establishment process. 4. When the remote access server needs over 10 IP addresses, it obtains additional blocks of 10 addresses. 5. If the DHCP server was unavailable when the remote access server started, the remote access server assigns its own IP address through Automatic Private IP Addressing (APIPA).

Configuring the RRAS server to use the DHCP server option

To configure your RRAS server to use the DHCP server to obtain IP addresses to distribute to remote TCP/IP clients, you need to perform the following steps:

Configure the DHCP Relay Agent on the remote access server, or on the same subnet. Configure the RRAS server to allocate IP addresses via the Dynamic Host Configuration Protocol (DHCP) option.

To install and configure the DHCP Relay Agent, 1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console. 36

2. Expand the IP Routing node in the console tree, right-click the General node, and then select New Routing Protocol from the shortcut menu. 3. When the New Routing Protocol dialog box opens, select DHCP Relay Agent. 4. Click OK. 5. Expand the IP Routing node in the console tree. 6. Right-click the DHCP Relay Agent node and then select New Interface from the shortcut menu. 7. Select the interface and click OK. 8. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox is selected on the General tab. 9. Click OK. 10. Right-click the DHCP Relay Agent node, and select Properties from the shortcut menu. 11. Enter the DHCP server's IP address. Click Add 12. Click OK. To configure the RRAS server to distribute IP addresses via the Dynamic Host Configuration Protocol (DHCP) option,Open the Routing And Remote Access console. 1. Right-click the RRAS server node and then select Properties from th shortcut menu. 2. Click the IP tab. 3. In the IP Address Assignment area of the IP tab, click the Dynamic Host Configuration Protocol (DHCP) option. 4. Click OK.

The different DHCP and RRAS Configurations

The method in which a remote client obtains IP addressing information is determined by the different configuration options which can be specified. The actual method which a remote client will use is determined by these IP configuration settings. The different DHCP and RRAS configurations that can be specified are:

The IP address is assigned from the static address pool on the RRAS server: This method is enabled when you select the Static Address Pool option on the IP tab of the RRAS server properties dialog box. To configure this method: 37

1. Open the Routing And Remote Access console. 2. Right-click the RRAS server node and then select Properties from the shortcut menu. 3. Click the IP tab. 4. In the Static Address Pool option. 5. Click Add 6. Set the start IP address and end IP address to define the address range for the static address pool. 7. Click OK. Because a remote client can only obtain IP addresses from the RRAS server, it has to access the DHCP server to obtain any other TCP/IP configuration information, such as a DNS server IP address, or WINS server IP address. For this to occur, you have to configure a DHCP Relay Agent for the RRAS server.

The IP address is assigned from the DHCP server via a DHCP Relay Agent: For this method, the Dynamic Host Configuration Protocol (DHCP) option is configured on the IP tab of the RRAS server properties dialog box. Here, the DHCP Relay Agent is configured on the RRAS server. The DHCP server distributes IP addresses and all other TCP/IP configuration information. The IP address is assigned to the security object of the user (Active Directory): For this method, the IP address for the remote client is configured in the properties page of the particular user's security object. When the client connects to the RRAS server, the IP address configured in the properties page is used. The settings configured in the Remote Access Policy are simply ignored.

How to create a new user object in Active Directory 1. Click Start, Administrative Tools, and click the Active Directory Users And Computers console. 2. In the console tree, select the OU wherein you want to create the new user object 3. From the Action menu, click New, and then click User 4. In the New Object - User dialog box, enter information for the fields listed below:
o

First name, Initials, Last name, Full name (automatically populated), User logon name, User logon name (pre-Windows 2000).

5. Click Next 6. Enter a password in the Password field, and verify the password in the Confirm password field. 38

7. If you leave the User must change password at next logon checkbox enabled, the user has to specify a new password at next logon. Click Next 8. Verify the settings that you entered on the Summary page. 9. Click Finish to create the new user object How to configure an IP address for a user object in Active Directory 1. Click Start, Administrative Tools, and click the Active Directory Users And Computers console. 2. Right-click the domain, and select Find from the shortcut menu. The Find option is used to locate objects in Active Directory. You can specify that the search should be performed on the Active Directory directory, or on a particular OU, and you can specify various other search criteria and options. 3. Enter the username that you want to statically assign an IP address for. Click Find Now to locate the particular user object. 4. Double-click the username in the search results window to open the properties page of the user object./li> 5. Click the Dial-in tab. 6. Enable the Assign A Static IP checkbox. 7. Enter an IP address in the available box. 8. Click OK

Managing the DHCP Server

Management Tasks for the DHCP Server
The common management tasks that you need to perform for your

DHCP servers are listed below:

Delegate DHCPadministration to individuals View and analyze DHCPstatistical information Change the status ofthe DHCP service Configure superscopeadministration entities. Back up the DHCPserver database. Restore the DHCPserver database. Repair a corruptedDHCP server database. Move a DHCP databaseto a different DHCP server

Controlling DHCP Administration

39

With Windows Server2003, there are three built-in local groups which have rights to manage your DHCP servers:

Enterprise Admins group: The characteristics of the Enterprise Admins group are: o Group members have forest wide administrative rights o Group members have full control over the DHCP servers. o This is the only group that can authorize DHCP servers in Active Directory. o You should as far as possible restrict membership to the Enterprise Admins group. DHCP Administrators group: The Characteristics of the DHCP Administrators group are: o This group is created on each DHCP server. o Group members can perform all DHCP specific management tasks, including: Create, activate, and delete scopes. Create reservations. Backup and restore the DHCP server database Configure DHCP options o Group members do not however have the same rights as local Administrators. DHCP Administrators group members have rights which are specific to managing DHCP servers only. DHCP Users group: The Characteristics of the DHCP Users group are: o This group is created on each DHCP server. o Group members can only view configuration information and statistical information on the DHCP server. o Group members can check whether client connectivity issues exist because of the DHCP service, or because of the depletion of IP addresses. o Group members can check which scopes have been activated.

How to change the status of the DHCP service

The DHCP console is the management console for administering the DHCP service. The DHCP console is automatically installed when you install the DHCP service on a Windows 2000 or Windows Server 2003 computer. The left pane or console tree in the DHCP console lists the available DHCP servers. The Action menu includes a number of options which are useful when managing your DHCP servers. How to manage the DHCP service 1. 2. 3. 4. Click Start, All Programs,Administrative Tools and then click DHCP. The DHCP console opens. Select the DHCP server that you want to manage in the console tree. From the Action menu, click AllTasks, and choose between the following options: o Start, to start the DHCP service o Stop, to stop the DHCP service o Pause, to pause the DHCP service o Resume, to continue the DHCP service after it was paused. o Restart, to stop and then automatically restart the DHCP service

How to change the change the status of the DHCP service from the command-line 40

Use the following commands to manage the DHCP service from the command-line:

Net Start Dhcpserver Net Stop Dhcpserver Net Pause Dhcpserver Net ContinueDhcpserver

How to create a superscope administration entity

1. Open the DHCP console 2. Right-click the DHCP server in theconsole tree, and select New Superscope from the shortcut menu. 3. The New Superscope Wizard starts. 4. On the intial page of the NewSuperscope Wizard, click Next. 5. On the Superscope Name page,provide a name for the new superscope. Click Next. 6. On the Select Scopes page, selectone or numerous scopes that you want to be part of the new superscope.Click Next. 7. On the Completing the NewSuperscope Wizard page, click Finish to create the new superscope. 8. Verify that the newly created DHCPsuperscope is displayed in the DHCP console. 9. You now have to activate the newsuperscope. 10. Right-click the superscope in the console tree, and select Activate from the shortcut menu to activate it.

How to view and analyze DHCP statistical information

To view statistical information on your DHCP servers: 1. Open the DHCP console. 2. In the console tree, right-click the DHCP server, and then click Display Statistics from the shortcut menu. 3. The Statistics dialog box opens,displaying the information on: o The scopes configured for the DHCP server o Information on the DHCP lease process messages o IP address usage and availability The server statistic headers which are displayed in the Statistics dialog box are listed below:

Start Time; time when the DHCP service started Up Time; indicatesthe time from the last time when the DHCP service was started. Discovers; indicatesthe number of DHCPDISCOVER messages that was received. Offers; indicates the number of DHCPOFFER messages that was sent. Requests; indicatesthe number of DHCPREQUEST messages that was received. Acks; indicates the number of DHCPACK messages that was sent. Nacks; indicates the number of DHCPNACK messages that was sent. Declines; indicates the number of DHCPDECLINE messages that was received. Releases; indicates the number of DHCPDISCOVER messages that was received. 41

Total Scopes;indicates the number of DHCP scopes which are configured for this particular DHCP server. Total Addresses; indicatesthe number of IP addresses that are available in the scopes that are configuredfor the DHCP server. In Use; indicates the number of IP addresses that are being used. Available; indicates number of IP addresses that are available.

You can also view statistical information on the DHCP server in the DHCP server logs. How to view statistical information on a specific scope 1. Open the DHCP console. 2. In the console tree, right-click the scope that you want to view statistical information on, and select ScopeStatistics from the shortcut menu. 3. Information is displayed on the following: o The total number of IP addresses in the particular scope. o The number of IP addresses in the scope that are being used. o The number of IP addresses in the scope that are available. How to refresh DHCP statistical information 1. Open the DHCP console. 2. In the console tree, right-click the DHCP server for which you want to refresh statistical information, and then select Properties from the shortcut menu. 3. On the General tab, select the Automatically Update Statistics Every: checkbox. 4. Use the Hours and Minutes boxes to specify when the statistical information should be refreshed. 5. Click OK.

Backing up the DHCP Server Database

Backing up the DHCP database on the DHCP server is important because it enables you to recover a lost or corrupted DHCP database. With Windows Server 2003, the following methods are supported for backing up the DHCP server database:

Manually back up the DHCP database by using the DHCP console Schedule an automatic back up of the DHCP database.

When the DHCP database is backed up, the contents of the entire database is backd up: This includes the following key information:

Scope information,multicast scope information, and superscope information. DHCP leases DHCP reservations. DHCP options,including, o Server options o Scope options o Class options 42

Reservation options

When manually backing up the DHCP database:

The DHCP service only needs to be stopped if you are planning to move the database to a different DHCP server. The location for the backup folder has to be a local directory.

How to manually back up the DHCP database

1. Open the DHCP console. 2. Right-click the DHCP server that contains the database that you want to back up, and select Backup from the shortcut menu. 3. When the Browse For Folder dialogbox opens, select the folder to which the DHCP database should be backedup. 4. Click OK.

How to restore the DHCP database :

1. Open the DHCP console. 2. Right-click the DHCP server for which you want to restore the DHCP database, and select Restore from the shortcut menu. 3. When the Browse For Folder dialogbox opens, select the folder that contains the back up of the database that you want to restore. 4. Click OK. 5. Click Yes when prompted to verify that the DHCP database must be restored immediately, and that the DHCP service can be stopped and restarted.

How to repair and compact the DHCP database

Windows Server 2003 includes the jetpack command-line utility which can be used to:

Repair anin consistent or corrupt DHCP database Compact the DHCP database (offline)

It is recommended to perform an offline compaction of the DHCP database when the database size is over 30 MB. The syntax for jetpack.exe is:
jetpack database_nametemporary_database_name

To repair the DHCP database using Jetpack.exe, 1. 2. 3. 4. Click Start, Run, and enter cmd in the Run box. Locate the DHCP database directory. Enter net stop dhcp. Enter jetpack dhcp.mdb<temp> 43

<temp>;

name and location of the temporary file that is to be used to repair the DHCP database.

5. Enter net start dhcp.

How to move a DHCP database to a different DHCP server

1. Open the DHCP console. 2. Right-click the DHCP server whose database you want to move to a different server, and select Backup from the shortcut menu. 3. When the Browse For Folder dialogbox opens, select the folder to which the DHCP database should be backedup. 4. Click OK. 5. To prevent the DHCP server from allocating new IP addresses to clients once the DHCP server database is backed up, you have to stop the DHCP server. 6. Open the Services console. 7. Double-click the DHCP server. 8. When the DHCP Server Properties dialog box opens, select Disable from the Startup Type drop down list. 9. Proceed to copy the folder which contains the backup to the destination DHCP server. 10. You now have to restore the DHCP backup at the destination DHCP server. 11. Open the DHCP console. 12. Right-click the destination DHCP server for which you want to restore the DHCP database, and select Restore from the shortcut menu. 13. When the Browse For Folder dialogbox opens, select the folder that contains the back up of the database that you want to restore. 14. Click OK. 15. Click Yes when prompted to restore the database, and to stop and restart the DHCP service.

Configuring DHCP
Configuring the DHCP Server Environment
The primary steps required for configuring and managing your

DHCP server environment are:

Install the DHCP service on a server Authorize the DHCP server in Active Directory. Configure the necessary DHCP scopes for your subnets. Configure superscopes and multicast scopes Configure the DHCP lease duration. Configure the DHCP options. 44

Configure the DHCP reservations. Configure the BOOTP tables. Configure DHCP and DDNS integration. Configure split scopes for fault tolerance.

How to install the DHCP service

1. Click Start, Control Panel, and then click Add Or Remove Programs.

2. When the Add Or Remove Programs dialog box opens, click Add/Remove Windows Components. 3. This starts the Windows Components Wizard. 4. In the Components list box, select Networking Services, and then click the Details button.

5. The Networking Services dialog box opens. 6. In the Subcomponents Of Networking Services list box, check the Dynamic Host Configuration Protocol (DHCP) checkbox. 7. Click OK. 8. Click Next. 9. When The Completing The Windows Components Wizard page is displayed, click Finish.

How to manage the DHCP service from the DHCP console

The DHCP console, the management console for administering the DHCP service, is automatically installed when you install the DHCP service on a Windows 2000 or Windows Server 2003 computer. When you open the DHCP console, the left pane or console tree lists the available DHCP servers. Each DHCP server

node has the following folders:

Scope(s) folder Server Options folder Each scope contains the following additional folders:
o o

Address Pool: This view lists address pool information. Address Leases: This view contains an entry for each existing entry includes the following information: IP address lease. An

45

Client computer name to which the particular The IP address associated with the lease. Lease expiration information.

IP address lease was allocated.

Reservations: This view indicates which IP addresses are reserved, and the particular devices which have these reserved IP addresses. Scope Options: This view shows the options which are configured for the particular scope.

The Action menu includes a number of options which are useful when managing your DHCP servers. To start, stop, pause, resume, or restart the DHCP service, 1. Click Start, All Programs, Administrative Tools and then click DHCP. 2. The DHCP console opens. 3. Select the DHCP server that you want to manage in the console tree. 4. From the Action menu, click All Tasks, and choose between the following options:
o o o o o

Start, to start the DHCP service Stop, to stop the DHCP service Pause, to pause the DHCP service Resume, to continue the DHCP service after it was paused. Restart, to stop and then automatically restart the DHCP service

How to manage the DHCP service from the command-line

Use the following commands to manage the DHCP service from the command-line:

Net Start Dhcpserver Net Stop Dhcpserver Net Pause Dhcpserver Net Continue Dhcpserver

How to authorize the DHCP server in Active Directory

46

If the Active Directory directory service is running in your networking environment, you have to authorize the DHCP in Active Directory so that it can provide IP addresses to your DHCP clients. When you authorize the DHCP server, the IP address of the server is added to the Active Directory object that contains the list of authorized DHCP servers. You would need to manually authorize the DHCP server in Active Directory under the following circumstances:

When the DHCP service is installed on a stand-alone server When the DHCP service is installed on a member server of an Active Directory domain.

To authorize the DHCP server in Active Directory 1. Click Start, All Programs, Administrative Tools and then click DHCP to open the DHCP console. 2. In the console tree, expand the DHCP server node. 3. Click the DHCP server that you want to authorize. 4. Click the Action menu, and then select Authorize. 5. After waiting for approximately 45 minutes for the authorization to occur, right-click the DHCP server, and verify that Unauthorize is displayed on the shortcut menu.

The various administration tasks for configuring DHCP scopes

The various functions associated with configuring and managing DHCP scopes are summarized below:

Creating new scopes for your DHCP servers: You would need the following information when you create a new scope:
o

The IP address range for the scope: The start and end IP addresses that defines the address range for the new scope. The IP addresses that should be excluded from the IP address pool. The IP addresses that should be reserved. The configuration parameters which you want to set for the DHCP options.

o o o

Configuring properties for a scope Configuring scope options Configuring reservations 47

Configuring exclusions Creating a new superscope Creating a multicast scope

How to create a new scope

1. Click Start, All Programs, Administrative Tools and then click DHCP to open the DHCP console. 2. In the console tree, expand the DHCP server node. 3. Select the DHCP server. 4. Click the Action menu, and then select New Scope. 5. The New Scope Wizard starts. 6. Click Next on the initial page of the New Scope Wizard. 7. On the Scope Name page, enter a name for the new scope in the Name text box. 8. Enter a description in the Description text box. Click Next. 9. On the IP Address Range page, enter the start IP address and end IP address that defines the range of new scope in the Start IP Address text box, and End IP Address text box respectively. 10. Enter the subnet mask in the Subnet Mask text box. 11. Select the value in the Length spin box. The subnet length mask is automatically defined as 24. Click Next. 12. On the Add Exclusions page, using the Start IP Address and End IP Address text boxes, define any exclusions. Click Add. Click Next. 13. On the Lease Duration page, you can change the default lease duration of 8 days. Use the Days, Hours and Minutes boxes to define the lease duration. Click Next. 14. On Configure DHCP Options page, click the Yes, I Want To Configure These Options Now option and then click Next. 15. On the Router (Default Gateway) page, enter the IP address of the default gateway (router) that connects the subnet to the network. Click Add. Click Next. 16. On the Domain Name And DNS Servers page, enter the default parent domain name that clients will be using to locate network hosts, in the Parent Domain box.

48

17. Enter the name of the DNS server that you want clients to use for name to IP address resolution in the lower portion of the Domain Name And DNS Servers page. Click Add ad then click Next. 18. On the WINS Server page, if applicable, enter the IP address of the WINS server. Click Add and then click Next. 19. On the Activate Scope page, click the Yes, I want to activate this scope now option. Click Next. 20. On the Completing The New Scope Wizard page, click Next.

How to change existing scope properties

To change existing scope properties, use the General tab of the Scope Properties dialog bo. The scope properties that can be changed are:

Scope Name text box: Enables you to change the name of the scope. Start IP Address and End IP Address text boxes: Enables you to change the range of the existing scope. Subnet Mask text box: This is automatically populated, based on the IP address range that is specified. Lease Duration For DHCP Clients area of the General tab: Use the Days, Hours and Minutes boxes to change the existing lease duration for IP addresses of this scope.

How to configure DHCP options

DHCP options are settings which you define the DHCP server to distribute to your DHCP clients when it assigns IP addresses to clients. The DHCP options are client specific. If a DHCP client does not support a particular option, the option is ignored for the particular client. The common DHCP options which you can define in the DHCP console are:

Router (003): Indicates the default gateway router. DNS Servers (006): Indicates the DNS servers DNS Domain Name (015): Indicates the parent DNS domain name for the DNS locater service. ARP Cache Timeout (035): Indicates the timeout for the ARP cache entries

WINS Servers (044): Indicates the WINS servers. WINS Node Type (046): Indicates the NetBIOS. Classless Static Routes (249): Indicates the destination, router and mask for static routes. 49

There are four different types of DHCP options. The DHCP options are applied in a particular sequence, with any previously applied option being overwritten by any conflicting later applied option. The DHCP options and the order in which they are applied are listed below: 1. Server options: These options apply to each scope configured on the DHCP server, and also apply to all clients that obtain an IP address from the particular DHCP server. Server options are always applied first. 2. Scope options: These options are applied at the scope level, and after the Server options are applied. Scope options are applicable to a particular scope only. 3. User and Vendor Class options: You can use User classes to assign options to clients that have the same requirements. Vendor classes can be used to assign vendor specific options to clients that have the same vendor. 4. Reserved options. Reservations work differently from the above mentioned options. Each reservation has to be manually configured by an administrator. To configure User Class options, 1. Open the DHCP console. 2. Right-click the DHCP server you want to work with, and select Define User Classes from the shortcut menu. 3. When the DHCP User Classes dialog box opens, click the Add button to create a new class. 4. The New Class dialog box opens. 5. In the Display name field, enter the name for the new class. 6. In the Description field, enter a description for new class. 7. In the ID field, enter the class ID. 8. Click OK to create the new user class. 9. The newly created class should be displayed in the DHCP User Classes dialog box. 10. Click Close to close the DHCP User Classes dialog box, and to return to the DHCP console. 11. If you want to configure the class options at the server level, right-click the Server Options node in the console tree and select Configure Options from the shortcut menu. 12. If you want to configure the class options at the scope level, right-click the Scope Options node and select Configure Options from the shortcut menu.

50

13. Click the Advanced tab, and choose the class which you just created from the User Class drop-down list. 14. Set the options which you want specified for the class. 15. Click OK.

How to configure DHCP reservations

1. Open the DHCP console 2. Expand the DHCP server node in the console tree, and then expand the Scope node. 3. Right-click Reservations node, and select New Reservation from the shortcut menu. 4. When the New Reservation dialog box opens, enter the following information in the fields provided in the dialog box:
o

Reservation Name: Enter a name for the new reservation that uniquely identifies the particular client that is being reserved. IP Address: Enter the reserved IP address in this text box MAC Address: Enter the MAC address of the Description: Enter a useful description (optional). The options which can be selected under the Supported Types area of the New Reservation dialog box are:

o o o o

NIC of the client.

Both DHCP Only BOOTP Only

5. Click OK.

How to configure BOOTP table entries

The DHCP service in Windows Server 2003 includes support for BOOTP clients. Before you can configure BOOTP client support, you first have to allow the BOOTP table folder to be viewed in the DHCP console. To do this,
o o o

Open the DHCP console. Right-click the DHCP server node and select Properties from the shortcut menu. On the General tab, click the Show the BOOTP table folder checkbox. 51

o o

Click OK. Proceed to right-click the BOOTP table folder, and select New Boot Image from the shortcut menu. When the Add BOOTP Entry dialog box opens, enter the following information:

Boot image file name Server path to the boot file image IP address or name of the Trivial File Transfer Protocol (TFTP)

Click Add to create the new BOOTP table.

To enable dynamic BOOTP client support for a DHCP scope,

o o o o o

Open the DHCP console. Expand the DHCP server node and the Scope node in the console tree. Right-click the particular scope and then select Properties from the shortcut menu. Click the Advanced tab. In the Assign IP Addresses Dynamically To Clients Of area, select Both, or select BOOTP only. In the Lease Duration For BOOTP Clients area, change the lease duration if required. Click OK.

o o

The available vendor extensions that a Windows Server 2003 DHCP server can offer a BOOTP client are listed below:
o o o o o o o

BOOTP code 1; Subnet Mask BOOTP code 3; Router BOOTP code 4; Time Server BOOTP code 5; Name Server BOOTP code 9; LPR Server BOOTP code 12; Computer Name BOOTP code 15; Domain Name 52

o o o o o o o o o o

BOOTP code 17;

Root Path

BOOTP code 42; NTP Servers BOOTP code 44; WINS Server BOOTP code 45; NetBIOS over TCP/IP Datagram Distribution Server BOOTP code 46; NetBIOS over TCP/IP Node Type BOOTP code 47; NetBIOS over TCP/IP Scope BOOTP code 48; Window System Font Server BOOTP code 49; Window System Display Manager BOOTP code 69; SMTP Server BOOTP code 70; POP3 Server

How to create a DHCP superscope

o o

Open the DHCP console Right-click the DHCP server in the console tree, and select New Superscope from the shortcut menu. The New Superscope Wizard starts. On the initial page of the New Superscope Wizard, click Next. On the Superscope Name page, provide a name for the new superscope. Click Next. On the Select Scopes page, select one or numerous scopes that you want to be part of the new superscope. Click Next. On the Completing the New Superscope Wizard page, click Finish to create the new superscope. Verify that the newly created DHCP superscope is displayed in the DHCP console.

o o o o

To activate a superscope
o o

Open the DHCP console. Right-click the superscope that you want to activate, ad select Activate from the shortcut menu.

How to delete a superscope

53

o o

Open the DHCP console. Right-click the superscope that you want to delete, and select Delete from the shortcut menu. Only the superscope is deleted. All the scopes that were contained in the deleted superscope remain intact.

How to create a multicast scope

o o

Open the DHCP console Right-click the DHCP server in the console tree, and select New Multicast Scope from the shortcut menu. The New Multicast Scope Wizard starts. On the initial page of the New Multicast Scope Wizard, click Next. On the Multicast Name page, provide a name for the new multicast scope. Click Next. On the IP Address Range page, enter the start IP address and the end IP address for the new multicast scope. Specify the Time to Live (TTL), and then click Next. On the Add Exclusions page, enter the IP addresses in the address range which should be excluded. Click Next. On the Lease Duration page, accept or change the default lease duration of 30 days. Click Next. On the Activate Multicast Scope page, click Yes to activate the scope immediately. On the Completing the New Multicast Scope Wizard page, click Finish to create the new multicast scope. Verify that the newly created multicast scope is displayed in the DHCP console.

o o o o

o o

o o

How to enable DHCP and DNS integration

o o o o

Open the DHCP console. Right-click the DHCP server, and then select Properties from the shortcut menu. When the Server Properties dialog box opens, click the DNS tab. Ensure that the Enable DNS Dynamic Updates According To The Settings Below checkbox is selected 54

Select the Dynamically Update DNS A And PTR Records Only If Requested By The DHCP Clients option. Select the Discard A And PTR Records When Lease Is Deleted checkbox. Click OK.

o o

How to configure clients for dynamic addressing from a DHCP server

o o

Click Start, Control Panel, and then click Network Connections. Right-click the network connection you want to work with, and then click Properties from the shortcut menu. If you are working with the local area connection, on the General tab, select Internet Protocol (TCP/IP), and then click the Properties button When the Internet Protocol (TCP/IP) Properties dialog box opens, click the Obtain An IP Address Automatically option. If you want the client to automatically obtain DNS server information from the DHCP server, select the Obtain DNS Server Address Automatically option. Click OK.

How to enable server-end conflict detection

o o

Open the DHCP console Right-click the DHCP server in the console tree, and select Properties from the shortcut menu. When the Server Properties dialog box opens, click the Advanced tab. Set the number of times that the DHCP server should run conflict detection prior to it leasing an IP address to a client. Click OK.

o o

How to configure split scopes and clustering for fault tolerance

o o

Configure all the necessary scopes for your DHCP servers Configure your exclusions, on the basis that the primary DHCP server will be managing 80 percent of the address pool, and the secondary will be managing 20 percent of the address pool. 55

o o o o o o o o o o

Configure a superscope that includes all the scopes for the subnet. From the Administrative Tools folder, open the Cluster Administrator management tool. Choose the cluster that will host the DHCP service. From the File menu, click Configure Application. The Configure Application Wizard starts next. Click Next on the initial page of the Configure Application Wizard. Select the Use an Existing Virtual Server option. Select the group, and select the Create A New Virtual Server option. Create a new virtual server through the Wizard. Select the Yes, Create A Cluster Resource For My Application Now option, and then select the DHCP resource type. Click Next. Provide a name and description for the DHCP resource. Click Next. Click Advanced Properties, and then click the Dependencies tab. Click the Modify button. Select the IP address, physical disk, and name for the DHCP server. Click OK. On the Application Resource Name and Description page, click Next. Verify your configuration settings, and then click Finish. Right-click the DHCP resource, and select Bring Online from the shortcut menu. You have to authorize the DHCP server in Active Directory.

o o o o o o o o

DHCP Relay Agents

DHCP Relay Agent Overview
The Dynamic Host Configuration Protocol (DHCP) is a service that runs at the application layer of the TCP/ IP protocol stack to dynamically assign IP addresses to DHCP clients, and to allocate TCP/IP configuration information to DHCP clients. This includes subnet mask information, default gateway IP addresses, DNS IP addresses, and WINS IP addresses. The DHCP protocol is derived from the Bootstrap Protocol (BOOTP) protocol. The DHCP server is configured with a predetermined pool of IP addresses (scopes), from which it allocates IP addresses to DHCP clients. During the boot 56

process, DHCP clients request IP addresses, and obtain leases for IP addresses from the DHCP server. When the DHCP client boots up on the network, the DHCP lease process occurs between the DHCP server and DHCP client. During the DHCP lease process, the DHCP scopes configured for a DHCP server is used to provide DHCP clients with IP addresses. The DHCP lease process consists of four messages sent between the DHCP server and the DHCP client:

DHCPDISCOVER message: This message is sent by a client when it boots up on the network to request an IP address lease from a DHCP server. The message is sent as a broadcast packet over the network, requesting for a DHCP server to respond to it DHCPOFFER message: This message is a response to a DHCPDISCOVER message, and is sent by one or numerous DHCP servers. DHCPREQUEST message: The client sends the initial DHCP server which responded to its request a DHCP Request message. The message indicates that the client is requesting the particular IP address for lease. DHCPACK message: The DHCP Acknowledge message is sent by the DHCP server to the DHCP client and is the process whereby which the DHCP server assigns the IP address lease to the DHCP client.

Because the DHCPDISCOVER message is a broadcast message, and broadcasts only cross other segments when they are explicitly routed, you might have to configure a DHCP Relay Agent on the router interface so that all DHCPDISCOVER messages can be forwarded to your DHCP server. Alternatively, you can configure the router to forward DHCP messages and BOOTP message. In a routed network, you would need DHCP Relay Agents if you plan to implement only one DHCP server. For DHCP to operate, all of client computers should be able to contact the DHCP server. DHCP relies on the network topology, and is in turn relied on by all TCP/IP based hosts within your networking environment. Therefore, if your network has multiple segments, you have to perform either of the following:

Place a DHCP server on each segment Place a DHCP Relay Agent on each segment Configure your routers to forward broadcast messages.

The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers that do not support forwarding of these types of messages. The DHCP Relay Agent is therefore the routing protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet, or which is not located on the local subnet. If you have no configured DHCP Relay Agent, your clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it can relay DHCP broadcast messages to your DHCP server. The systems that can use the DHCP Relay Agent are:

Windows NT Server Windows 2000 Server Windows Server 2003

57

In routed networks, you need to either enable your routers to forward DHCP broadcast messages or configure a DHCP Relay Agent for the following resons:

The router will drop DHCP broadcast messages if it is not configured to forward them, and no DHCP Relay Agent exists. The DHCP lease process would not be able to place. The initial message sent by the DHCP client is a broadcast message.

Configuring the DHCP Relay Agent

The process for configuring the DHCP Relay Agent is outlined below:

Enable Routing and Remote Access Server (RRAS) Install the DHCP Relay Agent routing protocol Configure DHCP Relay Agent properties Configure/enable the DHCP Relay Agent on the router interface to forward DHCP broadcast messages. View statistical information on the operation of the DHCP Relay Agent

How to enable Routing and Remote Access Server (RRAS)

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console. 2. Right-click the node of your server, and then choose Configure And Enable Routing and Remote Access from the shortcut menu. 3. The Routing and Remote Access Server Setup Wizard launches. 4. Click Next on the initial page of the wizard. 5. On the Configuration page, select the Custom Configuration option. Click Next. 6. On the Custom Configuration page, enable the LAN Routing checkbox. Click Next. 7. Verify your configuration settings on the Summary page. 8. Click Finish. 9. Click Yes when prompted to start the RRAS service.

How to install the DHCP Relay Agent routing protocol

1. 2. 3. 4. 5. 6. Open the Routing And Remote Access console Expand the IP Routing node in the console tree. Right-click the General node, and then select New Routing Protocol from the shortcut menu. The New Routing Protocol dialog box opens. Select DHCP Relay Agent. Click OK.

How to configure DHCP Relay Agent properties

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console. 2. Expand the IP Routing node in the console tree. 3. Right-click the DHCP Relay Agent node, and then select Properties from the shortcut menu. 4. On the General tab, enter the IP address of the DHCP server in the Server Address text box, and click Add. 5. Repeat the above step for each DHCP server that you have to add. 6. Click OK.

58

How to enable the DHCP Relay Agent on a router interface

1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console. 2. Expand the IP Routing node in the console tree. 3. Right-click the DHCP Relay Agent node and then select New Interface from the shortcut menu. 4. Select the interface that is on the same subnet as the DHCP clients. 5. Click OK. 6. In the DHCP Relay Properties dialog box, ensure that the Relay DHCP Packets checkbox is selected on the General tab. 7. You can change the Hop-Count Threshold and Boot Threshold values. 8. Click OK.

How to view statistical information on the operation of the DHCP Relay Agent
1. Click Start, All Programs, Administrative Tools and then click Routing and Remote Access to open the Routing And Remote Access console. 2. Select the DHCP Relay Agent node, and view the statistical information that is displayed in the details pane of the Routing And Remote Access console: o Received requests o Received replies o Discarded requests o Discarded replies

59