Announcement

Collapse
No announcement yet.

Migrating DHCP server from old to new servers?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Migrating DHCP server from old to new servers?

    I had two AD servers in one of our sites as followes:

    * AD-2, Win2K3, IP:192.168.37.7, DNS
    * AD-FL, Win2K3, IP:192.168.37.6, DNS, DHCP

    DHCP consists of 7 subnets for various departments and equipment. DHCP was working OK.

    I decommissioned AD-2, DCPROMO it out of the domain, rebuilt it to Win2K8, giving it the name AD-1 with the same IP, DCPROMO it back into the domain and added the deactivated DHCP scopes.

    DNS was changed on all IP statically assigned servers including AD-1 & AD-FL. The new DHCP scopes on AD-1 had the DNS options for 192.168.37.7 (AD-1) & 192.168.37.6 (AD-FL).

    I then de-activated the DHCP server on AD-2 and activated it on AD-1. But for some reason, none of the workstations were able to get an IP other than 169.254.xxx.xxx.

    The only thing I could find was that the users who reported that they could not access the network were on subnet N39, on which when I looked at the DHCP options for that subnet, on the AD-1 server, did not have a defined Router option. Would this have been the reason why they did not get an IP?

    I'm thinking that when the DHCP server send the DHCP client a DHCPAck, it not only allows the DHCP client to use the IP offered by the DHCP server, but the DHCP options are also sent in this message. Without a gateway/router defined option, does the DHCP client lose the IP sent and gives itself a 169.254 address instead?

    From the AD-1 System event log, I see the following:
    Log Name: System
    Source: Microsoft-Windows-DHCP-Server
    Date: 8/11/2013 8:14:07 PM
    Event ID: 1056
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: AD-1.MyDomain.com
    Description:
    The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
    <EventID Qualifiers="0">1056</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-11-08T09:14:07.000000000Z" />
    <EventRecordID>4251</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>AD-1.MyDomain.com</Computer>
    <Security />
    </System>
    <EventData>
    <Data>The operation completed successfully.
    </Data>
    <Binary>00000000</Binary>
    </EventData>
    </Event>
    I've never had to setup credentials before so I'm not sure why this is here, but I will have to investigate further.

    Log Name: System
    Source: Microsoft-Windows-DHCP-Server
    Date: 8/11/2013 8:14:11 PM
    Event ID: 1044
    Task Category: None
    Level: Information
    Keywords: Classic
    User: N/A
    Computer: AD-1.MyDomain.com
    Description:
    The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain brightstarcorp.com, has determined that it is authorized to start. It is servicing clients now.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DHCP-Server" Guid="{6D64F02C-A125-4DAC-9A01-F0555B41CA84}" EventSourceName="DhcpServer" />
    <EventID Qualifiers="0">1044</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-11-08T09:14:11.000000000Z" />
    <EventRecordID>4253</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>AD-1.MyDomain.com</Computer>
    <Security />
    </System>
    <EventData>
    <Data>
    </Data>
    <Data>MyDomain.com</Data>
    <Data>0</Data>
    <Binary>00000000</Binary>
    </EventData>
    </Event>
    Any ideas what the possible cause could be?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Migrating DHCP server from old to new servers?

    I found out what the issue was. The core switches have a setting which sends DHCP packets across subnets and this was set to the old DHCP server, AD-FL and was not changed. This setting needs to be changed to the IP of the new DHCP server, AD-1.

    On a side note, I'd love to know why I'm getting the Event ID 1056 error. Anyone?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

    Comment


    • #3
      Re: Migrating DHCP server from old to new servers?

      Have a look here http://msmvps.com/blogs/acefekay/arc...ate-group.aspx

      QUOTE:
      For Windows 2008 and older: To force DHCP to own and control all records it updates into the DNS zone; 1) Add the DHCP server to the Active Directory, Built-In DnsUpdateProxy security group. And 2) Configure DHCP Credentials.

      For DHCP credendials you create a user object in AD (give the service account a reconizable name and give it a strong password what never expires).

      With Windows 2008 R2 and newer: You have a new feature to prevent Name Squatting: DHCP Name Protection. 1) you still need to configure Credentials and 2) add the server to the DnsUpdateProxy group. Additionally; 3) Configure Name Protection and 4) If DHCP is co-located on a Windows 2008 R2 DC, you must secure the DnsUpdateProxy group.



      /Rems

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment

      Working...
      X