none
Redundancy in Win 2008 DHCP Server ?

    Question

  • I have windows 2008 R2 Active Directory environment with 2 Domain controllers and the PDC is serving as DHCP .we have around 300 win 7 clients . Now I am asked to make another DC as Secondary or failover DHCP server for redundancy . I thought to ckeck with you guys ? as I heard that you can't creat scondary or failover in DHCP but you can make another DHCP server as primary DHCP and both will be serving parrallel to each other as first come first serve bases.? I don't want to split the scope, but want to have 2 DHCP Servers incase if one crashes
    Any body have thoughts on this please ?

    Wednesday, July 31, 2013 2:38 PM

Answers

  • You can Cluster DHCP Servers if they are not on Domain Controllers.. 

    Windows Clustering allows DHCP servers to be virtualized so that if one of the clustered nodes crashes, the namespace and all the services are transparently reconstituted to the second node. This means no changes are visible to the client, which sees the same IP address for the clustered DHCP servers.

    Or-else, split scopes would be the way to go..

    Thanks

    Prakash

    Wednesday, July 31, 2013 2:49 PM
  • Hi

    You can configure DHCP server as one of the services in the failover cluster. Here are few links:

    Understand and Deploy DHCP Failover in windows server 2012:
    http://technet.microsoft.com/en-us/library/dn338978.aspx

    DHCP Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab (windows server 2008/2008r2)
    http://technet.microsoft.com/en-us/library/ee405263(v=ws.10).aspx

    However, in your environment, PDC is configured on the same server as DHCP. Its not recommended to have Active Directory installed on the clustered servers. So you'll need to start with fresh nodes/servers to configure cluster and then configure DHCP as clustered role.

    Hope this helped :)

    Thanks

    Wednesday, July 31, 2013 2:55 PM
  • but you can make another DHCP server as primary DHCP and both will be serving parrallel to each other as first come first serve bases.? I don't want to split the scope, but want to have 2 DHCP Servers incase if one crashes

    You may want to consider not wanting to split the scopes...
    The advantage to running DHCP in parallel is that its a simple solution and you dont have to worry about installing additional networking services that could cause the primary service to fail. While clustering is great, I generally do not implement that design for DHCP. I've done numerous implementations using two DHCP servers, splitting scopes. I highly recommend this approach. Here is some additional info:

    Load Balancing DHCP using Split-Scopes



    • Edited by [JorgeM] Wednesday, July 31, 2013 3:25 PM typo
    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, July 31, 2013 3:22 PM
  • There is two ways to do that:

    1. Use a DHCP cluster: You will have an active / passive setup. If the active node fails, a fail-over occurs and a passive node will become active. However, as Windows Clustering feature should not be installed on DCs, this option is applicable if you at least two member servers that you can use for DHCP clustering
    2. Use DHCP split-scope with 50 / 50 DHCP rule. This means that your second DHCP will be also a DHCP server and your DHCP scopes will be divided on both servers (50% of IPs will be available on the first one while the remaining 50 % will be available on the second one). Here your network equipments configuration should be done in a such way that it uses both DHCP servers for DHCP requests. Note here that this is an active / active setup.

    The problem with the second approach is that if one server is down, 50% of IP addresses to be assigned are no longer available. However, this does not require having extra servers for DHCP.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Get Active Directory User Last Logon

    Create an Active Directory test domain similar to the production one

    Management of test accounts in an Active Directory production domain - Part I

    Management of test accounts in an Active Directory production domain - Part II

    Management of test accounts in an Active Directory production domain - Part III

    Reset Active Directory user password

    Wednesday, July 31, 2013 4:18 PM
  • Hello,

    I would go with a failover cluster BUT NOT on DCs, if your network is that sensitive then think about dedicated DHCP servers and do NOT use the DCs, which is also NOT recommended, because of security.

    And for a simple redundancy you can even use split scopes with 50/50 rule without the need for a clustered solution.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, July 31, 2013 6:53 PM
  • Yes, you can run the DHCP service on both servers even if they are DCs.  That's not a problem.  I've implemented DHCP multiple times on DCs as well as member servers.

    One thing that you need to remember, although its not a requirement.  Try to deploy your vlan/subnets with no more than 50% of the total available IP leases.  This is to ensure that you can run on one DHCP server indefinitely if the other server fails.  So for example, if you have 200 leases between both servers, try not to have more than 100 computers on that subnet.  If one DHCP server fails, the other will be able to handle all 100 clients.  

    If you cannot accomplish this, just be aware that with a typical 8 day lease, if one of the two servers fail, you do have to bring up the failed server sometime within the 8 days.  You can also extend the lease times as you see fit.



    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Thursday, August 01, 2013 3:06 AM
  • Hello,

    you can use it without any problem but as said before, because of security Microsoft recommends against this. If still using a DC then configure the credentails as described in the second article.

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/2057eeed-7fe4-46c0-bff8-3f62ea68b56d/security-issue-of-dhcp-on-domain-controller

    http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, August 01, 2013 8:06 AM
  • Hello,

    DHCP keeps leases about the lease time until the next refresh is done from the client. If the client will not releas in the time the record should be removed in the next cleanup interval from the DHCP server.

    So the short answer is the DHCP server is NOT a reliable source to count anything, as leases are registered where machines are not running at the moment.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, August 07, 2013 1:42 PM

All replies

  • You can Cluster DHCP Servers if they are not on Domain Controllers.. 

    Windows Clustering allows DHCP servers to be virtualized so that if one of the clustered nodes crashes, the namespace and all the services are transparently reconstituted to the second node. This means no changes are visible to the client, which sees the same IP address for the clustered DHCP servers.

    Or-else, split scopes would be the way to go..

    Thanks

    Prakash

    Wednesday, July 31, 2013 2:49 PM
  • Hi

    You can configure DHCP server as one of the services in the failover cluster. Here are few links:

    Understand and Deploy DHCP Failover in windows server 2012:
    http://technet.microsoft.com/en-us/library/dn338978.aspx

    DHCP Step-by-Step Guide: Demonstrate DHCP Failover – Clustering in a Test Lab (windows server 2008/2008r2)
    http://technet.microsoft.com/en-us/library/ee405263(v=ws.10).aspx

    However, in your environment, PDC is configured on the same server as DHCP. Its not recommended to have Active Directory installed on the clustered servers. So you'll need to start with fresh nodes/servers to configure cluster and then configure DHCP as clustered role.

    Hope this helped :)

    Thanks

    Wednesday, July 31, 2013 2:55 PM
  • but you can make another DHCP server as primary DHCP and both will be serving parrallel to each other as first come first serve bases.? I don't want to split the scope, but want to have 2 DHCP Servers incase if one crashes

    You may want to consider not wanting to split the scopes...
    The advantage to running DHCP in parallel is that its a simple solution and you dont have to worry about installing additional networking services that could cause the primary service to fail. While clustering is great, I generally do not implement that design for DHCP. I've done numerous implementations using two DHCP servers, splitting scopes. I highly recommend this approach. Here is some additional info:

    Load Balancing DHCP using Split-Scopes



    • Edited by [JorgeM] Wednesday, July 31, 2013 3:25 PM typo
    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, July 31, 2013 3:22 PM
  • There is two ways to do that:

    1. Use a DHCP cluster: You will have an active / passive setup. If the active node fails, a fail-over occurs and a passive node will become active. However, as Windows Clustering feature should not be installed on DCs, this option is applicable if you at least two member servers that you can use for DHCP clustering
    2. Use DHCP split-scope with 50 / 50 DHCP rule. This means that your second DHCP will be also a DHCP server and your DHCP scopes will be divided on both servers (50% of IPs will be available on the first one while the remaining 50 % will be available on the second one). Here your network equipments configuration should be done in a such way that it uses both DHCP servers for DHCP requests. Note here that this is an active / active setup.

    The problem with the second approach is that if one server is down, 50% of IP addresses to be assigned are no longer available. However, this does not require having extra servers for DHCP.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Get Active Directory User Last Logon

    Create an Active Directory test domain similar to the production one

    Management of test accounts in an Active Directory production domain - Part I

    Management of test accounts in an Active Directory production domain - Part II

    Management of test accounts in an Active Directory production domain - Part III

    Reset Active Directory user password

    Wednesday, July 31, 2013 4:18 PM
  • Hello,

    I would go with a failover cluster BUT NOT on DCs, if your network is that sensitive then think about dedicated DHCP servers and do NOT use the DCs, which is also NOT recommended, because of security.

    And for a simple redundancy you can even use split scopes with 50/50 rule without the need for a clustered solution.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, July 31, 2013 6:53 PM
  • Thanks for everyone's help...I have  really appreciated ..It seems to me that I got a choose split scope . But I only have 2 domain controllers for DHCP. Can I use split scope on domain controllers ? or do I need stand alone win 2008 servers ?
    Wednesday, July 31, 2013 9:42 PM
  • Yes, you can run the DHCP service on both servers even if they are DCs.  That's not a problem.  I've implemented DHCP multiple times on DCs as well as member servers.

    One thing that you need to remember, although its not a requirement.  Try to deploy your vlan/subnets with no more than 50% of the total available IP leases.  This is to ensure that you can run on one DHCP server indefinitely if the other server fails.  So for example, if you have 200 leases between both servers, try not to have more than 100 computers on that subnet.  If one DHCP server fails, the other will be able to handle all 100 clients.  

    If you cannot accomplish this, just be aware that with a typical 8 day lease, if one of the two servers fail, you do have to bring up the failed server sometime within the 8 days.  You can also extend the lease times as you see fit.



    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Thursday, August 01, 2013 3:06 AM
  • Hello,

    you can use it without any problem but as said before, because of security Microsoft recommends against this. If still using a DC then configure the credentails as described in the second article.

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/2057eeed-7fe4-46c0-bff8-3f62ea68b56d/security-issue-of-dhcp-on-domain-controller

    http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, August 01, 2013 8:06 AM
  • Thanks for everyones help... really appreciated. I will go 50/50 scope split ..

    A quick question though. Is there a way in DHCP to do a exact client count ?. As I m working remotely and need a real client count being served from DHCP Server to plan my dhcp split ..? as count from ips lease does not seems right

    Tuesday, August 06, 2013 2:51 PM
  • Hello,

    DHCP keeps leases about the lease time until the next refresh is done from the client. If the client will not releas in the time the record should be removed in the next cleanup interval from the DHCP server.

    So the short answer is the DHCP server is NOT a reliable source to count anything, as leases are registered where machines are not running at the moment.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    • Marked as answer by Bundoo Friday, August 09, 2013 3:05 PM
    Wednesday, August 07, 2013 1:42 PM