none
Problem with DHCP option 121 using policy RRS feed

  • Question

  • Hi, 

    I have the following set up

    1x Server 2012 R2 server, domain joined, hosting DHCP (named LON-DC1, IP 172.17.1.1)
    1x RRAS Server, 2003R2 SP2 (named LON-VPN1, IP 172.17.1.71)

    The RRAS server is configured to assign DHCP addresses to the users from the DHCP server in the subnet.

    I wish to assign some routes to the RRAS VPN clients ONLY using DHCP option 121.

    I have a DHCP policy set as follows

    

    The clients are receiving the policy OK as shown:

    

    However, the problem is that the clients do not receive the option 121. If I set the option 121 at the server level, they do receive it!

    Does anyone know what could be wrong, or how I can troubleshoot this?

    Thanks in advance

    Ben

    Monday, May 16, 2016 5:13 PM

Answers

  • Hi Ben,

    Have you configured DHCP relay agent for the scope on the RRAS server?

    To configure the IPv4 DHCP relay agent      
    1. Open the RRAS MMC Snap-in.

    2. In the Routing and Remote Access MMC snap-in, expand IPv4, and then click DHCP Relay Agent.

    3. Add the network interfaces on which the server might receive DHCP requests that you want to send to the DHCP server. Right-click DHCP Relay Agent, click New Interface, select the appropriate network interface, and then click OK.

    4. In the DHCP Relay Properties dialog box, select Relay DHCP packets, and then click OK.

    5. In the navigation pane, right-click DHCP Relay Agent, and then click Properties.

    6. On the General tab, enter the IPv4 address of the DHCP servers that you want to provide DHCP services for the RRAS server’s clients, click Add, and then click OK.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by BenSBB Wednesday, May 18, 2016 7:03 PM
    Tuesday, May 17, 2016 2:52 AM

All replies

  • Hi Ben,

    Have you configured DHCP relay agent for the scope on the RRAS server?

    To configure the IPv4 DHCP relay agent      
    1. Open the RRAS MMC Snap-in.

    2. In the Routing and Remote Access MMC snap-in, expand IPv4, and then click DHCP Relay Agent.

    3. Add the network interfaces on which the server might receive DHCP requests that you want to send to the DHCP server. Right-click DHCP Relay Agent, click New Interface, select the appropriate network interface, and then click OK.

    4. In the DHCP Relay Properties dialog box, select Relay DHCP packets, and then click OK.

    5. In the navigation pane, right-click DHCP Relay Agent, and then click Properties.

    6. On the General tab, enter the IPv4 address of the DHCP servers that you want to provide DHCP services for the RRAS server’s clients, click Add, and then click OK.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    • Marked as answer by BenSBB Wednesday, May 18, 2016 7:03 PM
    Tuesday, May 17, 2016 2:52 AM
  • This fixed the issue, thanks! Not sure why it was working without the policy but never mind!
    • Edited by BenSBB Wednesday, May 18, 2016 7:03 PM
    Wednesday, May 18, 2016 7:03 PM
  • Hi Cartman,

    This has been working for a long time for me but in the last year or so, this has become unreliable. Have you seen the same problem? Any fixes?

    Wednesday, March 13, 2019 4:11 PM
  • So I have an update and a solution, but I'm just not sure why?

    We rely heavily on GPO (as any good admin should right?). What we did was configure the"Computer Config->Windows Settings->Windows Defender Firewall with Advanced Security->Windows Defender Firewall with Advanced Security - Local Group Policy Object"

    Inside that we configured the Public Profile tab and set the firewall state to ON (so far this is normal by the book stuff). What we ALSO do is set the inbound to "BLOCK ALL CONNECTIONS", instead of the default of "Block (Default)". What this does is, you know since its PUBLIC, is block all inbound connections, even if you explicity allow it in the inbound rules. Nice and safe right?

    Well, after a tedius, setting by setting removal of every setting on a test machine, I found that this was indeed the problem setting.

    For now, I changed it back to the default setting and everything works.

    But why? DHCP is DHCP and the inbound firewall should not be effected since, well, the computer isn't the DHCP server, the server is. I don't get it.

    If anyone knows why, I'd love to know. Maybe there is a deep dark DHCP secret I never knew about and client firewalls.

    Friday, March 15, 2019 7:42 PM