Вы находитесь на странице: 1из 28

DHCP Step-by-Step Guide

This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product or product name. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. 2013 Microsoft. All rights reserved. Terms of Use (http://technet.microsoft.com/cc300389.aspx) | Trademarks (http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx)

Table Of Contents
Chapter 1
DHCP Step-by-Step Guide: Demonstrate DHCP Link Layer-based Filtering in a Test Lab DHCP Step-by-Step Guide: Demonstrate DHCP Name Protection in a Test Lab DHCP Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab

Chapter 1

DHCP Step-by-Step Guide: Demonstrate DHCP Link Layerbased Filtering in a Test Lab
20 out of 23 rated this helpful Security and network administrators are increasingly wary of internal security threats, in addition to threats from the outside, due to the introduction of uncertified hardware and software on the network, such as packet sniffers, Remote Monitoring (RMON) probes, and personal portable computers and PDAs that are potentially compromised and non-security compliant. Link layer-based filtering for Dynamic Host Configuration Protocol (DHCP) enables administrators to control network access based on media access control (MAC)address, providing a low-level security method. Combined with other network access technologies, such as Network Access Protection (NAP), Internet Protocol security (IPsec), and Windows Firewall with Advanced Security, link layer-based filtering can be an integral piece of your internal network defense. The link layer filtering controls are built into the DHCP console for easy configuration and allow the administrator to specify which MAC addresses are allowed on the network and which are denied access. You can use wild cards to allow or deny network access based on vendor MAC prefixes. Link layer filtering is currently available for IPv4 address only. The step-by-step instructions in this paper will show you how to deploy link layer-based filtering in a test lab so that you can better understand how this configuration works.

In this guide
This paper contains an introduction to link layer based filtering and instructions for setting up a test lab using one DHCP server and three client computers. Important The following instructions are for configuring a test lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is not designed to reflect best practices, nor does it reflect a recommended configuration for a production network. This configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network.

Scenario overview
In this test lab, link layer-based filtering is deployed on one server running the Windows Server 2008 R2 operating system with DHCP installed, and three client computers running the Windows 7operating system with the DHCP Client service running. A computer running Windows Server 2003 is also used in the test lab as a domain controller and Domain Name System (DNS) server.

All the domain-joined DHCP clients are configured to dynamically obtain the IP address from the DHCP server in the domain. DHCP Client 1 is a healthy network authorized client computer that is active and has an IP address from the DHCP server. DHCP Client 2 is a malicious unauthorized client computer that is active and has an IP address from DHCP Server 1. DHCP Client 3 is a new client computer that is inactive and does not have network connectivity.

Software requirements
The following are required components of the test lab:

The product disc for Windows Server 2008 R2. The product disc for Windows Server 2003 with Service Pack 2 (SP2). The product disc for Windows 7. This lab demonstrates link layer-based filtering with a DHCP server in a domain with Active Directory directory services and Windows Server 2003 installed. You can also make the domain controller in this lab run Windows Server 2008 R2.

Steps for configuring the test lab


The following are the installation, configuration, and post-installation configuration stages required to set up this test lab:

Configure DC1. DC1 is a server running the Windows Server 2003 Standard Edition operating system. DC1 is configured as a domain controller with Active Directory. It is also configured as the primary DNS server for the intranet subnet. Configure DHCP Server 1. DHCP Server 1 is a server running Windows Server 2008 R2. DHCP Server 1 is configured with the DHCP Server service, and functions as a DHCP server in the domain. Configure Windows-based DHCP clients

DHCP Client 1, DHCP Client 2, and DHCP Client 3 are client computers running Windows 7. DHCP Client 1, DHCP Client 2, and DHCP Client 3 are configured to request IP addresses from DHCP Server 1.

After all the components are configured, this guide will provide steps to demonstrate how link layer-based filtering gives you the control to allow or deny network access to the three clients based on MAC address.

Configure DC1
DC1 is a computer running Windows Server 2003 Standard Edition with SP2 that provides the following services:

A domain controller for the Contoso.com Active Directory domain. A DNS server for the Contoso.com DNS domain.

To configure DC1 complete the following tasks:

Install the operating system. Configure Transmission Control Protocol/Internet Protocol (TCP/IP) Install Active Directory and DNS. Create a user account and group in Active Directory.

The following sections explain these tasks in detail.

Install the operating system on DC1


Install Windows Server 2003 SP2 as a stand-alone server.

To install the operating system on DC1


1. Start your computer using the Windows Server 2003 product disc. 2. When prompted for a computer name, type DC1.

Configure TCP/IP on DC1


Configure TCP/IP with a static IP address of 172.16.1.1 and the subnet mask of 255.255.255.0.

To configure TCP/IP on DC1


1. Click Start, click Control Panel, and then double-click Network Connections. 2. Right-click Local Area Connection, and then click Properties. 3. Click Internet Protocol (TCP/IP), and then click Properties. 4. Select Use the following IP address. Type 172.16.1.1 next to IP address and 255.255.255.0 next to Subnet mask. 5. Verify that Preferred DNS server is blank. 6. Click OK, click Close, and then close the Network Connections window.

Configure DC1 as a domain controller and DNS server


DC1 will serve as the only domain controller and DNS server for the Contoso.com domain.

To configure DC1 as a domain controller and DNS server


1. To start the Active Directory Installation Wizard, click Start, click Run, type dcpromo, and then press ENTER. 2. In the Active Directory Installation Wizard dialog box, click Next. 3. Operating system compatibility information is displayed. Click Next again. 4. Verify that Domain controller for a new domain is selected, and then click Next. 5. Verify that Domain in a new forest is selected, and then click Next two times.

6. On the Install or Configure DNS page, select No, just install and configure DNS on this computer, and then click Next. 7. Type Contoso.com next to Full DNS name for new domain, and then click Next. 8. Confirm that the Domain NetBIOS name shown is CONTOSO, and then click Next. 9. Accept the default Database Folder and Log Folder directories, and then click Next. 10. Accept the default folder location for Shared System Volume, and then click Next. 11. Verify that Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems is selected, and then click Next. 12. Leave the Restore Mode Password and Confirm Password text boxes blank, and then click Next. 13. View the summary information provided, and then click Next. 14. Wait while the wizard completes configuration of Active Directory and DNS services, and then click Finish. 15. When prompted to restart the computer, click Restart Now. 16. After the computer is restarted, log on to the CONTOSO domain using the Administrator account.

Create a user account in Active Directory


Next, create a user account in Active Directory. This account will be used when logging in to DHCP Server 1 and DHCP Server 2.

To create a user account in Active Directory


1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers. 2. In the console tree, double-click Contoso.com, right-click Users, point to New, and then click User. 3. In the New Object - User dialog box, next to Full name, type User1, and in User logon name, type User1. 4. Click Next. 5. In Password, type the password that you want to use for this account, and in Confirm password, type the password again. 6. Clear the User must change password at next logon check box, and select the Password never expires check box. 7. Click Next, and then click Finish. 8. Leave the Active Directory Users and Computers console open for the following procedure.

Add user1 to the DHCP Administrators group


Next, add the newly created user to the DHCP Administrators group and use it for all of the configuration activities.

To add a user to the DHCP Administrators group


1. In the Active Directory Users and Computers console tree, click Users. 2. In the details pane, double-click DHCP Administrators. 3. In the DHCP Administrators Properties dialog box, click the Members tab, and then click Add. 4. Under Enter the object names to select (examples), type User1, the user name that you created in the previous procedure, click OK, and then click OK again. 5. Leave the Active Directory Users and Computers console open for the following procedure.

Configure DHCP Server 1


For the test lab, DHCP Server 1 will be running Windows Server 2008 R2, with the DHCP Server service, which provides IP addresses and leases for the requesting DHCP clients. To configure DHCP Server 1, complete the following tasks:

Install the operating system. Configure TCP/IP.

Join the computer to the domain. Install DHCP server roles. Configure DHCP.

Install Windows Server 2008 R2 To install Windows Server 2008 R2


1. Start your computer using the Windows Server 2008 R2 product CD. 2. When prompted for the installation type, select Custom. 3. Follow the instructions that appear on your screen to finish the installation.

Install the DHCP server role


1. Click Start, and then click Server Manager. 2. Under Roles Summary, click Add roles, and then click Next. 3. On the Select Server Roles page, select the DHCP server, and then click Next two times. 4. On the Select Network Connection Bindings page, verify that 172.16.1.2 is selected, and then click Next on DHCP Server 1. Similarly, on the Select Network Connection Bindings page, verify that 172.16.1.3 is selected, and then click Next on DHCP Server 2. 5. On the Specify IPv4 DNS Server Settings page, verify that contoso.com is listed under Parent domain. 6. Type 172.16.1.1 under Preferred DNS server IP address, and then click Validate. Verify that the result returned is valid, and then click Next. 7. On the Specify WINS Server Settings page, accept the default setting of WINS is not required on this network, and then click Next. 8. On the Add or Edit DHCP Scopes page, click Add. 9. In the Add Scope dialog box, type SS Scope next to Scope Name. Next to Starting IP Address, type 172.16.1.4, next to Ending IP Address, type 172.16.1.204, and next to Subnet Mask, type 255.255.255.0. 10. Select the Activate this scope check box, click OK, and then click Next. 11. On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server, and then click Next. 12. On the Authorize DHCP Server page, select Use current credentials. Verify that CONTOSO\user1 is displayed next to Username, and then click Next. 13. On the Confirm Installation Selections page, click Install. 14. Verify that the installation was successful, and then click Close.

Configure DHCP on DHCP Server 1


DHCP Server 1 is the member servers that will provide DHCP addressing. The DHCP service was partially configured during installation with Server Manager on both of these servers. We will configure scope options further for DHCP Server 1.

Open the DHCP console To open the DHCP console


1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER. 2. Leave this window open for all DHCP configuration tasks.

Configure the default user class on DHCP Server 1


Next, configure scope options for the default user class. These server options are used when a client computer attempts to access the network and obtain an IP address from the DHCP server.

To configure default user class scope options

1. In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options. 2. On the Advanced tab, verify that Default User Class is selected next to User class. 3. Select the 006 DNS Servers check box, in IP Address, under Data entry, type 172.16.1.1, and then click Add. 4. Select the 015 DNS Domain Name check box, in String value, under Data entry, type contoso.com, and then click OK. Note The 003 Router option is configured in the default user class if a default gateway is required for client computers. Because all computers in the test lab are located on the same subnet, this option is not required.

Configure the DHCP Clients


DHCP Client 1, DHCP Client 2, and DHCP Client 3 are computers running Windows Server 2008 R2 that you will use to demonstrate DHCP clients requesting IP Addresses from the DHCP Server in the domain. To configure the DHCP clients, complete the following steps:

Install the operating system. Configure TCP/IP. Verify network connectivity. Join the computer to the domain and restart the computer.

Install Windows 7 Client on DHCP Clients To install the operating system on DHCP Client 1, DHCP Client 2, and DHCP Client 3
1. Start your computer using the product discs for Windows 7. 2. When prompted for the installation type, select Custom Installation. 3. When prompted for a computer name, type DHCP Client 1, DHCP Client 2, and DHCP Client 3. 4. On the Select your computer's current location page, click Work. 5. Follow the rest of the instructions that appear on your screen to finish the installation.

Configure TCP/IP on the 3 DHCP Clients


Complete all of the following steps on each of the three client computers.

To configure TCP/IP on DHCP Client 1, DHCP Client 2, and DHCP Client 3


1. Click Start, and then click Control Panel. 2. Click Network and Internet, click Network and Sharing Center, and then click Manage network connections. 3. Right-click Local Area Connection, and then click Properties. 4. In the Local Area Connection Properties dialog box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. This will reduce the complexity of the lab, particularly for those who are not familiar with IPv6. 5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 6. Verify that Obtain an IP address automatically and Obtain DNS server address automatically are selected. 7. Click OK, and then click Close to close the Local Area Connection Properties dialog box. 8. Close the Network Connections and Network and Sharing Center windows.

Join DHCP Clients to the Contoso.com domain


Because the DHCP clients now have access to domain services, they can be joined to the domain. Complete all of the following steps on each of the three client computers.

To join DHCP Client 1, DHCP Client 2, and DHCP Client 3 to the Contoso.com domain
1. Click Start, right-click Computer, and then click Properties. 2. Under Computer name, domain, and workgroup settings, click Change settings. 3. In the System Properties dialog box, click Change. 4. In the Computer Name/Domain Changes dialog box, select Domain, type Contoso.com, and then, in Computer Name, type enggmachine1.contoso.com. 5. Click More, and then, in Primary DNS suffix of this computer, type Contoso.com. 6. Click OK two times. 7. When prompted for a user name and password, type the user name and password for the User1 account, and then click OK. 8. When you see a dialog box that welcomes you to the Contoso.com domain, click OK. 9. When you see a dialog box that tells you that you must restart the computer to apply changes, click OK. 10. In the System Properties dialog box, click Close. 11. In the dialog box that prompts you to restart the compute, click Restart the computer now.

Release and Renew IP addresses on the DHCP Clients


Next, obtain a new IP address profile for the DHCP clients from DHCP. Complete all of the following steps on each of the three client computers

To renew IP addressing on the DHCP Clients


On a DHCP client, in the Administrator: Command Prompt window, type ipconfig /renew, and then press ENTER. In the Command Prompt window, type ping 172.16.1.1, and then press ENTER. Verify that the response reads Reply from 172.16.1.1. In the Command Prompt window, type ipconfig, and then press ENTER. In the command output, verify that the value of Connection-specific DNS Suffix is contoso.com and that the value of Subnet Mask is 255.255.255.0. In the Command Prompt window, type route print -4, and then press ENTER. In the command output, below Active Routes, verify that a Network Destination of 172.16.1.1 is displayed. Close the Command Prompt window.

All three clients should have unrestricted access to the network at this point. In the next steps, we will add clients to the link layer-based filtering on the DHCP Server 1 allow and deny lists and demonstrate that one client retains access while the other two clients are denied access.

Configure DHCP on DHCP Server 1 to allow and deny DHCP clients


You may remember that our clients represent domain-joined DHCP clients configured to dynamically obtain IP addresses from the DHCP server in the domain

DHCP Client 1 is a healthy network authorized client computer that is active and has an IP address from the DHCP server. DHCP Client 2 is a malicious unauthorized client computer that is active and has an IP address from the DHCP Server 1. DHCP Client 3 is a new client computer that is inactive and does not have network connectivity.

Open the DHCP console


Next, we will add DHCP Client 1 to the allow list and DHCP Client 2 to the deny list. DHCP Client 3 will not be added to any list and therefore will be denied network access as well.

To open the DHCP console


1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER. 2. Leave this window open for all DHCP configuration tasks.

Configure the Allow filter on DHCP Server 1


Next, configure the Allow filter under the IPv4 node by adding the MAC address of DHCP Client 1. A DHCP server offers its services to the DHCP clients based on the availability of MAC address filtering. Once the Allow filter is set, all DHCP operations are based on the access controls (allow/deny). Note You can add a valid MAC address to either the Allow or Deny filters, but not both.

To configure the Allow filter


1. In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, under Filters right-click Allow, and then click New Filter. 2. In the New Allow Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 1, and then click Add. 3. Under Filters right-click the Allow node, and then click the Enable pop-up menu item.

Configure the Deny filter on DHCP Server 1


Next, configure the Deny filter under the IPv4 node by adding the MAC address of DHCP Client 2.

To configure the Deny filter


1. In the DHCP console tree of DHCP Server 1, under IPv4, click Filters, right-click Deny under Filters, and then click New Filter. 2. In the New Deny Filter dialog box, in MAC Address, enter a six hexadecimal number representing the MAC or physical address of DHCP Client 2, click Add, and then click Close. 3. Under Filters right-click the Deny node, and then click the Enable pop-up menu item.

Release and Renew IP addresses on the DHCP clients


Now that the Allow and Deny filters are set, renew the IP addresses on the client computers and notice that DHCP Client 1 retains network connectivity while DHCP clients 2 and 3 are denied access. Repeat the following steps on each of the DHCP clients.

To renew IP addressing on the DHCP clients


On DHCP Client 1, in the Administrator: Command Prompt window, type ipconfig /renew, and then press ENTER. In the Command Prompt window, type ping 172.16.1.1, and then press ENTER. Verify that the response reads Reply from 172.16.1.1 on DHCP Client 1 and Response timed out for DHCP clients 2 and 3. In the Command Prompt window, type ipconfig, and then press ENTER. In the command output, verify that the value of Connection-specific DNS Suffix is contoso.com and that the value of Subnet Mask is 255.255.255.0 for DHCP Client 1 and that these filed are blank for DHCP clients 2 and 3. In the Command Prompt window, type route print -4, and then press ENTER. In the command output, below Active Routes, verify that a Network Destination of 172.16.1.1 is displayed for DHCP Client 1, and that there is no route displayed for DHCP clients 2 and 3. Close the Command Prompt window.

Appendix
This appendix will help you with troubleshooting techniques and the setting of optional features in Windows Server 2008 R2 and Windows 7.

Review DHCP client events


Reviewing information contained in DHCP client events can help you with troubleshooting. It can also help you understand DHCP client functionality.

To review DHCP client events in Event Viewer

1. Click Start, point to All Programs, click Accessories, and then click Run. 2. Type eventvwr.msc, and press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Windows Logs\System. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event and then click Event Properties to open a new window for reviewing events.

Review DHCP server events


Reviewing information contained in Windows System events on your DHCP servers can help you with troubleshooting. It can also help you understand DHCP server functionality.

To review DHCP server events in Event Viewer


1. Click Start, and then click Run. 2. Type eventvwr.msc, and then press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Custom Views\Server Roles\DHCP Server. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event and then click Event Properties to open a new window for reviewing events. The following are the events that pertain to this feature:

20093 - ERROR_DHCP_LINKLAYER_ADDRESS_EXISTS Address or address pattern is already contained in one of the list. 20094 - ERROR_DHCP_LINKLAYER_ADDRESS_RESERVATION_EXISTS Address to be added to Deny list or to be deleted from allow list has an associated reservation. 20095 - ERROR_DHCP_LINKLAYER_ADDRESS_DOES_NOT_EXIST Address or Address pattern is not contained in either list 20096 - EVENT_FILTER_DENIED_IN_DENY_LIST DHCP services were denied to computer with hardware address %1, hardware type %4, and FQDN/Hostname %2 because it matched entry %3 in the Deny list. 20097 - EVENT_FILTER_DENIED_NOT_IN_ALLOW_LIST DHCP services were denied to computer with hardware address %1, hardware type %3, and FQDN/Hostname %2 because it did not match any entry in the Allow list. 20098 - EVENT_FILTER_EMPTY_ALLOW_LIST No DHCP clients are being served because the Allow list is empty and the server was configured to provide DHCP services to clients whose hardware addresses are present in the Allow list. 20099 - EVENT_FILTER_DENIED_IN_DENY_LIST_UNSPECIFIED DHCP services were denied to computer with hardware address %1, hardware type %4, and unspecified FQDN/Hostname%2 because it matched entry %3 in the Deny list. 20100 - EVENT_FILTER_DENIED_NOT_IN_ALLOW_LIST_UNSPECIFIED DHCP services were denied to computer with hardware address %1, hardware type %3, and unspecified FQDN/Hostname%2 because it did not match any entry in the Allow list. 20101 - ERROR_DHCP_HARDWARE_ADDRESS_TYPE_ALREADY_EXEMPT This hardware type is already exempt. 20102 - ERROR_DHCP_UNDEFINED_HARDWARE_ADDRESS_TYPE You are trying to delete an undefined hardware type. To define/add a hardware type, use 'add filterexemption'.

2013 Microsoft. All rights reserved.

DHCP Step-by-Step Guide: Demonstrate DHCP Name Protection in a Test Lab


5 out of 7 rated this helpful Name squatting occurs when a non-Windows-based computer registers in Domain Name System (DNS) with a name that is already registered to a computer running a Windows operating system. The use of Name Protection in the Windows Server 2008 R2 operating system prevents name squatting by non-Windows-based computers. Name squatting does not present a problem on a homogeneous Windows network where Active Directory Domain Services AD DS can be used to reserve a name for a single user or computer. Name Protection is based on the Dynamic Host Configuration Identifier (DHCID) in the Dynamic Host Configuration Protocol (DHCP) server, and support for the new DHCID RR (resource record) in DNS. DHCID RR is described by the Internet Engineering Task Force (IETF) in RFCs 4701 and 4703. DHCID is an RR stored in DNS that maps names to prevent duplicate registration. This RR is used by DHCP to store an identifier for a computer, along with other information for the name such as the A, AAAA records of the computer. The unique position of DHCP in the name registration process enables it to request this match, and then refuse the registration of a computer with a different address attempting to register a name with an existing DHCID record. DHCID prevents the following name squatting situations:

Server name squatting by a client. Server name squatting by another server. Client name squatting by another client. Client name squatting by a server.

In addition, support for DHCP Unique Identifier (DUID) is added to the IPv4 registration on the DHCP client. DUID is described by the IETF in RFC 4361. Name Protection can be configured for IPv4 and IPv6 at the network adapter level or scope level. Name Protection settings configured at the scope level take precedence over the setting at the IPv4 or IPv6 level. If Name Protection at the scope level is not configured at all, then the setting at the IPv4 or IPv6 network adapter takes precedence. DHCID protects names on a first come-first served basis. The step-by-step instructions in this paper show how to set up Name Protection in a test lab so that you can better understand how this feature works.

In this guide
This step-by-step guide contains an introduction to Name Protection and instructions for setting up a test lab using one DHCP server and three client computers. Two client computers have windows installed and the other client computer has a third-party operating system installed. Important The following instructions are for configuring a test lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is not designed to reflect best practices, nor does it reflect a recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network.

Scenario overview
In this test lab, Name Protection is configured on a computer running Windows Server 2008 R2 that has the DHCP Server service installed. Three DHCP client computers are also configured: one client computer running the Windows 7 operating system with the DHCP Client service running, and two client computers running a third-party operating system. A computer running Windows Server 2008 R2 is also used in the test lab as a domain controller and DNS server. Although Name Protection supports both IPv4 and IPv6 networks, this document details the configuration for IPv4 only to reduce the complexity of the test lab and demonstrate the feature. Having obtained an IP address from DHCP Server 1, (Windows) DHCP Client 1, with the name enggmachine1.contoso.com, is assigned an A record by registering with DNS. (Non-Windows) DHCP Client 2, with the name enggmachine2.contoso.com, also obtains an IP address from DHCP Server 1 and is assigned an A record and a DHCID record by registering with DNS. Name Protection is demonstrated in the lab when (non-Windows) DHCP Client 3 attempts DNS registration with an already used FQDN. Although DHCP client 3 has obtained an IP address, the DNS registration is denied.

Software requirements
The following are required components of the test lab:

The product disc for Windows Server 2008 R2. The product disc for Windows 7.

Steps for configuring the test lab

There are initial installation and configuration and post-installation configuration stages required to set up this test lab.

Configure DC1. DC1 is a server running Windows Server 2008 R2. DC1 is configured as a domain controller with AD DS and the primary DNS server for the intranet subnet. Configure DHCP Server 1. DHCP Server 1 is a server running Windows Server 2008 R2. DHCP Server 1 is configured with the DHCP Server service, and functions as a DHCP server in the domain. Configure the Windows-based DHCP clients DHCP Client 1 is a DHCP client running Windows 7. Configure non-Windows (Linux/Solaris/Unix)-based DHCP clients. DHCP Client 2 and DHCP Client 3 are DHCP clients running a non-Windows-based operating system.

Configure DC1
DC1 is a computer running Windows Server 2008 R2, which provides the following services:

A domain controller for the Contoso.com AD DS domain. A DNS server for the Contoso.com DNS domain.

To configure DC1, complete the following tasks:

Install the operating system. Configure Transmission Control Protocol/Internet Protocol (TCP/IP). Install AD DS and DNS. Create a user account and group in AD DS.

The following sections explain these steps in detail.

Install the operating system on DC1


Install Windows Server 2008 R2as a stand-alone server.

To install the operating system on DC1


1. Start your computer using the Windows Server 2008 R2 product disc. 2. When prompted for a computer name, type DC1.

Configure TCP/IP on DC1


Configure the TCP/IP protocol with a static IP address of 172.16.1.1 and the subnet mask of 255.255.255.0.

To configure TCP/IP on DC1


1. Click Start, click Control Panel, and then double-click Network and Internet, click Network and Sharing Center, and then click Change Adapter Settings. 2. Right-click Local Area Connection, and then click Properties. 3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 4. Select Use the following IP address. Type 172.16.1.1 next to IP address and 255.255.255.0 next to Subnet mask. 5. Verify that Preferred DNS server is blank. 6. Click OK, click Close, and then close Network Connections.

Configure DC1 as a domain controller and DNS server


DC1 serves as the only domain controller and DNS server for the Contoso.com domain.

To configure DC1 as a domain controller and DNS server


1. To start the AD DS Installation Wizard, click Start, click Run, type dcpromo, and then press ENTER. 2. In the AD DS Installation Wizard dialog box, click Next. 3. Operating system compatibility information is displayed. Click Next again. 4. Verify that Domain controller for a new domain is selected, and then click Next. 5. Verify that Domain in a new forest is selected, and then click Next two times. 6. On the Install or Configure DNS page, select No, just install and configure DNS on this computer, and then click Next. 7. Type Contoso.com next to Full DNS name for new domain, and then click Next. 8. Confirm that the Domain NetBIOS name shown is CONTOSO, and then click Next. 9. Accept the default Database Folder and Log Folder directories, and then click Next. 10. Accept the default folder location for Shared System Volume, and then click Next. 11. Verify that Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems is selected, and then click Next. 12. Leave the Restore Mode Password and Confirm Password text boxes blank, and then click Next. 13. View the summary information provided, and then click Next. 14. Wait while the wizard completes configuration of AD DS and DNS services, and then click Finish. 15. When prompted to restart the computer, click Restart Now. 16. After the computer is restarted, log on to the CONTOSO domain using the Administrator account.

Create a user account in AD DS


Next, create a user account in AD DS. This account is used when logging in to DHCP Server 1.

To create a user account in AD DS


1. Click Start, point to Administrative Tools, and then click AD DS Users and Computers. 2. In the console tree, double-click Contoso.com, right-click Users, point to New, and then click User. 3. In the New Object - User dialog box, next to Full name, type User1, and in User logon name, type User1. 4. Click Next. 5. In the Password box, type the password that you want to use for this account, and in the Confirm password box, type the password again. 6. Clear the User must change password at next logon check box, and select the Password never expires check box. 7. Click Next, and then click Finish. 8. Leave the AD DS Users and Computers console open for the following procedure.

Add user1 to the DHCP Administrators group


Next, add the newly created user to the DHCP Administrators group and use it for all of the configuration activities.

To add a user to the DHCP Administrators group


1. In the AD DS Users and Computers console tree, click Users. 2. In the details pane, double-click DHCP Administrators. 3. In the DHCP Administrators Properties dialog box, click the Members tab, and then click Add. 4. Under Enter the object names to select (examples), type User1, the user name that you created in the previous procedure, and then click OK two times. 5. Leave the AD DS Users and Computers console open for the following procedure.

Configure DHCP Server 1


For the test lab, DHCP Server 1 is running Windows Server 2008 R2, with the DHCP server service, which provides IP addresses and leases for the requesting DHCP clients. To configure DHCP Server 1, complete the following tasks:

Install the operating system. Configure TCP/IP. Join the computer to the domain. Install DHCP server roles. Configure DHCP.

Install Windows Server 2008 R2 To install Windows Server 2008 R2


1. Start your computer using the Windows Server 2008 R2 product CD. 2. When prompted for the installation type, select Custom. 3. Follow the instructions that appear on your screen to finish the installation.

Install the DHCP server role


1. Click Start, and then click Server Manager. 2. Under Roles Summary, click Add roles, and then click Next. 3. On the Select Server Roles page, select the DHCP server, and then click Next two times. 4. On the Select Network Connection Bindings page, verify that 172.16.1.2 is selected, and then click Next on DHCP Server 1. Similarly, on the Select Network Connection Bindings page, verify that 172.16.1.3 is selected, and then click Next on DHCP Server 2. 5. On the Specify IPv4 DNS Server Settings page, verify that contoso.com is listed under Parent domain. 6. Type 172.16.1.1 under Preferred DNS server IP address, and then click Validate. Verify that the result returned is valid, and then click Next. 7. On the Specify WINS Server Settings page, accept the default setting of WINS is not required on this network, and then click Next. 8. On the Add or Edit DHCP Scopes page, click Add. 9. In the Add Scope dialog box, type SS Scope next to Scope Name. Next to Starting IP Address, type 172.16.1.4, next to Ending IP Address, type 172.16.1.204, and next to Subnet Mask, type 255.255.255.0. 10. Select the Activate this scope check box, click OK, and then click Next. 11. On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server, and then click Next. 12. On the Authorize DHCP Server page, select Use current credentials. Verify that CONTOSO\user1 is displayed next to Username, and then click Next. 13. On the Confirm Installation Selections page, click Install. 14. Verify the installation was successful, and then click Close.

Configure DHCP on DHCP Server 1


DHCP Server 1 is the member server that provides DHCP addressing. The DHCP service was partially configured during installation with Server Manager on both of these servers. We will configure scope options further for DHCP Server 1.

Open the DHCP console To open the DHCP console


1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER. 2. Leave this window open for all DHCP configuration tasks.

Configure the default user class on DHCP Server 1


Next, configure scope options for the default user class. These server options are used when a client computer attempts to access the network and obtain an IP address from the DHCP server.

To configure default user class scope options


1. In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options. 2. On the Advanced tab, verify that Default User Class is selected next to User class. 3. Select the 006 DNS Servers check box, in IP Address, under Data entry, type 172.16.1.1, and then click Add. 4. Select the 015 DNS Domain Name check box, in String value, under Data entry, type contoso.com, and then click OK. Note The 003 Router option is configured in the default user class if a default gateway is required for client computers. Because all computers in the test lab are located on the same subnet, this option is not required.

Configure the Windows-based DHCP client


DHCP Client 1 is a computer running Windows Server 2008 R2 that you use to demonstrate DHCP clients requesting IP Addresses from the DHCP server in the domain. To configure the DHCP client, complete the following tasks:

Install the operating system. Configure TCP/IP. Verify network connectivity. Join the computer to the domain and restart the computer.

Install Windows 7 on DHCP clients To install the operating system on DHCP Client 1
1. Start your computer using the product discs for Windows 7. 2. When prompted for the installation type, select Custom Installation. 3. When prompted for a computer name, type DHCP Client 1. 4. On the Select your computer's current location page, click Work. 5. Follow the rest of the instructions that appear on your screen to finish the installation.

Configure TCP/IP on the DHCP client To configure TCP/IP on DHCP Client 1


1. Click Start, and then click Control Panel. 2. Click Network and Internet, click Network and Sharing Center, and then click Manage network connections. 3. Right-click Local Area Connection, and then click Properties. 4. In the Local Area Connection Properties dialog box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. This reduces the complexity of the lab, particularly for those who are not familiar with IPv6. 5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 6. Verify that Obtain an IP address automatically and Obtain DNS server address automatically are selected. 7. Click OK, and then click Close to close the Local Area Connection Properties dialog box. 8. Close the Network Connections and Network and Sharing Center windows.

Join the DHCP client to the Contoso.com domain


Because the DHCP client now has access to domain services, they can be joined to the domain.

To join DHCP Client 1 to the Contoso.com domain


1. Click Start, right-click Computer, and then click Properties. 2. Under Computer name, domain, and workgroup settings, click Change settings. 3. In the System Properties dialog box, click Change. 4. In the Computer Name/Domain Changes dialog box, select Domain, type Contoso.com, and then, in Computer Name, type enggmachine1.contoso.com. 5. Click More, and then, in Primary DNS suffix of this computer, type Contoso.com. 6. Click OK two times. 7. When prompted for a user name and password, type the user name and password for the User1 account, and then click OK. 8. When you see a dialog box that welcomes you to the Contoso.com domain, click OK. 9. When you see a dialog box that tells you that you must restart the computer to apply changes, click OK. 10. In the System Properties dialog box, click Close. 11. In the dialog box that prompts you to restart the computer, click Restart the computer now.

Check DNS Records for entry of the Windows-based DHCP client


Next, check for DHCP Client 1 entry in DNS Records.

Open the DNS console


Click Start, click Run, type dnsmgmt.msc, and then press ENTER. Leave this window open to view DNS records. Click the DNS node, select the DNS server, and then double-click the Forward Lookup Zones node. Click the Contoso.com domain. There should be one entry for DHCP Client 1. The FQDN should be enggmachine1.contoso.com in the Name column, Host (A) in the Type column, and the IPv4 address issued by the DHCP server in the Data column.

Configure non-Windows-based DHCP clients


DHCP Client 2 and DHCP Client 3 are computers running non-Windows-based DHCP clients, such as Linux, Solaris, or Unix, that demonstrate a non-Windows-based DHCP client request for an IP Address from the DHCP server in the domain. To configure the non-Windows-based DHCP clients, complete the following tasks:

Install the operating system and configure the computers to be part of the domain. On each client computer, configure TCP/IP to obtain an IP Address automatically from DHCP Server 1 in the domain and also to obtain the DNS server IPv4 address automatically. Verify network connectivity. Join the DHCP clients to the domain, giving both the same FQDN of enggmachine2.contoso.com. Then, if required, restart the computer.

Check DNS Records for entry of the non-Windows-based DHCP clients To open the DNS console
1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. 2. Leave this window open to view DNS records. 3. Click DNS, select the DNS server, and then double-click Forward Lookup Zones.

4. Click the Contoso.com domain. 5. In the right pane, there should now be two entries for DHCP Client 2. One entry records the FQDN enggmachine2.contoso.com in the Name column, Host (A) in the Type column, and the IPv4 address issued by the DHCP server in the Data column. The second entry records FQDN enggmachine2.contoso.com in the Name column, DHCID in the Type column, and some alphanumeric (unique DHCID for this record) number in the Data column. DHCP Client 3 tries to register with the same FQDN as DHCP Client 2, but cannot because there are already DNS records for both DHCP Client 1 and DHCP Client 2 available in the DNS server. Although it did obtain a DHCP address from DHCP Server 1, DHCP client 3 is unable to add an entry in DNS.

Appendix
This appendix helps you with troubleshooting techniques and the setting of optional features in Windows Server 2008 R2 and Windows 7.

Review DHCP client events


Reviewing information contained in DHCP client events can help you with troubleshooting. It can also help you understand DHCP client functionality.

To review DHCP client events in Event Viewer


1. Click Start, point to All Programs, click Accessories, and then click Run. 2. Type eventvwr.msc, and then press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Windows Logs\System. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event, and then click Event Properties to open a new window for reviewing events.

Review DHCP server events


Reviewing information contained in Windows System events on your DHCP servers can help you with troubleshooting. It can also help you understand DHCP server functionality.

To review DHCP server events in Event Viewer


1. Click Start, and then click Run. 2. Type eventvwr.msc, and then press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Custom Views\Server Roles\DHCP Server. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event, and then click Event Properties to open a new window for reviewing events. The following are the events pertaining to this feature:

1340 - EVENT_SERVER_DNSDHCID_FAIL The DNS registration for DHCPv4 Client IP address %1 , FQDN %2, and DHCID %3 is denied as there is probably an existing client with same FQDN already registered with DNS. 1340 - EVENT_SERVER_DNSDHCID_FAIL The DNS registration for DHCPv6 Client IPv6 address %1 , FQDN %2, and DHCID %3 is denied as there is probably an existing client with same FQDN already registered with DNS.

2013 Microsoft. All rights reserved.

DHCP Step-by-Step Guide: Demonstrate DHCP Split Scope with Delay on a Secondary Server in a Test Lab
16 out of 19 rated this helpful A Dynamic Host Configuration Protocol (DHCP) split-scope configuration using multiple DHCP servers allows for increased fault tolerance and redundancy over using only one DHCP server. The new Split-scope Wizard in Windows Server 2008 R2 replaces the more error prone manual split-scope configuration method used in earlier versions of Windows Server. The wizard-based configuration, along with the advent of scope properties, enables IT Professionals to minimize the possibility of depletion of address pools. The new split-scope configuration employs a secondary DHCP server with a time delay that is configured in its scope properties. The time delay on the secondary DHCP server causes it to respond with a delay to DHCP DISCOVER requests from DHCP clients, enabling the primary DHCP server to respond to and accept the DHCPOFFER first. In the event that the primary DHCP server becomes unavailable, the secondary DHCP server can continue distributing addresses until the primary server is available to service clients again. The split-scope configuration is a server-side enhancement and therefore requires no client configuration to work. Only IPv4 scopes benefit from a split-scope configuration because IPv6 was designed to alleviate address exhaustion. The following step-by-step instructions guide you in deploying a DHCP split-scope with delay on a secondary server in a test lab.

In this guide
This step-by-step guide contains an introduction to using DHCP with a split scope on a secondary server, with delay, and instructions for setting up a test lab using two DHCP servers and one DHCP client. Important The following instructions are for configuring a test lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is not designed to reflect best practices, nor does it reflect a recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network.

Scenario overview
In this test lab, a DHCP split-scope is configured on two computers running Windows Server 2008 R2 (primary and secondary) with DHCP installed. A delay is configured on the secondary server. A computer running Windows 7 with the DHCP Client service is used to demonstrate proper functioning of the configuration. A computer running Windows Server 2003 is also used in the test lab as a domain controller and DNS server.

Software requirements
The following are required components of the test lab:

The product disc for Windows Server 2008 R2. The product disc for Windows Server 2003 with Service Pack 2 (SP2). The product disc for Windows 7.

Note This lab demonstrates a mixed server environment using both Windows Server 2008 R2 and Windows Server 2003. However, you could deploy a pure Windows Server 2008 R2 server environment if you do not require interaction between the two different server versions.

Steps for configuring the test lab


1. Configure DC1 DC1 is a server running the Windows Server 2003 SP2 operating system. DC1 is configured as a domain controller with Active Directory Domain Services AD DS), and as the primary DNS server for the intranet subnet. 2. Configure DHCP Server 1 and DHCP Server 2 DHCP Server 1 and DHCP Server 2 are servers running Windows Server 2008 R2. DHCP Server 1 is configured with the DHCP Server service, and functions as a primary DHCP server with split-scope configuration. DHCP Server 2 is configured with the DHCP Server service, and functions as a secondary DHCP server with split-scope configuration. 3. Configure DHCP Client 1 DHCP Client 1 is a client computer running Windows 7. DHCP Client 1 is configured with the DHCP client requesting an IP address from DHCP Server 1 and DHCP Server 2.

After all the computers are configured, this guide provides steps for a demonstration of DHCP split scope with delay configured on the secondary server. The following sections provide details about how to perform these tasks.

Configure DC1
DC1 is a computer running Windows Server 2003 Standard Edition with SP2, which provides the following services:

A domain controller for the Contoso.com AD DS domain. A DNS server for the Contoso.com DNS domain.

To configure DC1, complete the following tasks:

Install the operating system. Configure Transmission Control Protocol/Internet Protocol (TCP/IP). Install AD DS and DNS. Create a user account and group in AD DS.

The following sections explain these steps in detail.

Install the operating system on DC1


Install Windows Server 2003 SP2 as a stand-alone server.

To install the operating system on DC1


1. Start your computer using the Windows Server 2003 product disc. 2. When prompted for a computer name, type DC1.

Configure TCP/IP on DC1


Configure the TCP/IP protocol with a static IP address of 172.16.1.1 and the subnet mask of 255.255.255.0.

To configure TCP/IP on DC1


1. Click Start, click Control Panel, and then double-click Network Connections. 2. Right-click Local Area Connection, and then click Properties. 3. Click Internet Protocol (TCP/IP), and then click Properties. 4. Select Use the following IP address. Type 172.16.1.1 next to IP address and 255.255.255.0 next to Subnet mask. 5. Verify that Preferred DNS server is blank 6. Click OK, click Close, and then close the Network Connections window.

Configure DC1 as a domain controller and DNS server


DC1 serves as the only domain controller and DNS server for the Contoso.com domain.

To configure DC1 as a domain controller and DNS server


1. To start the AD DS Installation Wizard, click Start, click Run, type dcpromo, and then press ENTER. 2. In the AD DS Installation Wizard dialog box, click Next. 3. Operating system compatibility information is displayed. Click Next again. 4. Verify that Domain controller for a new domain is selected, and then click Next. 5. Verify that Domain in a new forest is selected, and then click Next two times. 6. On the Install or Configure DNS page, select No, just install and configure DNS on this computer, and then click Next. 7. Type Contoso.com next to Full DNS name for new domain, and then click Next. 8. Confirm that the Domain NetBIOS name shown is CONTOSO, and then click Next.

9. Accept the default Database Folder and Log Folder directories, and then click Next. 10. Accept the default folder location for Shared System Volume, and then click Next. 11. Verify that Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems is selected, and then click Next. 12. Leave the Restore Mode Password and Confirm Password text boxes blank, and then click Next. 13. View the summary information provided, and then click Next. 14. Wait while the wizard completes configuration of AD DS and DNS services, and then click Finish. 15. When prompted to restart the computer, click Restart Now. 16. After the computer is restarted, log on to the CONTOSO domain using the Administrator account.

Create a user account in AD DS


Next, create a user account in AD DS. This account is used when logging in to DHCP Server 1 and DHCP Server 2.

To create a user account in AD DS


1. Click Start, point to Administrative Tools, and then click AD DS Users and Computers. 2. In the console tree, double-click Contoso.com, right-click Users, point to New, and then click User. 3. In the New Object - User dialog box, next to Full name, type User1, and in User logon name, type User1. 4. Click Next. 5. In Password, type the password that you want to use for this account, and in Confirm password, type the password again. 6. Clear the User must change password at next logon check box, and select the Password never expires check box. 7. Click Next, and then click Finish. 8. Leave the AD DS Users and Computers console open for the following procedure.

Add user1 to the DHCP Administrators group


Next, add the newly created user to the DHCP Administrators group and use it for all of the configuration activities.

To add a user to the DHCP Administrators group


1. In the AD DS Users and Computers console tree, click Users. 2. In the details pane, double-click DHCP Administrators. 3. In the DHCP Administrators Properties dialog box, click the Members tab, and then click Add. 4. Under Enter the object names to select (examples), type User1, the user name that you created in the previous procedure, and then click OK two times. 5. Leave the AD DS Users and Computers console open for the following procedure.

Configure DHCP Server 1 and DHCP Server 2


For the test lab, DHCP Server 1 and DHCP Server 2 are running Windows Server 2008 R2, and host the DHCP service as primary server and secondary server respectively for split-scope configuration, which provides IP addresses and leases for the requesting DHCP clients. To configure DHCP Server 1 and DHCP Server 2, complete the following tasks:

Install the operating system. Configure TCP/IP. Join the computer to the domain. Install DHCP server roles. Configure DHCP.

Install Windows Server 2008 R2 To install Windows Server


1. Start your computer using the Windows Server 2008 R2product CD. 2. When prompted for the installation type, select Custom. 3. Follow the instructions that appear on your screen to finish the installation.

Next, install the DHCP server role on DHCP Server 1 and DHCP Server 2.

Install the DHCP server role


1. Click Start, and then click Server Manager. 2. Under Roles Summary, click Add roles, and then click Next. 3. On the Select Server Roles page, select the DHCP server, and then click Next two times. 4. On the Select Network Connection Bindings page, verify that 172.16.1.2 is selected, and then click Next on DHCP Server 1. Similarly, on the Select Network Connection Bindings page, verify that 172.16.1.3 is selected, and then click Next on DHCP Server 2. 5. On the Specify IPv4 DNS Server Settings page, verify that contoso.com is listed under Parent domain. 6. Type 172.16.1.1 under Preferred DNS server IP address, and then click Validate. Verify that the result returned is valid, and then click Next. 7. On the Specify WINS Server Settings page, accept the default setting of WINS is not required on this network, and then click Next and skip to step 11 below. 8. On the Add or Edit DHCP Scopes page, click Add for DHCP Server 1 only. Important Do not add a DHCP scope on DHCP Server 2. A scope will be added automatically by the split scope wizard. For DHCP Server 2, click Next. 9. In the Add Scope dialog box, type SS Scope next to Scope Name. Next to Starting IP Address, type 172.16.1.4, next to Ending IP Address, type 172.16.1.204, and next to Subnet Mask, type 255.255.255.0. 10. Select the Activate this scope check box, click OK, and then click Next. 11. On the Configure DHCPv6 Stateless Mode page, select Disable DHCPv6 stateless mode for this server, and then click Next. 12. On the Authorize DHCP Server page, select Use current credentials. Verify that CONTOSO\user1 is displayed next to Username, and then click Next. 13. On the Confirm Installation Selections page, click Install. 14. Verify the installation was successful, and then click Close.

Configure DHCP on DHCP Server 1 and DHCP Server 2


DHCP Server 1 and DHCP Server 2 are the member servers that provide DHCP addressing. The DHCP service was partially configured during installation with Server Manager on both of these servers. Configure identical reservations on both the DHCP servers so that either DHCP servers can assign the reserved IP address.

Open the DHCP console To open the DHCP console


1. Click Start, click Run, type dhcpmgmt.msc, and then press ENTER. 2. Leave this window open for all DHCP configuration tasks.

Configure the default user class on DHCP Server 1


Next, configure scope options for the default user class. These server options are used when a client computer attempts to access the network and obtain an IP address from the DHCP server.

To configure default user class scope options

1. In the DHCP console tree, under Scope [172.16.0.0] SS Scope, right-click Scope Options, and then click Configure Options. 2. On the Advanced tab, verify that Default User Class is selected next to User class. 3. Select the 006 DNS Servers check box, in IP Address, under Data entry, type 172.16.1.1, and then click Add. 4. Select the 015 DNS Domain Name check box, in String value, under Data entry, type contoso.com, and then click OK. Note The 003 Router option is configured in the default user class if a default gateway is required for client computers. Because all computers in the test lab are located on the same subnet, this option is not required.

Configure a split scope using the wizard on DHCP Server 1 and DHCP Server 2
Next, configure a split-scope deployment on DHCP Server 1 and DHCP Server 2 by launching the Split-scope Wizard on the scope to be split-scoped on DHCP Server 1.

To configure a split scope using the wizard


1. In the DHCP console tree, right-click Scope [172.16.0.0] SS Scope, and then click Advanced > Split-Scope. 2. The DHCP Split-Scope Configuration wizard is launched. 3. On the Percentage of Split page, set the configuration for a ratio of 80:20 by assigning DHCP Server 1 to exclude addresses 172.16.1.164 to 172.16.1.204, and DHCP Server 2 to exclude 172.16.1.4 to 172.16.1.163. See the example below.

4. Click Next, and then on the Delay in DHCP Offer page, configure DHCP Server 1 with a value of 0 (default) and configure Added DHCP Server (DHCP Server 2) for 1000 milliseconds. This enables DHCP Server 2 to offer DHCP OFFER messages only after a delay of 1000 milliseconds, thereby preventing the exhaustion of IPv4 addresses from the required scope of DHCP Server 2.

Configure DHCP Client 1


DHCP Client 1 and DHCP Client 3 are computers running Windows 7that you use to demonstrate as a typical DHCP client that requests for an IP address from the DHCP server in the domain. To configure DHCP Client 1, complete the following tasks:

Install the operating system. Configure TCP/IP. Verify network connectivity. Join the computer to the domain and restart the computer.

Install Windows 7 on DHCP Client 1

To install the operating system on DHCP Client 1


1. Start your computer using the product disc for Windows 7. 2. When prompted for the installation type, select Custom Installation. 3. When prompted for a computer name, type DHCP Client 1. 4. On the Select your computer's current location page, click Work. 5. Follow the rest of the instructions that appear on your screen to finish the installation.

Configure TCP/IP on DHCP Client 1 To configure TCP/IP on DHCP Client 1


1. Click Start, and then click Control Panel. 2. Click Network and Internet, click Network and Sharing Center, and then click Manage network connections. 3. Right-click Local Area Connection, and then click Properties. 4. In the Local Area Connection Properties dialog box, clear the Internet Protocol Version 6 (TCP/IPv6) check box. This reduces the complexity of the lab, particularly for those who are not familiar with IPv6. 5. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties. 6. Verify that Obtain an IP address automatically and Obtain DNS server address automatically are selected. 7. Click OK, and then click Close to close the Local Area Connection Properties dialog box. 8. Close the Network Connections and Network and Sharing Center windows.

Join DHCP Client 1 to the Contoso.com domain


Because DHCP Client 1 now has access to domain services, it can be joined to the domain.

To join DHCP Client 1 to the Contoso.com domain


1. Click Start, right-click Computer, and then click Properties. 2. Under Computer name, domain, and workgroup settings, click Change settings. 3. In the System Properties dialog box, click Change. 4. In the Computer Name/Domain Changes dialog box, select Domain, type Contoso.com, and then type enggmachine1.contoso.com in Computer Name. 5. Click More, and then, in Primary DNS suffix of this computer, type Contoso.com. 6. Click OK two times. 7. When prompted for a user name and password, type the user name and password for User1 account, and then click OK. 8. When you see a dialog box that welcomes you to the Contoso.com domain, click OK. 9. When you see a dialog box that tells you that you must restart the computer to apply changes, click OK. 10. In the System Properties dialog box, click Close. 11. In the dialog box that prompts you to restart the computer, click Restart the computer now.

Renew the IP addressing of DHCP Client 1


Next, obtain a new IP address profile for DHCP Client 1 from DHCP.

To renew the IP address of DHCP Client 1


On DHCP Client 1, in the Command Prompt window, type ipconfig /renew, and then press ENTER. In the Command Prompt window, type ping 172.16.1.1, and then press ENTER.

Verify that the response reads Reply from 172.16.1.1." In the Command Prompt window, type ipconfig, and then press ENTER. In the command output, verify that the value of Connection-specific DNS Suffix is contoso.com and that the value of Subnet Mask is 255.255.255.0. In the Command Prompt window, type route print -4, and then press ENTER. In the command output, below Active Routes, verify that a Network Destination of 172.16.1.1 is displayed.

Stop DHCP Server 1


To demonstrate that DHCP Server 2 continues to distribute IP addresses to clients in the absence of DHCP Server 1, take DHCP Server 1 offline.

To stop the DHCP Server service on DHCP Server 1


1. In the DHCP console tree, right-click DHCP Server 1, point to All Tasks and then click Stop.

Renew the IP address of DHCP Client 1


Next, obtain a new IP address profile for DHCP Client 1 from DHCP Server2.

To renew the IP address of DHCP Client 1


On DHCP Client 1, in the Command Prompt window, type ipconfig, and then press ENTER. In the command output, verify that the IP address is 172.16.1.164 from DHCP Server 1. In the Command Prompt window, type ipconfig /renew, and then press ENTER. In the command output, verify that the IP address is 172.16.1.4 from DHCP Server 2.

Start DHCP Server 1


To demonstrate that DHCP Server 1 resumes distribution of IP addresses to when it is brought back online, restart, DHCP Server 1.

To restart the DHCP Server service on DHCP Server 1


1. In the DHCP console tree, right-click DHCP Server1, rest on All Tasks, and then click Start.

Renew the IP address of DHCP Client 1


Next, obtain a new IP address profile for DHCP Client 1 from DHCP Server 1.

To renew the IP address of DHCP Client 1


On DHCP Client 1, in the Command Prompt window, type ipconfig, and then press ENTER. In the command output, verify that the IP address is 172.16.1.4 from DHCP Server 2. In the Command Prompt window, type ipconfig /renew, and then press ENTER. In the command output, verify that the IP address is 172.16.1.164 from DHCP Server 1.

Appendix
This appendix helps you with troubleshooting techniques and the setting of optional features in Windows Server 2008 R2 and Windows 7.

Review DHCP client events

Reviewing information contained in DHCP client events can help you with troubleshooting. It can also help you understand DHCP client functionality.

To review DHCP client events in Event Viewer


1. Click Start, point to All Programs, click Accessories, and then click Run. 2. Type eventvwr.msc, and then press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Windows Logs\System. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event, and then click Event Properties to open a new window for reviewing events.

Review DHCP server events


Reviewing information contained in Windows System events on your DHCP servers can help you with troubleshooting. It can also help you understand DHCP server functionality.

To review DHCP server events in Event Viewer


1. Click Start, and then click Run. 2. Type eventvwr.msc, and then press ENTER. 3. In the left tree, navigate to Event Viewer (Local)\Custom Views\Server Roles\DHCP Server. 4. Click an event in the middle pane. 5. By default, the General tab is displayed. Click the Details tab to view additional information. 6. You can also right-click an event, and then click Event Properties to open a new window for reviewing events. The following are the events pertaining to this feature:

1340 - EVENT_SERVER_DNSDHCID_FAIL The DNS registration for DHCPv4 Client IP address %1 , FQDN %2, and DHCID %3 is denied as there is probably an existing client with same FQDN already registered with DNS. 1340 - EVENT_SERVER_DNSDHCID_FAIL The DNS registration for DHCPv6 Client IPv6 address %1 , FQDN %2, and DHCID %3 is denied as there is probably an existing client with same FQDN already registered with DNS.

2013 Microsoft. All rights reserved.