When you install the DHCP Server service, many advanced features are configured for you automatically, including audit logging, network bindings, integration with DNS, and DHCP database backups. All of these features can be fine-tuned to optimize performance, and many of these features, such as auditing, logging, and backups, should be periodically monitored.
Auditing logging is enabled by default for the DHCP Server service and is used to track DHCP processes and requests in log files. The DHCP logs are stored in the %SystemRoot%System32 DHCP folder by default. In this folder you'll find a different log file for each day of the week. For example, the log file for Monday is named DhcpSrvLog-Mon.log. When you start the DHCP Server service or a new day arrives, a header message is written to the log file. As shown in Example 25-1, the header provides a summary of DHCP events and their meanings. The header is followed by the actual events logged by the DHCP Server service. The event IDs and descriptions are entered because different versions of the DHCP Server service can have different events.
Example 25-1. DHCP Server Log File
Microsoft DHCP Service Activity Log
Event ID Meaning
00 The log was started.
01 The log was stopped.
02 The log was temporarily paused due to low disk space.
10 A new IP address was leased to a client.
11 A lease was renewed by a client.
12 A lease was released by a client.
13 An IP address was found to be in use on the network.
14 A lease request could not be satisfied because the scope's
address pool was exhausted.
15 A lease was denied.
16 A lease was deleted.
17 A lease was expired.
24 IP address cleanup operation has began.
25 IP address cleanup statistics.
30 DNS update request to the named DNS server
31 DNS update failed
32 DNS update successful
50+ Codes above 50 are used for Rogue Server Detection information.
ID,Date,Time,Description,IP Address,Host Name,MAC Address
00,03/04/04,11:30:26,Started,,,,
55,03/04/04,11:30:27,Authorized(servicing),,cpandl.com,,
10,03/04/04,11:56:03,Assign,192.168.1.1,corpserver03.cpandl.com,2324AE67B4E8,
12,03/04/04,11:56:32,Release,192.168.1.1,corpserver03.cpandl.com,2324AE67B4E8,
10,03/04/04,12:01:45,Assign,192.168.1.20,corpserver03.cpandl.com,2324AE67B4E8,
15,03/04/04,12:03:41,NACK,192.168.0.100,,2324AE67B4E8,
11,03/04/04,12:03:42,Renew,192.168.1.20,becka.,2324AE67B4E8,
24,03/04/04,12:30:30,Database Cleanup Begin,,,,
25,03/04/04,12:30:30,0 leases expired and 0 leases deleted,,,,
25,03/04/04,12:30:30,0 leases expired and 0 leases deleted,,,,
24,03/04/04,13:30:35,Database Cleanup Begin,,,,
25,03/04/04,13:30:35,0 leases expired and 0 leases deleted,,,,
25,03/04/04,13:30:35,0 leases expired and 0 leases deleted,,,,
01,03/04/04,14:10:23,Stopped,,,,
00,03/04/04,14:10:37,Started,,,,
55,03/04/04,14:10:37,Authorized(servicing),,cpandl.com,,
01,03/04/04,20:15:50,Stopped,,,,The events in the audit logs can help you troubleshoot problems with a DHCP server. As you examine Example 25-1, the first event entry with ID 00 tells you the DHCP Server service was started. The second event entry with ID 55 tells you the DHCP Server is authorized to service the cpandl.com domain. Every hour that the service is running, it also performs cleanup operations. Database cleanup is used to check for expired leases and leases that no longer apply.
The audit logs also serve as a record of all DHCP connection requests by clients on the network. Events related to lease assignment, renewal, and release are recorded according to the IP address assigned, the client's FQDN, and the client's MAC address.
Declined leases are listed with the event ID 13 and the description of the event is DECLINE. A DHCP client can decline a lease if it detects that the IP address is already in use. The primary reason this happens is that a system somewhere on the network is using a static IP address in the DHCP range or has leased it from another DHCP server during a network glitch. When the server receives the decline, it marks the address as bad in the DHCP database. See the section "Enabling Conflict Detection on DHCP Servers" later in this chapter for details on how IP address conflicts can be avoided.
Denied leases are listed with the event ID 15 and the description of the event is NACK. DHCP can deny a lease to a client that is requesting an address that cannot be provided. This could happen if an administrator terminated the lease or if the client moved to a different subnet where the original IP address held is no longer valid. When a client receives a NACK, the client releases the denied IP address and requests a new one.
As discussed previously, audit logging is enabled by default. If you want to check or change the logging setting, you can do this in the DHCP console. Right-click the server you want to work with, and then select Properties. This displays the dialog box shown in Figure 25-23.
In the General tab, select or clear Enable DHCP Audit Logging as necessary. Afterward, select the Advanced tab. The Audit Log File Path box shows the current folder location for log files. Enter a new folder location or click Browse to find a new location. Click OK. If you change the audit log location, Windows Server 2003 will need to restart the DHCP Server service. When prompted to confirm that this is OK, click Yes.
The DHCP Server service should bind automatically to the first NIC on the server. This means that the DHCP Server service should use the IP address and TCP/IP configuration of this network interface to communicate with clients. In some instances, the DHCP Server service might not bind to any available network interface or it might bind to a network interface that you don't want it to use. To resolve this problem, you must bind the DHCP Server service to a specific network interface by following these steps:
In the DHCP console, right-click the server you want to work with, and then select Properties.
In the Advanced tab of the Properties dialog box, click Bindings to display the Bindings dialog box. This dialog box displays a list of available network connections for the DHCP server.
If you want the DHCP Server service to use a connection to service clients, select the option for the connection. If you don't want the service to use a connection, clear the related option.
Click OK.
Using the DNS Dynamic Update protocol, DHCP clients running Windows 2000 or later can automatically update their forward (A) and reverse lookup (PTR) records in DNS or request that the DHCP server does this for them. Clients running versions of the Windows operating system earlier than Windows 2000 can't dynamically update any of their records, so DHCP must do this for them. In either case, when the DHCP server is required to update DNS records, this requires integration between DHCP and DNS.
In the default configuration of DHCP, a DHCP server will update DNS records for clients only if requested but will not update records for clients running versions of the Windows operating system earlier than Windows 2000. To change this behavior, start the DHCP console, right-click the server you want to work with, and then select Properties. Select the DNS tab, as shown in Figure 25-24, then choose Dynamically Update DNS A And PTR Records For DHCP Clients That Do Not Request Updates. Don't change the other settings. These settings are configured by default, and you don't need to modify the configuration in most cases.
No two computers on the network can have the same unicast IP address. If a computer is assigned the same unicast IP address as another, one or both of the computers might become disconnected from the network. To prevent this from happening, DHCP has built-in conflict detection that enables clients to check the IP address they've been assigned by pinging the address on the network. If a client detects that an IP address it has been assigned is in use, it sends the DHCP server a Decline message telling the server that it is declining the lease because the IP address is in use. When this happens, the server marks the IP address as bad in the DHCP database, and then client requests a new lease. This process works fairly well but requires additional time because the client is responsible for checking the IP address, declining a lease, and requesting a new one.
To speed up the process, you can configure DHCP servers to check for conflicts before assigning an IP address to a client. When conflict detection is enabled, the process works in much the same way as before, except the server checks the IP address to see if it is in use and, if so, marks it as bad without interaction with the client. You can configure conflict detection on a DHCP server by specifying the number of conflict detection attempts that the DHCP server will make before it leases an IP address to a client. The DHCP server checks IP addresses by sending a ping request over the network.
You can configure conflict detection in the DHCP console by right-clicking the server you want to work with and then selecting Properties. In the Advanced tab, set Conflict Detection Attempts to a value other than zero. At the command line, type the following command:
netsh dhcp server ServerID set detectconflictretryAttempts
where ServerID is the name or IP address of the DHCP server and Attempts is the number of conflict detection attempts the server should use. You can confirm the setting by typing the following:
netsh dhcp server ServerID show detectconflictretryAfter you finish configuring a DHCP server, you should save the configuration settings so that you can easily restore the server to a known state or use the same settings on another server. To do this, type the following command at the command prompt:
netsh dhcp server dump ServerID >SaveFile
where ServerID is the name or IP address of the DHCP server and SaveFile is the name of the file in which you want to store the configuration settings. Here is an example:
netsh dhcp server dump > dhcpconfig.dmp
If you examine the file Netsh creates, you'll find that it is a Netsh configuration script. To restore the configuration, run the script by typing the following command:
netsh exec SaveFilewhere SaveFile is the name of the file in which you stored the configuration settings. Here is an example:
netsh exec dhcpconfig.dmp
Tip
Copy to a new DHCP server
You can run the script on a different DHCP server to configure it the same as the original DHCP server whose configuration you saved. Copy the configuration script to a folder on the destination computer, and then run it. The DHCP server will be configured like the original server.
Information about leases and reservations used by clients is stored in database files on the DHCP Server. Like any other data set, the DHCP database has properties that you can set and techniques you can use to maintain it.
In the default configuration, these files are stored in the %SystemRoot%System32Dhcp folder, and automatically created backups of the files are stored in %SystemRoot%System32DhcpBackup. The DHCP Server service performs two routine actions to maintain the database:
Database cleanup during which the DHCP Server service checks for expired leases and leases that no longer apply
Database backup during which the DHCP Server service backs up the database files
By default, both maintenance tasks are performed every 60 minutes, and you can confirm this as well as the current DHCP folders being used by typing the following command at the command prompt:
netsh dhcp server ServerID show dbpropertieswhere ServerID is the name or IP address of the DHCP server, such as
netsh dhcp server 192.168.1.50 show dbproperties
The output of this command shows you the current database properties for the DHCP server:
Server Database Properties :
DatabaseName = dhcp.mdb
DatabasePath = C:WINDOWSSystem32dhcp
DatabaseBackupPath = C:WINDOWSSystem32dhcpackup
DatabaseBackupInterval = 60 mins.
DatabaseLoggingFlag = 1
DatabaseRestoreFlag = 0
DatabaseCleanupInterval = 60 mins.Note the DatabaseLoggingFlag and DatabaseRestoreFlag properties. DatabaseLoggingFlag tracks whether audit logging is enabled. If the flag is set to 0, audit logging is disabled. If the flag is set to 1, audit logging is enabled. DatabaseRestoreFlag is a special flag that tracks whether the DHCP Server service should restore the DHCP database from backup the next time it starts. If the flag is set to 0, the main database is used. If the flag is set to 1, the DHCP Server service restores the database from backup, overwriting the existing database.
You can use the following commands to set these properties:
Netsh dhcp server ServerID set databasename NewFileName—Sets the new file name for the database, such as Dhcp1.mdb.
Netsh dhcp server ServerID set databasepath NewPath—Sets the new path for the database files, such as C:DhcpDbfiles.
Netsh dhcp server ServerID set databasebackupinterval NewIntervalMinutes—Sets the database backup interval in minutes, such as 120.
Netsh dhcp server ServerID set databasebackuppathname NewPath—Sets the new path for the database backup files, such as C:DhcpDbbackup.
Netsh dhcp server ServerID set databaseloggingflag FlagValue—Enables or disables audit logging. Set to 0 to disable or 1 to enable.
Netsh dhcp server ServerID set databaserestoreflag FlagValue—Forces DHCP to restore the database from backup when it is started. Set to 1 to restore.
Netsh dhcp server ServerID set databasecleanupinterval NewIntervalMinutes—Sets the database backup interval in minutes, such as 120.
The DHCP database is backed up automatically. You can manually back it up as well at any time. In the DHCP console, right-click the server you want to back up, and then choose Backup. In the Browse For Folder dialog box, select the backup folder, and then click OK.
If a server crash corrupts the database, you might need to restore and then reconcile the database. Start by restoring a good copy of the contents of the backup folder from tape or other archive source. Afterward, start the DHCP console, right-click the server you want to restore, and then choose Restore. In the Browse For Folder dialog box, select the folder that contains the backup you want to restore, and then click OK. During restoration of the database, the DHCP Server service is stopped and then started automatically.
Inside Out: Moving the DHCP database to a new server
You can use the backup and restore procedure to move the DHCP database to a new server. For example, before upgrading a DHCP server or decommissioning it, you could configure a new DHCP server and move the current DHCP database from the old server to the new server. Start by installing the DHCP Server service on the destination server and then restart the server. When the server restarts, log on, and at the command prompt type net stop "dhcp server" to stop the DHCP Server service. Remove the contents of the %SystemRoot%System32Dhcp folder on this server.
Afterward, log on to the original (source) server, and at the command prompt type net stop "dhcp server" to stop the DHCP Server service. In the Services node of Computer Management, disable the DHCP Server service so that it can no longer be started, then copy the entire contents of the %SystemRoot%System32Dhcp folder to the %SystemRoot% System32Dhcp folder on the destination server. Once all the necessary files are on the destination server, type net start "dhcp server" to start the DHCP Server service on the destination server, which completes the migration.
DHCP databases can become corrupt, especially if they've been in use for a long time. If this happens, you'll see error messages in the system event log that have DHCP Server as the event source and reference JET database errors. A typical error might look like this: "The JET database returned the following Error: 510."
You can use the Jetpack.exe utility to repair the database. First, stop the DHCP Server service by typing net stop "dhcp server" at the command prompt. In the command prompt, change to the DHCP database directory, which by default is %SystemRoot%System32Dhcp. To repair the database, type jetpack dhcp.mdb dhcptemp.mdb, where dhcp.mdb is the current name of the DHCP database and dhcptemp.mdb is the name of a temporary file that can be used by the Jetpack utility.
If the Jetpack utility fails to repair the database, you must restore the database from backup or force the DHCP Server service to re-create the database from backup. To do this, stop the DHCP Server service by typing net stop "dhcp server" at the command prompt. Set the DatabaseRestoreFlag using the following command:
netsh dhcp server ServerID set databaserestoreflag 1where ServerID is the name or IP address of the DHCP server and the database restore flag is set to 1 to restore the database from backup. Afterward, start the DHCP Server service by typing net start "dhcp server" at the command prompt.