7/29/2019 Windows 2003 DHCP Server Installation
1/40
Windows 2003 DHCP Server Installation & Configuration:
Introduction
DHCP (Dynamic Host Configuration Protocol) is a protocol that allows clients on a network torequest network configuration settings from a server running the DHCP server service which, in
our case, will be Windows Server 2003. Additionally the protocol allows the clients to self-
configure those network configuration settings without the intervention of an administrator.Some of the settings that a DHCP server can provide to its clients include the IP addresses for the
DNS servers, the IP addresses for the WINS servers, the IP address for the default gateway
(usually a router) and, of course, an IP address for the client itself.
This article will discuss and walk you through the steps of installing and configuring DHCP on a
Windows Server 2003 member server, specifically focusing on setting up a scope and its
accompanying settings. The same configuration can be applied to a standalone server eventhough the step-by-step details differ slightly. The upcoming 'Advanced DHCP Server
Configuration on Windows 2003' article will discuss other DHCP options and features such as
superscopes, multicast scopes, dynamic DNS, DHCP Backup and more.
While our articles make use of specific IP addresses and network settings, you can change these
settings as needed to make them compatible with your LAN This won't require you to makechanges to your LAN, but you'll need to have a slightly stronger understanding of DHCP and
TCP/IP.
Assigning the server a static IP address
Before we install the DHCP server service on Windows Server 2003, we need to assign theWindows server a static IP address. To do this:
1. Go to Start > Control Panel > Network Connections , right-clickLocal Area Connectionand choose Properties .
2. When the Local Area Connection Properties window comes up, select Internet Protocol
(TCP/IP) and click the Propertiesbutton.
3. When the Internet Protocol (TCP/IP) window comes up, enter an IP address , subnet
maskand default gateway IP address that is compatible with your LAN.
We've configured our settings according to our network, as shown below:
7/29/2019 Windows 2003 DHCP Server Installation
2/40
4. Enter192.168.0.252 for the Preferred DNS server and 192.168.1.252 for the Alternate DNS
server. The Preferred and Alternate DNS server IP addresses are optional for the functionality of
the DHCP server, but we will populate them since you typically would in a real-world network.Usually these fields are populated with the IP addresses of your Active Directory domain
controllers.
5. After filling out those fields, clickOKand OKto save and close all windows.
Install DHCP server service on Windows Server 2003
Our server now has a static IP address and we are now ready to install the DHCP server service.
To do this:
1. Go to Start > Control Panel > Add or Remove Programs .
2. When the Add or Remove Programs window launches, click Add/Remove WindowsComponents in the left pane.
7/29/2019 Windows 2003 DHCP Server Installation
3/40
3. When the Windows Components Wizard comes up, scroll down and highlight Networking
Services and then click the Detailsbutton.
4. When the Networking Services window comes up, place a check mark next to Dynamic Host
Configuration Protocol (DHCP) and clickOKand OKagain.
7/29/2019 Windows 2003 DHCP Server Installation
4/40
Note that, during the install, Windows may generate an error claiming that it could not find a file
needed for DHCP installation. If this happens, insert your Windows Server 2003 CD into theserver's CD-ROM drive and browse to the i386 directory. The wizard should automatically find
the file and allow you to select it. After that, the wizard should resume the installation process.
Configure DHCP on Windows Server 2003
DHCP has now been successfully installed and we are ready to configure it. We will create a
new scope and configure some of the scope's options. To begin:
1. Launch the DHCP MMC by going to Start > Administrative Tools > DHCP .
Currently, the DHCP MMC looks empty and the server node in the left pane has a red arrow
pointing down. Keep that in mind because it will be significant later on.
7/29/2019 Windows 2003 DHCP Server Installation
5/40
2. Right-click the server node in the left pane and choose New Scope . This will launch the New
Scope Wizard.
3. On the New Scope Wizard, clickNext .
4. Specify a scope name and scope description. For the scope Name , enter Building A, Floor1 . For the scope Description , enter This scope is for Floor 1 of Building A . Afterwards,
clickNext .
The scope name can be anything, but we certainly want to name it something that describes the
scope's purpose. The scope Description is not required. It is there in case we needed to provide a
broader description of the scope.
5. Specify an IP address range and subnet mask. For the Start IP address enter192.168.0.1, for
the End IP address enter192.168.0.254 . Finally, specify a subnet maskof255.255.255.0 and
clickNext.
Specifying the IP address range of a scope requires some knowledge of subnetting. Each scope in
a DHCP server holds a pool of IP addresses to give out to clients, and the range of IP addressesmust be within the allowed range of the subnet (that you specify on the subnet mask field).
7/29/2019 Windows 2003 DHCP Server Installation
6/40
For simplicity we entered a classful, class C IP address range from 192.168.0.1 to 192.168.0.254.
Notice that the range encompasses the IP address of our server, the DNS servers and the default
gateway, meaning that the DHCP server could potentially assign a client an IP address that isalready in use! Do not worry -- we will take care of that later.
6. Specify IP addresses to exclude from assignment. For the Start IP address , enter
192.168.0.240 and for the End IP address enter 192.168.0.254 , click Add , and then click
Next.
7/29/2019 Windows 2003 DHCP Server Installation
7/40
Certain network devices, such as servers, will need statically configured IP addresses. The IP
addresses may sometimes be within the range of IP addresses defined for a scope. In those cases,you have to exclude the IP addresses from being assigned out by DHCP.
We have the opportunity here to define those IP addresses that are to be excluded. We specified
IP addresses 192.168.0.240 to 192.168.0.254 to ensure we've included our servers plus a few
spare IP addresses for future use.
7. Specify the lease duration for the scope. Verify that Days is 8 and clickNext.
The lease duration is how long clients should keep their IP addresses before having to renew
them.
7/29/2019 Windows 2003 DHCP Server Installation
8/40
There are a few considerations at this point. If a short lease duration is configured, clients will be
renewing their IP addresses more frequently. The result will be additional network traffic and
additional strain on the DHCP server. On the other hand if a long lease duration is configured, IP
addresses previously obtained by decommissioned clients would remain leased and unavailableto future clients until the leases either expire or are manually deleted.
Additionally if network changes occur, such as the implementation of a new DNS server, thoseclients would not receive those updates until their leases expire or the computers are restarted.
As Microsoft states, lease durations should typically be equal to the average time the computeris connected to the same physical network. You would typically leave the default lease duration
in an environment where computers are rarely moved or replaced, such as a wired network. In an
environment where computers are often moved and replaced, such as a wireless network, youwould want to specify a short duration since a new wireless client could roam within range at
any time.
8. Configure DHCP Options. Make sure Yes, I want to configure these settings now isselected and clickNext to begin configuring DHCP options.
DHCP options are additional settings that the DHCP server can provide to clients when it issuesthem with IP addresses. These are the other settings that help clients communicate on the
7/29/2019 Windows 2003 DHCP Server Installation
9/40
network. In the New Scope Wizard we can only configure a few options but from the DHCP
MMC we have several more options.
9. Specify the router IP address. Enter 192.168.0.254 as the IP address of the subnet's router,
clickAdd , and then clickNext .
The first option we can configure is the IP address for the subnet's router for which this scope is
providing IP addresses. Keep in mind that this IP address must be in the same network as the IP
addresses in the range that we created earlier.
10. Configure domain name and DNS servers. On the next page, enter firewall.cx" for the
domain name. Then enter192.168.0.252 for the IP address of a DNS server, click Add , enter
192.168.1.252 as the IP address for another DNS server, and click Add again. When finished,
clickNext.
If you had a DNS infrastructure in place, you could have simply typed in the fully qualifieddomain name of the DNS server and clicked Resolve .
The DNS servers will be used by clients primarily for name resolution, but also for otherpurposes that are beyond the scope of this article. The DNS domain name will be used by clients
when registering their hostnames to the DNS zones on the DNS servers (covered in the
'Advanced DHCP Server Configuration on Windows 2003 ' article).
7/29/2019 Windows 2003 DHCP Server Installation
10/40
11. Configure WINS servers. On the next screen, enter192.168.0.251 as the IP address for the
first WINS server, clickAdd , enter192.168.1.251 as the IP address for the second WINS server,clickAdd again, and then clickFinish .
7/29/2019 Windows 2003 DHCP Server Installation
11/40
12. Finally, the wizard asks whether you want to activate the scope. For now, choose No, I will
activate this scope later and clickNext and then Finish to conclude the New Scope Wizardand return to the DHCP MMC.
At this point we almost have a functional DHCP server. Let us go ahead and expand the scope
node in the left pane of the DHCP MMC to see the new available nodes:
Address Pool Shows the IP address range the scope offers along with any IP address
exclusions.
Address LeasesShows all the leased IP addresses.
Reservations Shows the IP addresses that are reserved. Reservations are made by
specifying the MAC address that the server would listen to when IP address requests are
received by the server. Certain network devices, such as networked printers, are best configured
with reserved IP addresses rather than static IP addresses.
Scope Options Shows configured scope options. Some of the visible options now are
router, DNS, domain name and WINS options.
7/29/2019 Windows 2003 DHCP Server Installation
12/40
Server Options Shows configured server options. This is similar to scope options except
that these options are either inherited by all the scopes or overridden by them (covered in
'Advanced DHCP Server Configuration on Windows 2003 ' article).
Earlier, we only defined exclusions for our servers, router plus a few more spare IP addresses. In
case you need to exclude more IP addresses, you can do it at this point by following theseinstructions:
13. Select and right-clickAddress Pool and choose New Exclusion Range.
14. When the Add Exclusion window comes up, enter the required range and then clickAdd. Inour example, we've excluded the addition range 192.168.0.230 - 192.168.0.232.
Notice that the server node and scope node still has a red arrow pointing down. These red arrowspointing down mean that the server and scope are not turned on.
The concept of turning on the scope is called activating and the concept of turning on the
server for DHCP service is called authorizing. Security has some influence in the concept of
authorizing a DHCP server and, to authorize a DHCP server, you must be a member of theEnterprise Admins Active Directory group.
15. Right-click the server (server001.firewall.cx) and choose Authorize , then right-click the
scope (Building A, Floor 1) and choose Activate . If the red arrows remain, refresh the MMC by
going to Action > Refresh .
7/29/2019 Windows 2003 DHCP Server Installation
13/40
Congratulations! At this point, you should have a working DHCP server capable of providing IPaddresses!
7/29/2019 Windows 2003 DHCP Server Installation
14/40
Windows 2003 DHCP Server Advanced Configuration - Part 1
Introduction
In this article, we will cover more advanced DHCP features and topics such as server options,superscopes, multicast scopes, dynamic DNS, DHCP database backup and restoration, DHCP
migration, and DHCP troubleshooting. We will cover these topics in two ways: by building out
from our earlier implementation and by using our imagination!
Ok, using our imagination for this purpose may seem silly but doing so will give us the
opportunity to indirectly learn how, why, and where these advanced DHCP features and topics
come into play in a real-world network and how other networking technologies are involved in aDHCP implementation.
We will imagine that we are building our DHCP server for a company that has two buildings,Building A and Building B, each with a single floor (for now). Building A is on a 192.168.0.0/24
network and Building B is on a 192.168.1.0/24 network.
Although each building has its own DNS server (192.168.0.252 and 192.168.1.252), WINS
server (192.168.0.251 and 192.168.1.251) and Cisco Catalyst 4507R-E switch (192.168.0.254and 192.168.1.254), only a single DHCP server exists it is the one that we have been building
and it resides in Building A.
The clients and servers in each building connect to their respective Cisco Catalyst switches and
the switches are uplinked to a Cisco router for Internet connectivity. The only notableconfiguration is with the Building B switch: It is configured with the ip helper-address
192.168.0.253 command.
The ip helper-address command tells the switch to forward DHCP requests in the local subnet to
the DHCP server, since the clients in Building B cannot initially communicate with the DHCPserver directly. We are not concerned with any other configuration or networking technologies
for now.
Server Options
The specifications of our imaginary company state that the company has two buildings Building A and Building B. In our first article, we created a scope called Building A, Floor 1
so a scope for our first building is already made. In this article, we will create a scope for
Building B, Floor 1, using the instructions from ourBasic DHCP Configuration articleand thefollowing specifications for the scope:
http://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.html7/29/2019 Windows 2003 DHCP Server Installation
15/40
After creating the scope, we want to activate it as well.
Notice that, in creating this scope, we had to input a lot of the same information from ourBuilding A, Floor 1 scope. In the event that we had several other scopes to create, we would
surely not want to be inputting the same information each time for each scope.
That is where server options are useful. Server options allow you to specify options that all the
scopes have in common. In creating two scopes, we noticed that our scopes had the following in
common:
DNS servers WINS servers Domain name
To avoid having to enter this information again, we will create these options as server options.To do this:
1. On the DHCP MMC, right-clickServer Options and choose Configure Options
7/29/2019 Windows 2003 DHCP Server Installation
16/40
When the Server Options window comes up, take a moment to scroll down through the long list
of available options. Not all options are needed or used in every environment. In some cases,
however, a needed option is not available. For example, Cisco IP phones require Option 150 butbecause that option is not available it would have to be defined manually. Other than that,
options 006 DNS Servers , 015 DNS Domain , and 003 Routerare generally sufficient.
2. Scroll down to option 006 DNS Servers and place a checkmark in its box. This will activate
the Data Entry section. In that section, type 192.168.0.252 for the IP Address and clickAdd.
Then enter192.168.1.252 as anotherIP Address and clickAdd again. This will add those twoservers as DNS servers.
3. Scroll down to option 015 DNS Domain Name and place a checkmark in its box. This willactivate the Data Entry section. In that section, enterfirewall.cx in the String Value text field.
4. Scroll down to option 044 WINS/NBNS Servers and place a checkmark in its box. This willactivate the Data Entry section. In that section, enter192.168.0.251 for the IP Address and click
Add. Then enter192.168.1.251 as another IP Address and click Add again. This will add thosetwo servers as WINS servers.
5. Scroll down to option 046 WINS/NBT Node Type and place a checkmark in its box to
activate the Data Entry section. In that section, enter 0x8 for the Byte text field and clickOK. This will set the workstation node type to 'Hybrid' which is preffered.
Back on the DHCP MMC, if you click on the Server Options node you will see the following:
Subsequent scopes will inherit these options if no scope options are specified. However, if scopeoptions are specified then the scope options would override the server options in assignment.
7/29/2019 Windows 2003 DHCP Server Installation
17/40
If we did have Cisco IP phones in our environment we would define Option 150 as follows:
1. Right-click the server node on the DHCP MMC and choose Set Predefined Options
2. When the Predefined Options and Values window comes up, clickAdd
3. When the Options Type window comes up, type a name for the option such as TFTP Server
for Cisco IP Phones.
4. On the Data Type drop-down menu, select IP Address.
5. On the Code text field, enter 150.
6. On the Description text field, type a description for the scope, such as Used by Cisco IP
Phones.
7. Check the box next to Array
8. ClickOKtwice.
If you go back to the Scope/Server Options window again, you will see Option 150 available.
7/29/2019 Windows 2003 DHCP Server Installation
18/40
Dynamic DNS
At this point, our imaginary network can service a significant number of clients, but those clientscan only be referenced by IP address. Sometimes it is necessary or helpful to reference clients by
their host names rather than IP addresses.
DNS resolves client host names to IP addresses. But for DNS to be able to do that, client host
names and IP addresses must already be registered in DNS. Servers are typically registered
manually in DNS by the administrator, but workstations are not. So how do client workstationsget registered in DNS? The answer is to use dynamic DNS (DDNS), a feature that will allow
clients, or the DHCP server itself, to register clients in DNS automatically upon the client's
assignment of an IP address. Fortunately, DDNS is setup to automatically work in a domainenvironment, granted that DNS is also setup correctly in the network.
To view the options available for DDNS:
1.
On the DHCP MMC, right-click the server node and choose Properties2. When the Properties window comes up, click the DNS tab.If the network has some clients that are not in the domain, have legacy Windows operating
systems, or are not capable of registering their host names and IP addresses in DNS, the twooptions marked below would need to be selected:
7/29/2019 Windows 2003 DHCP Server Installation
19/40
But if that were the case, you would also have to specify credentials that the DHCP server would
use for DDNS on behalf of the clients. To do this, you would:
1. Click the Advanced tab on the Properties window.
1.Click the Credentialsbutton.
2. When the DNS Dynamic Update Credentials window comes up, enter an administratorusername and password andfirewallfor the domain. In a real-world environment, you would
create a separate username and password that would be used solely for DDNS and enter it here
instead.
3. ClickOKtwice to exit the Properties window.
Superscopes
Let us imagine that the number of client workstations in Floor 1 of Building A was expandedbeyond the number of available IP addresses that our Building A, Floor 1 scope could offer.
What would we do to provide IP addresses to those additional clients?
7/29/2019 Windows 2003 DHCP Server Installation
20/40
The following options may appear to be solutions, but they are not always feasible:
1. Extend the scope to include more IP addresses.2. Create an additional scope for that network segment.3. Delete and recreate the scope with a different subnetmask that allows for more hosts.
The problem with the first option is that you may not always be able to extend the scope,
depending on the scope's subnetmask and whether consecutive scopes were created based on that
subnetting. The problem with the second option is that even if you create an additional scope, theDHCP server would not automatically lease out those IP addresses to clients of that physical
network segment. Although the third option could work, this option may not always be optimal
depending on how much additional network-based changes would also be needed to reach thesolution.
There are a few options to solve this issue:
1. Place the additional clients in a separate VLAN and create a scope for that VLAN that isin a completely different network
2. Create a superscope that includes the exhausted scope and a new scope with available IPaddresses
The first option could solve the problem but, since this is a DHCP article, we will address the
problem by using DHCP features, so the second option will be our choice!
Superscopes allow you to join scopes from separate networks into one scope. Then, when one of
the scopes runs out of IP addresses, the DHCP server would automatically start leasing out IPaddresses from the other scopes in that superscope. However, solely creating a superscope is not
the complete solution. As some clients in that network segment would have IP addresses from adifferent network, the segment's router interface would also have to be assigned an additional IP
address that is in the same network as the additional scope.
To use this solution, we first have to create the additional scope. Here are the scope
specifications:
7/29/2019 Windows 2003 DHCP Server Installation
21/40
The scope will inherit the server options for DNS domain name, DNS server and WINS server.
Activate the scope when done.
Now we will create a superscope and place the two Building A scopes in it:
1. On the DHCP MMC, right-click the server node and choose New Superscope2. When the New Superscope Wizard comes up, clickNext3. On the next screen, you are prompted to enter a name for the scope. Enter All of
Building A, Floor 1 and clickNext4. On the next screen, you are asked to select the scopes that will be part of the superscope.
Select the scopes shown below and then clickNext
7/29/2019 Windows 2003 DHCP Server Installation
22/40
5. On the next screen, clickFinish to complete the wizard.
Back on the DHCP MCC, you will see that the two scopes selected earlier have been placed
under a new scopeSuperscope All of Building A, Floor 1.
7/29/2019 Windows 2003 DHCP Server Installation
23/40
Now when the scope titled Building A, Floor 1 runs out of IP addresses, the server will start
issuing IP addresses in Building A, Floor 1 Extended.
Multicast scopes
The most common systems and applications that use multicasting have multicast IP addressesstatically configured or hard-coded in some way. However, for systems and applications that
need multicast IP addresses dynamically assigned, they lease them from a MADCAP (Multicast
Address Dynamic Client Allocation Protocol) server, such as Windows Server 2003.
One example of such an application that leased a multicast IP address from a MADCAP server is
an old application from Windows 2000 called Phone Dialer. This application allowed the
creation of video conferences that people could attend. When creating a conference, theapplication would lease a multicast IP address from the MADCAP server and stream to that IP
address. Clients wishing to join the conference would join that established multicast group.
Setting up a multicast scope is similar to setting up a standard scope:
1. On the DHCP MMC, right-click the server node and choose New Multicast Scope2. When the New Multicast Scope Wizard comes up, clickNext3. On the next screen, specify a Scope Name of Video Conferencing and a Scope
Description of Multicast scope for conference presenters. Afterwards, clickNext
4. On the next screen, enter
239.192.1.0 in the Start IP Address field and 239.192.1.255 in the End IP Address field. Since
this scope will only service video conferences within the company, we define an IP address
7/29/2019 Windows 2003 DHCP Server Installation
24/40
range in the multicast organization local scope range. Leave the TTL at 32. ClickNext when
done.
1. On the next screen, clickNext again. No exclusions need to be defined.2. On the next screen, set the Days to 1 and clickNext3. On the next screen, clickNext to activate the scope.4. On the next screen, clickFinish5. Back on the DHCP MMC, expand the multicast scope that we just created and select
Address Pool . Notice that an exclusion range encompassing the entire pool is also
created. Select it and delete it.
The DHCP server can now provide multicast IP addresses. For the most part, the multicast scope
functions the same as a standard scope. One different feature is that you can set a multicast scope
to automatically expire and delete itself at a certain time.
To configure this:
1. Right-click the multicast scope and choose Properties2. When the Properties window comes up, click the Lifetime tab.3. On the Lifetime tab, select Multicast scope expires on and select when you would like
it to expire. When this date and time is reached, the server automatically deletes the
scope.
7/29/2019 Windows 2003 DHCP Server Installation
25/40
Conclusion
The Advanced DHCP configuration article continues with part 2, covering the DHCP databasebackup and restoration, troubleshooting the DHCP service using audit logs and finally DHCP
Migration.
7/29/2019 Windows 2003 DHCP Server Installation
26/40
Windows 2003 DHCP Server Advanced Configuration - Part 2
Backing up the DHCP database
Our DHCP server is fully functional but it may not always remain that way. We definitely wantto back it up so we can quickly restore the functionality in the event of a disaster.
The DHCP scopes, settings and configuration are actually kept in a database file, and thedatabase is automatically backed up every 60 minutes. But to manually back it up:
On the DHCP MMC, right-click the server node and choose Backup When the Browse for Folder window comes up, verify that it points to C
:\windows\system32\dhcp\backup and clickOK:
Restoring the DHCP database
Let us imagine that a disaster with the DHCP server did occur and that we now have to restorethe DHCP functionality. Restoring the DHCP database is just as simple as backing it up:
1. 1. On the DHCP MMC, right-click the server node and choose Restore2. 2. When the Browse for Folder window comes up, clickOK3. 3. You will receive a prompt informing you that the DHCP service will need to be
stopped and restarted for the restore to take place. ClickOK
The DHCP database will then be restored.
7/29/2019 Windows 2003 DHCP Server Installation
27/40
Troubleshooting DHCP
Let us imagine that, after restoring the database, the DHCP server developed some issues and
started malfunctioning. Luckily, DHCP comes equipped with several tools to help ustroubleshoot.
Event Viewer
The Event Viewer displays events that the server has reported and whether those events represent
actual issues or normal operation. Most of the issue events related to DHCP will be reported inthe System log of the Event Viewer with a Source of DHCPServer.
To view the Event Viewer:
1. Go to Start > Administrative Tools > Event Viewer2. When the Event Viewer window comes up, click the System log on the left pane and its
events will be displayed on the right pane.
Depending on how active the server is, the System log may be cluttered with Information,
Warning and Error events that are unrelated to DHCP. To see only DHCP issues, filtering non-
important events is necessary. To do this:
1. Go to the View > Filter2.
When the System Properties window comes up, click on the Event Source drop-downmenu and select DHCPServer . This tells the log to display only DHCP server events.
3. Next, uncheck the box next to Information . This tells the log to display only eventsregarding issues.
4. (Optional) On the From and To drop-down menus on the bottom, adjust the time and dateframe to when an issue was suspected to have occurred.
5. When finished, clickOK
The System log is now displaying only DHCP Warning and Error events. This should cause any
DHCP-related issues to stick out:
7/29/2019 Windows 2003 DHCP Server Installation
28/40
Every event has an Event ID. In case a particular event's description is too vague to understand,
you may have to research the Event ID for further clarification.
DHCP Audit Logs
Another DHCP troubleshooting tool is the DHCP audit logs. These logs display detailed
information about what the DHCP server has been doing. If a client leases an IP address, renews
its IP address, or releases its IP address, the DHCP server will audit this activity.
More concerning events are also audited: if the DHCP server service stops, encounters a rogue
DHCP server in the network, or fails to start, the server will audit this issue as well. These logsprovide closer visibility into what the DHCP server is doing.
To access the DHCP audit logs:
1. Go to Start > Run2. When the Run box comes up, type c:\windows\system32and clickOK3. When the System32 folder comes up, navigate to and double-click the dhcp folder.
In the dhcp folder, the log files will be titled DhcpSrvLog -%WeekDay%. log, where
%WeekDay% is a week day. There should be one for the past six days.
7/29/2019 Windows 2003 DHCP Server Installation
29/40
The log may appear overwhelming, but it is very simple to read. Each line contains several
pieces of information but the most important is the code at the beginning of the line, since thatdescribes what is being audited. That code is defined on the top portion of the log file. As each
line is comma-separated you can actually save the log file in .csv format and open it in Excel for
easier and more convenient reading and analysis.
Protocol Analyzer
Although a protocol analyzer is not an official DHCP troubleshooting tool, it is nonetheless anexcellent tool for troubleshooting issues where the server is not servicing clients. In such
situations you would use the protocol analyzer on the server to determine whether DHCP
Discover/Request packets from clients are arriving at the server at all or if they are arriving butbeing ignored by the server.
If you find that the packets are not arriving at the server at all, you would have isolated the
problem to most likely being a routing issue or an issue with any relay agents/configured IP
helpers in the network.
However, if you find that the packets are arriving but being ignored by the server, then you
would have isolated the problem to either residing on the server or the configuration of DHCP.
The screen shot below, of Wireshark, shows that the server received a DHCP Discover packet
from a client and properly responded to it.
7/29/2019 Windows 2003 DHCP Server Installation
30/40
DHCP Migration
Continuing from our previous storyline, let us pretend that we found the issue that was affecting
our DHCP server but to fix it we would have to take the DHCP server offline for a considerableamount of time, so for the time being we will just setup a different server as our DHCP server.
To accomplish this, we will have to transfer the DHCP database to our new server. Migrating theDHCP database is not only done in situations such as this. When a DHCP server is
decommissioned, for example, you would need to transfer the DHCP database to the new server.
Although the transfer can technically be done in more than one way, presented below is one
method. Regardless of the approach chosen, you should aim to minimize the amount of time that
both DHCP servers are simultaneously active and able to service clients as this would increasethe chances of one server leasing an IP address that is already in use.
1. On the old server, go to Start > Run , type cmd, and clickOK.2. When the Command Prompt window comes up, type netsh dhcp server export
c:\dhcp_backup.txt alland hit Enter. This command exports all the scopes in the DHCP
database to a file titled dhcp_backup.txt.3. Copy the export file ( dhcp_backup.txt) to the new server.4. On the new server, install the DHCP server role. Do not authorize the DHCP server yet.5. On the new server, go to Start > Run , type cmd, and clickOK.6. When the Command Prompt window comes up, type netsh dhcp server import
c:\dhcp_backup.txt alland hit Enter. This command imports all the scopes in the DHCP
database from the file titled dhcp_backup.txt.
7. On the new server, enable conflict detection so IP addresses that have been leased out bythe old server since the start of the migration are not reissued.
a. On the DHCP MMC, right-click the server node and choose Properties b. When the Properties window comes up, click the Advanced tab. c. On Conflict Detection Attempts , increase the number to 2 just to be safe. This tells
the server to ping an IP address before it assigns it. If there is a response, then the DHCPserver will not lease out the IP address since that address would already be assigned.
d. ClickOK
7/29/2019 Windows 2003 DHCP Server Installation
31/40
8. On the new server, authorize the DHCP server.
9. On the old server, unauthorized the DHCP server.
Although we could perform a migration by simply backing up the DHCP database on the old
server using the backup procedure and restoring it on the new server using the restore procedure,this approach also restores the old DHCP server's configuration settings, such as audit settings,
conflict detection settings, DDNS settings, etc. It may not always be desirable to transfer those
settings in a migration. The procedure described above only transfers the scopes and theirsettings.
Conclusion
Without careful observation, the full capabilities of DHCP can be overlooked. The protocol, in
combination with the DHCP MMC, provides numerous methods to control client configuration
settings and server administrative functions.
7/29/2019 Windows 2003 DHCP Server Installation
32/40
Windows 2003 DNS Server Installation & Configuration
Introduction
For both private and public networks (i.e.: the Internet), DNS is used for translating host namesto IP addresses and the reverse. DNS does this by using records stored in its database. On theInternet DNS mainly stores records for public domain names and servers whereas in private
networks it may store records for client computers, network servers and data pertaining to Active
Directory.
In this article, we will install and configure DNS on a standalone Windows Server 2003. We will
begin by setting up a cache-only DNS server and progress to creating a primary forward lookup
zone, a reverse lookup zone, and finally some resource records. At the end of this article we willhave set up a DNS server capable of resolving internal and external host names to IP addresses
and the reverse.
Install DNS on Windows Server 2003
Before installing and configuring DNS on our server we have to perform some preliminary tasks.Specifically, we have to configure the server with a static IP address and a DNS suffix. The
suffix will be used to fully-qualify the server name. To begin:
1. Go to Start > Control Panel > Network Connections , right-clickLocal Area Connectionand choose Properties .
2. When the Local Area Connection Properties window comes up, select Internet Protocol(TCP/IP) and clickProperties . When the Internet Protocol (TCP/IP) window comes up, enter
an IP address , subnet maskand default gateway IP addresses that are all compatible withyour LAN.
Our LAN is on a 192.168.1.0/24 network, so our settings are as follows:
7/29/2019 Windows 2003 DHCP Server Installation
33/40
3. For the Preferred DNS Server , enter the loopback address 127.0.0.1 . This tells the server touse its own DNS server service for name resolution, rather than using a separate server. After
filling out those fields , click the Advancedbutton.
4. When the Advanced TCP/IP Settings window comes up, click the DNS tab, enterfirewall.test
on the DNS suffix for this connection text field, checkRegister this connection's address in
DNS , checkUse this connection's DNS suffix in DNS registration , and clickOK, OK, and
then Close
7/29/2019 Windows 2003 DHCP Server Installation
34/40
Now that we have configured our server with a static IP address and a DNS suffix, we are ready
to install DNS. To do this:
1. Go to Start > Control Panel > Add or Remove Programs .
2. When the Add or Remove Program window launches, clickAdd/Remove Windows
Components on the left pane.
3. When the Windows Components Wizard comes up, scroll down and highlight Networking
Services and then click the Detailsbutton.
4. When the Networking Services window comes up, place a check mark next to Domain Name
System (DNS) and clickOKand OKagain.
7/29/2019 Windows 2003 DHCP Server Installation
35/40
Note that, during the install, Windows may generate an error claiming that it could not find a file
needed for DNS installation. If this happens, insert your Windows Server 2003 CD into the
server's CD-ROM drive and browse to the i386 directory. The wizard should automatically find
the file and allow you to select it. After that, the wizard should resume the install.
After this, DNS should be successfully installed. To launch the DNS MMC, go to Start >
Administrative Tools > DNS
7/29/2019 Windows 2003 DHCP Server Installation
36/40
As our DNS server was just installed it is not populated with anything. On t he left pane of theDNS MMC, there is a server node with three nodes below it, titled Forward Lookup Zones,
Reverse Lookup Zones and Event Viewer.
The Forward Lookup Zones node stores zones that are used to map host names to IP addresses,
whereas the Reverse Lookup Zones node stores zones that are used to map IP addresses to host
names.
Setting Up a Cache-Only DNS Server
A cache-only DNS server contains no zones or resource records. Its only function is to cache
answers to queries that it processes, that way if the server receives the same query again later,
rather than go through the recursion process again to answer the query, the cache-only DNSserver would just return the cached response, thereby saving time. With that said, our newly
installed DNS server is already a cache-only DNS server!
Creating a Primary Forward Lookup Zone
With its limited functionality, a cache-only DNS server is best suited for a small office
environment or a small remote branch office. However, in a large enterprise where ActiveDirectory is typically deployed, more features would be needed from a DNS server, such as the
ability to store records for computers, servers and Active Directory. The DNS server stores those
records in a database, or azone .
7/29/2019 Windows 2003 DHCP Server Installation
37/40
DNS has a few different types of zones, and each has a different function. We will first create a
primary forward lookup zone titledfirewall.test. We do not want to name itfirewall.cx , or any
variation that uses a valid top-level domain name, as this would potentially disrupt the clients'abilities to access the real websites for those domains.
1. On the DNS MMC, right-click the Forward Lookup Zones node and choose New Zone .
2. When the New Zone Wizard comes up, clickNext .
3. On the Zone Type screen, make sure that Primary zone is selected and clickNext .
4. On the Zone Name screen, type firewall.test .
5. On the Zone File screen, clickNext .
6. On the Dynamic Update screen, make sure that Do not allow dynamic updates is selected
and clickNext .
7. On the next screen, clickFinish .
We now have a foundation that we can place resource records in for name resolution by internal
clients.
Creating a Primary Reverse Lookup Zone
Contrary to the forward lookup zone, a reverse lookup zone is used by the DNS server to resolveIP addresses to host names. Not as frequently used as forward lookup zones, reverse lookup
zones are often used by anti-spam systems in countering spam and by monitoring systems when
logging events or issues. To create a reverse lookup zone:
1. On the DNS MMC, right-click the Reverse Lookup Zones node and choose New Zone .
2. When the New Zone Wizard comes up, clickNext .
3. On the Zone Type screen, make sure that Primary zone is selected and clickNext .
4. On the Reverse Lookup Zone Name screen, enter192.168.1 and clickNext .
5. On the Zone File screen, clickNext .
6. On the Dynamic Update screen, make sure that Do not allow dynamic updates is selected
and clickNext .
7/29/2019 Windows 2003 DHCP Server Installation
38/40
7. On the next screen, clickFinish .
There is now a reverse lookup zone titled 192.168.1.x Subneton the left pane of the DNS MMC.
This will be used to store PTR records for computers and servers in those subnets.
Using the instructions above, go ahead and create two additional reverse lookup zones, one for a
192.168.2.x subnet and for a 192.168.3.x subnet.
Creating Resource Records
DNS uses resource records (RRs) to tie host names to IP addresses and the reverse. There aredifferent types of resource records, and the DNS server will respond with the record that is
requested in a query.
The most common resource records are: Host (A); Mail Exchanger (MX); Alias (CNAME); and
Service Location (SRV) for Active Directory zones. As such, we will create all but SRV records
because Active Directory will create those automatically.
7/29/2019 Windows 2003 DHCP Server Installation
39/40
1. On the DNS MMC, expand the Forward Lookup Zones node followed by the firewall.testzone.
2. Right-clickfirewall.test zone and choose Other New Records .
3. On the Resource Record Type window, select Host (A) and clickCreate Record
4. On the New Resource Record window, type webserver001 on the Host text field, type
192.168.2.200 in the IP address text field, check the box next to Create associated pointer
(PTR) record and clickOK.
This tells DNS to create a PTR record in the appropriate reverse lookup zone. And, for
demonstration purposes, it does not matter whether this server actually exists or not.
5. Back at the Resource Record Type window, select Host (A) again and clickCreate Record .
6. On the New Resource Record window, type mailserver001 on the Host text field and type 192.168.3.200 in the IP address text field. Make sure that the check box next to Create
associated pointer (PTR) record is checked and clickOK. A corresponding PTR record will be
created in the appropriate reverse lookup zone.
7. Back at the Resource Record Type window, select Alias (CNAME) and clickCreate Record
.
8. On the New Resource Record window, type www on the Alias name text field, then click
Browse .
9. On the Browse window, double-click the server name, then double-click Forward LookupZones, then double-clickfirewall.test, and finally double-clickwebserver001 . This shouldpopulate the webserver001's fully qualified domain name in the Fully qualified domain name(FQDN) for target host text field. ClickOKafterwards.
10. Back at the Resource Record Type window, select Mail Exchanger (MX) and clickCreateRecord .
11. On the New Resource Record window, clickBrowse , double-click the server name, then
double-click Forward Lookup Zones, then double-click firewall.test, and finally double-click
mailserver001 . This should populate the mailserver001's fully qualified domain name in the
Fully qualified domain name (FQDN) of mail server text field. ClickOKafterwards.
12. Back at the Resource Record Type window, clickDone .
7/29/2019 Windows 2003 DHCP Server Installation
40/40
Conclusion
Our standalone Windows Server 2003 DNS server now has a primary forward lookup zone, aprimary reverse lookup zone, and multiple resource records. As a standard function, it will also
cache the answers to queries that it has already resolved.