Step-by-Step: Scoping out the NEW DHCP Failover in Windows Server 2012 - 31 Days of Favorite Features ( Part 28 of 31 )

UPDATE: Prior to implementing DHCP Failover with Windows Server 2012, be sure to apply cumulative update KB2756872 as noted HERE.

- - - - - - - - - -

This article is Part 28 in a series of articles on the "Top 31 Favorite Features in Windows Server 2012" with my fellow IT Pro Technical Evangelists.  Be sure to follow them on Twitter and check out their blogs this month for the other parts of this series:

• Kevin Remde - Read Kevin's Full of I.T. blog
• Brian Lewis - Read Brian's My Thoughts on IT blog
• Matt Hester - Read Matt Hester's WebLog

The Dynamic Host Configuration Protocol ( DHCP ) is a core network service in most IT shops for providing IP Address lease information to client devices, and potentially, to servers.  In this article, we’ll look at the new DHCP Failover capability in Windows Server 2012 as a cost-effective option that can provide High Availability ( HA ) for this important service.  DHCP Failover in Windows Server 2012 is based on the IETF draft for the DHCP Failover Protocol.

Is High Availability for DHCP NEW?

Traditionally, in Windows Server 2008 R2 and prior, there were a couple ways of providing High Availability ( HA ) for the DHCP Service via:

• Clustering - Configuring the DHCP role as a clustered resource in a Failover Cluster across two or more physical server nodes.
   
• Split Scope - Using a “Split-Scope” approach between two standalone DHCP servers – where each server serves the same DHCP scope, but each only has a portion of the IP Address range to be leased.

While each of these approaches can indeed provide forms of HA for DHCP, both have some challenges …

• Configuring a Failover Cluster involved shared storage and could be both an expensive proposition as well as pretty complex to implement when trying to solve the issue of DHCP HA alone.   In addition, the shared storage used within a cluster could also present a single-point-of-failure if not carefully engineered.
   
• The “Split-Scope” approach commonly assigns a 50/50 or 70/30 distribution of IP Addresses between DHCP servers – this approach doesn’t provide continuous availability of the same IP Address assignments for client devices in the event of a server failure, and also doesn’t work well if you have DHCP scopes that are already heavily consumed.

How does Windows Server 2012 provide HA for DHCP?

In addition to the traditional clustering and split-scope option for HA outlined above, Windows Server 2012 also includes a new DHCP Failover capability.  Using DHCP Failover, two Windows Server 2012 DHCP servers can be configured in either a Hot Standby ( Active / Passive ) or Load Balanced ( Active / Active ) failover relationship.  Once a failover relationship is configured, the two servers continuously replicate lease information between them, allowing one server to service the entire DHCP scope with persistence of existing IP Address assignments in the event of a server failure.

NOTE: DHCP Failover in Windows Server 2012 supports IPv4 DHCP Scopes only.  When using IPv6, most organizations use stateless IP autoconfiguration, where the DHCP servers don’t maintain individual IPv6 Address leases.  In this case, setting up two standalone DHCP servers with identical DHCP options defined for each scope is sufficient for providing DHCP HA, and DHCP Failover is unnecessary.

How do I configure DHCP Failover in Windows Server 2012?

The steps for configuring DHCP Failover in Windows Server 2012 are very easy … The first two steps are the same as what you’re already familiar with in Windows Server 2008 R2 and prior.  Here we go!

1. Using Server Manager, Install the DHCP Server role on two new Windows Server 2012 servers in your domain.  Authorize both DHCP Servers in Active Directory.
    
2. Using the DHCP Management console, Configure and Activate a new DHCP Scope on one of your two DHCP servers.
    
3. Using the DHCP Management console, right-click on the newly activate DHCP Scope and select the Configure Failover… action.
    
   
    
4. In the Configure Failover Wizard , click the Next button.
    
5. In Specify the partner server to use for failover, type the FQDN of your second DHCP Server and click the Next button.
    
6. In the Configure Failover dialog box, configure the following options:
    
   • Relationship Name: Enter a descriptive name to describe this DHCP Failover relationship or accept the default value.
   • Maximum Client Lead Time: Specifies the amount of time for which a DHCP lease may be renewed by either failover peer without contacting the other.  It also specifies the amount of time that either DHCP server will wait in a “partner down” state before assuming control of the entire IP address range within the scope.  ( default = 1 hour ).
   • Mode: Select Load Balance ( default – Active / Active ) or Hot Standby ( Active / Passive )
   • Load Balance Percentage: Specifies the percentage of the IP Address range to reserve for each server in the failover relationship.  Each server will use their assigned range of addresses prior to assuming control over the entire IP Address range of a scope when the other server transitions into a “partner down” state and the Maximum Client Lead Time ( specified above ) passes.
   • Auto State Switchover Interval: When selected, specifies the amount of time that elapses before a DHCP Server is automatically transitioned to a “partner down” state when network communication is interrupted to a DHCP Server.  If this option is unchecked, an administrator must manually transition the status of a DHCP Server into a “partner down” state using the DHCP Management console or PowerShell. ( when checked, the default = 60 minutes )
   • Enable Message Authentication: check this checkbox option to enable authentication of failover replication traffic between servers
   • Shared Secret:   Type a “Shared Secret” ( ie., a Password ) to be used to authenticate the failover connection between servers
      
     
      
7. Click the Next button and then click the Finish button.
    
8. Confirm that the failover configuration was successful, and then click the Close button.
    
   

How do I configure DHCP Failover in PowerShell?

To configure DHCP Failover using PowerShell 3.0 in Windows Server 2012, you can leverage the Add-DhcpServerV4Failover Cmdlet.  To configure a Load Balanced failover relationship, use the command syntax below:

Add–DhcpServerv4Failover –PartnerServer <string> –Name <string> –ScopeId< IPAddress[]> [--LoadBalancePercent <uint>] [–MaxClientLeadTime <TimeSpan>] [- AutoStateTransition <Bool>] [–SafePeriod <TimeSpan>] [-SharedSecret <string>] [-Force]

Alternatively, to configure a Hot Standby failover relationship, use this command syntax:

Add–DhcpServerv4Failover –PartnerServer <string> –Name <string> –ScopeId <IPAddress[]> [-ReservePercent <uint>] [-ServerRole <string>] [– MaxClientLeadTime <TimeSpan>] [-AutoStateTransition <Bool>] [–SafePeriod< TimeSpan>] [-SharedSecret <string>] [-Force]

Do It: Configure DHCP Failover in your Lab!

Your turn! Follow these steps to configure DHCP Failover in your own lab environment …

1. Download the Windows Server 2012 installation bits.
    
2. Download the new Remote Server Administration Tools ( RSAT ) toolkit for Windows Server 2012 to get the new DHCP Management console tool.
    
3. Build your Windows Server 2012 lab environment as a dual-boot lab using these steps.
    
4. Configure DHCP Failover in Windows Server 2012 using these steps.

Are you planning to use DHCP Failover in your environment?

Are you planning to leverage DHCP Failover in Windows Server 2012 in your shop? Feel free to leave your feedback and tips below in the comments area to share your experiences!

HTH,

Keith

Comments

• Anonymous
  January 01, 2003
  Hi RJ, Yes, Failover DHCP is fully supported for production environments with Windows Server 2012. Hope this helps! Keith

• Anonymous
  January 01, 2003
  Hi Hussain, You certainly can - follow the steps at technet.microsoft.com/.../jj574133.aspx to first migrate the IP configuration from the original server, then you can use the installed Windows Server Migration toolkit to migrate the DHCP scope(s).  Once you've migrated to a single Windows Server 2012 DHCP server you can then configure failover of your scopes to a second Windows Server 2012 DHCP server. Hope this helps! Keith

• Anonymous
  January 01, 2003
  Hi Ross, Thanks for your feedback!  DHCP Failover only replicates scope-level properties, so if configuring Allow policies for MAC addresses as a server-level, you'll need to re-import the policies from the main server to the failover server.  You can do this with the Import-DhcpServer cmdlet - for example: Import-DhcpServer –ComputerName DHCP2.contoso.com –File C:exportdhcpexp.xml –ServerConfigOnly –verbose –BackupPath C:dhcpbackup If, on the other hand, configuring Allow policies at a Scope-level, you can force Scope configuration properties to re-replicate by using the "Replicate Scope" action in the DHCP MMC tool from the first server to force all changes to replicate to the secondary server. If you wish to perform scope-level configuration change replication automatically, you can also leverage the script at gallery.technet.microsoft.com/.../Scope-based-Link-Layer-64c8ab30 Hope this helps! Keith

• Anonymous
  January 01, 2003
  Hi JB, Great feedback!  I agree that 20% of lease duration for the SwitchOver value could be a good "rule of thumb".  I'd suggest the lesser of 20% of the lease duration or 1-hour for the MCLT value. We'd also want to make sure that w're setting a couple other DHCP settings appropriately, such as using short-term leases for highly volatile environments ( lots of new IP address discover requests being generated ), longer-term leases ( such as the default of 8 days ) for typical office environments that are relatively static ( mostly IP address renewals ), and an appropriately sized load balance % to cover leasing out new IP addresses for the volume of discover requests expected during the Switchover + MCLT combined time period. We'd also want to make sure that the Switchover time provides the network team with enough of a comfort zone to handle transient network issues ( switch reboots, replacements, switch config changes ) without forcing a Partner Down state to occur. Hope this helps! Keith

• Anonymous
  January 01, 2003
  Hi Yiannos, Thanks for the link to the DHCP server migration article! Very useful steps for migrating DHCP scopes from Windows Server 2008 R2 to Windows Server 2012.  And, once the scopes and server-level information is migrated, the steps in this article can then be used to implement a DHCP Failover relationship between primary and backup servers. Best regards, Keith

• Anonymous
  January 01, 2003
  Hi Steve, When using DHCP Failover and Load Balancing, the initial lease duration given a client through the initial DORA process is equal to the MCLT value.  This is done so that the leasing DHCP server can then update it's DHCP partner in the failover relationship.  If the DHCP Server fails prior to updating it's partner, the client has an initial short lease that will trigger communication with the second DHCP server.  After the initial lease is renewed by the client, the client should then receive a full lease duration based on the configured duration for the scope if the primary DHCP server is still online. Hope this helps! Keith

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  Hi Justin, Load balancing is handled between the servers by configuring the load balancing percentages.  If you're in a multi-subnet environment, you'd need to configure multiple ip helper addresses so that each DHCP in the failover relationship sees DHCP client requests and can respond appropriately. Hope this helps! Keith

• Anonymous
  January 01, 2003
  Hi Walter, Typically, each site would be using a separate subnet and the router that connects that site to the rest of the WAN would have an ip helper address that is used to proxy DHCP client requests to your central DHCP server.  As the ip helper performs the proxy operation, it passes along the appropriate subnet information to the DHCP server so that the DHCP server can respond with an available IP address that is appropriate for the subnet at the client's site. Hope this helps! Keith

• Anonymous
  January 11, 2013
  Yep.   Q: Can i migrate DHCP role first from my 2008 R 2 DC and than implement DHCP HA?

• Anonymous
  February 01, 2013
  Hi, Try this;it is simplier :) Thats how i did it. blogs.technet.com/.../migrating-existing-dhcp-server-deployment-to-windows-server-2012-dhcp-failover.aspx

• Anonymous
  February 06, 2013
  Is the fail over functionality not production ready? There only appears to be documentation for building it in a lab.

• Anonymous
  February 09, 2013
  Hi, great article.  It seems that the Allow filter where we put all of our MAC addresses doesnt replicate across a two-node DHCP failover config, is this by design? Thanks Ross

• Anonymous
  February 28, 2013
  HI, I am getting this error The class name being used is unknown or inconrrect Regards P

• Anonymous
  March 14, 2013
  Is anyone talking about how to calculate / determine ideal values for Lead Time and Switch Over Interval.  I suspect that with a default 8 day lease, 1 hour and 1 hour would be fine.  Based on what I've read so far, it seems to me that the SUM of the times needs to be less than (not less than or equal to!) the half life of the DHCP lease.   I'll be so bold as to propose that .2 x Lease Duration might be ideal for each value (not the sum) for shorter term leases. thoughts?

• Anonymous
  April 22, 2013
  Hi, So i don't see an option for a virtual ip here, does that mean we have to set a dhcp proxy for this to load balance? or put 2 ip helper address in the cisco switch? how does windows deals  with requests load balance?

• Anonymous
  April 23, 2013
  Very good information! I wanted to know that I can recommend and implement the failover as in the following scenario: I have at the moment three sites, network I have 3 ranges, the 3 sites are in a single domain and I have a single DHCP server for the 3 sites. Currently I have been asked to assign a range of site but How do I do this? how to prevent that a pc as a site receives an IP from a range that does not belong? What type of topology should I use? is possible through by GPO thanks in advance

• Anonymous
  May 09, 2013
  Hi,     I have a multi-subnet site that has multiple helper addresses configured to forward the requests to the load balancing dhcp servers (configured for a 50-50 balance).  Rather than getting the desired lease time back to the client, I am always getting the MCLT time of 1 hour returned as the lease duration.  Shouldn't I get the full lease if both of the dhcp servers are talking to each other?

• Anonymous
  September 21, 2015
  Day1 of 31
  Hello October!!!
  31 Days of our Favorite Things in Windows Server 2012 Blog Series