Microsoft's DHCP Service
- Some general/misc notes
Microsoft KB Q927229 describes
for exporting in a way that another copy of software may be able to use.
- Installation Guide
Here's a quick set of directions:
Ensure that the DCHP Server role is installed (see software installation: Installing Roles and Features in Microsoft Windows Server operating systems. Those who wish to use the graphical approach may find details in the section about software installation: Microsoft Windows Server's Add Roles Wizard.)
Go to the DHCP server's configuration console. (After the role is installed, this may be found on the Administrative Tools menu.)
Then make sure that a scope is added. Make sure the scope is activated/enabled. (This may require choosing a “Refresh” option on the scope and/or server.) Also, make sure an IP address within that scope is being used by the NIC that is being used by the DHCP server software.
Win Svr 2008 R2's DHCP server checking if a domain controller lists authorized DHCP servers discusses Win Svr 2008 R2's DHCP server. The article discusses using a known domain controller, searching for one if needed, and checking if the DHCP server is authorized before it starts running. If the computer running Windows Server 2008 R2 appears to be on a domain which doesn't authorize this DHCP, then this DHCP may refuse to run. This isn't exactly a security measure, since another (intentionally malicious) DHCP server could easily be run, but this process may help prevent DHCP server code from accidentally causing some problems.
- Add the role
First, the role will need to be added. See: software installation: installing roles in Windows Server.
Uninstalling the role is expected to require a restart of the operating system (when tested with Microsoft Windows Server 2008), although it is believed that installing generally does not require a restart (for this service).
- Examples using a command line to install rather automatedly
For example, the following may work in an installation which is not using Server Core:
However, that is not expected to work in Windows Server 2008 Server Core. Instead, for a Server Core installation, something like the following may need to be run:
At the time of this writing, “Package Manager” seems to be one of the most compatible methods of installing. Other options do exist. Once again, these instructions will point out that more details are available in the section on software installation: installing roles in Windows Server.
- Using the “Add Roles Wizard” (GUI installation)
This guide was made using Windows Server 2008 with Service Pack 1. (There is nothing particularly magical about Service Pack 1: That is simply the installation media that was handy.)
Then, upon checking the “DHCP Server” checkbox, people may be a bit surprised to find a warning pops up. The Add Roles Wizard performs a check. If applicable, the results of the check may show [“Add Roles Wizard” warning about installing DHCP Server without a Static IP Address]. The dialog box does provide a good reason why the server should have an unchanging IP address. However, there really is no need for that address to be statically assigned. (Although this might not be done as frequently, any method of automatic address assignment method will work just fine as long as it assigns a specific reserved address.) For networks where all end user workstations are turned off when the server is not running (which is not commonplace for deployed networks, but might reasonably happen for a test network consisting of virtual machines), this ends up not being a big deal. In any of these types of example cases, feel free to choose the [“Add Roles Wizard” warning about installing DHCP Server without a Static IP Address: option to “Install DHCP Server anyway”].
It is safe to leave this screen blank.
From this screen, it is recommended to push Shift-tab a couple of times.
This will end up opening a web browser to file:///C:/Windows/logs/ServerManagerInstallationLog.html file (which may have been updated from previously). (The file might also hyperlink to a file:///C:/Windows/logs/ServerManager.log file.)
Pressing Shift-Tab a couple of times will lead to:
[“Add Roles Wizard”: “Installation Results”: “Print, e-amil, or save the installation report”] being highlighted. This will end up opening a web browser to file:///C:/Windows/logs/ServerManagerInstallationLog.html file (which may have been updated from previously). (The file might also hyperlink to a file:///C:/Windows/logs/ServerManager.log file.)
- Starting and configuring the ographical management interface
This is completely unnecessary if the command line interface is going to be used for handling the server.
Assuming that the full DHCP Server software has been installed (and not just the Server Core variation), the Administrative Tools folder should now have an icon called “DHCP” which runs
[#dhcmnosv]: If DHCP was installed from the command line, then this interface might not list any servers. If so, then the newly installed server needs to be added to this interface (before this interface will be significantly useful). To do that:
On the left frame, have the name of the interface (DHCP) be selected. [DHCP Management GUI: Example of having “DHCP” being highlighted in the left frame]
Use the [DHCP Management GUI: “Action” menu, “Add Server...”] option.
Do not bother waiting for the “Gathering information...” statement to finish. Either type in the name of the computer or, as will be shown, take the longer way by using the “Browse...” button.
- If browsing for the server's name
The location is generally auto-detected correctly. (Using the “Locations...” button may be able to override.) Either type in the name of the computer or, as will be shown, take the longer way by pressing the “Advanced...” button.
There are only two new buttons that are not greyed out: “Cancel” and “Find Now”. Go ahead and choose “Find Now”.
This should then show one or more computers. One of the computers shown should be the computer that is being used. Go ahead and choose that computer.
Hopefully the results will then look like: [DHCP Management GUI Interface, showing one server that has been added with successful communication]
If the results are the [DHCP Management GUI Interface, showing that a DHCP server cannot be found], then make sure the service is started. (See: adjusting running software.)
- Make sure the service is started
This is probably unnecessary if the “Add Roles Wizard” (graphical interface) was used, just recently, to install the software to the Windows Server operating system (at least, if the software was just installed to that computer for the first time). Otherwise, see adjusting running software.
- [#adautdhc]: Informing AD to authorize the DHCP server
If the DHCP server is going to be on a network with an Active Directory Domain Controller that is using Windows Server 2008 or newer, then the DHCP server should ideally be authorized by the domain controller. (This is a step that Microsoft introduced as a requirement for recommendation operation on networks using Active Directory with a Domain Controller using Windows Server 2008, and was not part of any prior DHCP standard.)
To make this authorization occur, Active Directory needs to already be installed. If using the GUI interface, and if Active Directory in not installed, then eventually the GUI interface will show a [“DHCP” warning box stating “The DHCP service could not contact Active Directory.”]
(If Active Directory Domain Services will be installed, but if DHCP is being installed first, then this “authorization” should simply be addressed after Active Directory Domain Services are enabled.)
At the time of this writing, this guide may just be partial... It was written prior to installing Active Directory, and so this guide does not completely discuss this topic.
To add the server via the command line, identify the server's name and IP address, and:
If the graphical interface is preferred, then select the name of the graphical interface (in the left frame, above the name of any DHCP server, is a line which says “DHCP”).
Type in an IP address. (The example address shown, 192.0.2.8, is based on 192.0.2/24 and Net address usage: .8 host address. For other/related details about creating a network plan, see also net address planning.)
(That is the point where these directions currently stop.)
- Creating an activated scope
- Add a scope
- Via the command line
dhcpserver add scope /?
If UAC is enabled, use an use a UAC-elevated command prompt.
dhcpserver add scope
Creating a scope using
will create a scope that does not yet have a pool, which is a bit of an interesting concept because the GUI installer does not provide a way to do that. (It is not clear why the pool does not get made: The IP address details are required parameters when creating the scope.) This will cause the new scope to look a bit interesting in the GUI: The Start IP address will be 0.0.0.0, as will the End IP address, and the lease time will be zero. The icon for the scope will show a white exclamation point in a blue circle that shows up over the lower-right corner of the folder. The scope's context/“shortcut”/“right click” menu will have more options than a scope created in the GUI.
Assign a pool (a.k.a. the IPaddress range) that the DHCP server can use when handling this scope.
Adding the IP address range seems to also clear up the abnormalities in the GUI: the icon looks normal and the lease time flips from zero (instant, no time, useless) to 8 days.
- Via GUI
as follows: Go to Start. If an “Administative Tools” shortcut is not visible, or if there is simply a desire to go the long way, choose “Control Panel”. Choose “Administrative Tools”. Once Administrative Tools is visible, choose DHCP.
Under the name of the server, highlight the network protocol to support.
A name is indeed required. Type in anything.
The Length field may auto-fill as soon as the Start IP address is filled out. (The default value is based on the IPv4 class.)
Note that the addresses being shown in the above example are not meant for actual use. (For further details, see 192.0.2/24. Instead, the recommended address ranges for private use are covered by IETF BCP 5 (RFC 1918) (e.g. 192.168/16 addresses).
- Error checking
Upon choosing “Next >”, multiple checks will be performed. One possibility is that there may be an error message that says [“DHCP” uwarning box: “The starting address is not valid for this range. Make sure that the host ID is not 0.”] (The input cursor will then move to the Start IP address.) This exact error message can actually come up as the result of a few different scenarios:
If the Start IP address is a Network ID...
- ... and if the Start IP address actually ends with .0, then this error message is pretty nice and informative.
- ... and if the Length is not a multiple of 8, the warning box's reference to .0 may be a bit confusing/misleading. Just ignore the second sentence. Make sure the Start IP address does not end with a Network ID. (This can be done by simply increasing the Start IP address by one.)
- If the Length is too high of a number to support the range described by the Start IP address and the End IP address, then this message might come up. Indeed, this may be an actual problem that is appropriate to stop right here. However, the error message is rather unhelpful.
It is possible to have a range that starts with a number that ends with .0, such as a /8 with the second or third octet being non-zero.
If a warning comes up complaining about a broadcast address being used, subtract one from the End address.
- If the Start IP address is a Network ID...
Common practice is to not assign addresses from the very first part of the net block being used. Instead, those addresses are commonly provided to infrastructure devices (such as a firewall, or other router). Some places might not even start numbering servers until addresses ending in about .10. Then, there may be a number of servers (such as network address servers, name resolution servers, authentication servers, file servers, and/or database servers). If this DHCP pool is just meant for devices used by end users (which is a common setup), starting at .25 or an even higher number (like the previous example) is probably a good practice. This is not a universal recommendation (and might not match some network designs that try to maximize the number of workstations used within a block), but is a generally good idea for small networks and good practice.
If there are known devices in the pool, either set them up as reservations or exclusions. This can just as easily be done to existing scopes, so setting up exclusions during the scope's creation is not absolutely required. (Setting them up sooner, rather than later, may minimize the chance of an accidental assignment and resulting IP address conflict. If there are known devices on the network to exclude, then go ahead and exclude them at this time. If there are not, feel free to leave this screen blank at this time.)
This is generally not a very critical setting. (The lease is extremely important, but most networks won't usually be seriously impacted if this was lowered to some number of hours or increased to some small number of days.) As a contrasting comparison, ISC DHCP may have a default of 21,600 seconds (6 hours). Leaving this at the default setting of 8 Days is generally acceptable.
These options can just as easily be set up later, after the scope is created. Therefore, choosing to skip this for now is a sensible choice.
However, for thoroughness, this documentation will cover the remaining options.
- If DHCP options are being entered immediately
- Default Gateway
This is something that should probably be done eventually. The trick is, after typing in the IP address, do not push “Next >” before adding the address. ([New (DHCP) Scope Wizard: Entering Router (Default Gateway): Showing that an IP address has been typed (but not yet accepted).] Press Add show the number shows up in the lower box. [New (DHCP) Scope Wizard: Entering Router (Default Gateway): Showing a properly added IP address].
- Domain Name and DNS servers
Leaving this blank may be acceptable for many simple setups.
- WINS Servers
Leaving this blank may be acceptable for many simple setups.
- Activate Scope
Generally, this is a good idea. (This makes the scope functional.) Perhaps the main reason why this would be good to delay is if there is a currently functional network that would somehow be disrupted if the new settings started to apply immediately. Such a scenario seems rare.
- Make sure the scope is activated
This might be particularly likely if the scope was created using the graphical interface, but if the “DHCP Options were skipped. (In other cases, this step is usually not necessary.) Furthermore, when this step has been necessary, the user interface has been known to be a bit tricky.
After creating the scope using the wizard, the new scope may still need to be “Activate”d.
- Handling via the command line
One method of doing this is to use the command line. For example:
Another option is to use the DHCP Management GUI Interface.
The solution to get rid of that red (downward) arrow is definitely to Activate the scope. However, accessing the scope's context/“shortcut”/“right click” menu may indicate that the necessary option is, quite annoyingly, greyed out. (This commentary is based primarily on experience with Windows Server 2008.) [New (DHCP Management GUI: refusing to allow a scope to Activate]
Resolving that might be as easy as choosing the context menu of the network family (IPv4), and then pressing “Refresh” on the [context menu of the network protocol (in the DHCP Management GUI interface)]. Once that is done, then the scope's “Activate” option may suddenly appear available (and should be used if the goal is to get the DHCP scope to be functioning).
- Adjusting Lease Time
In the GUI: Access the context/“shortcut”/“right click” menu of the scope.
From the command line: This is treated rather similar to any other DHCP option. Here is an example of how to change it:
set optionvalue 051 DWORD
That would set the lease to 691,200 seconds (which is eight days).
- [#msdhcopt]: Hand out the desired Options
These are often defined at the scope level. Choose the “Scope Options”, view the context/“shortcut”/“right click” menu, and choose “Configure Options”.
To view the current value of DHCP options, from the command line:
- Default Gateway
If the computer running the DHCP server software is in the same subnet as the address pool that is being handed out (which is usually the case), then the Default Gateway to hand out will generally be the same as the Default Gateway that is being used by the computer that is running DHCP server software. The processes for getting this information are often similar to getting a computer's IP address. From the command line, use
to make sure the
(s) are shown.
To handle this from the command line, use a syntax identical to setting DNS servers, but specify
003after the word
What needs to happen is to get an IP address into the lower box. Optionally, a name can be placed in the “Server name:” field, which will enable (un-gray-out) the “Resolve” button.
Then, pressing the “Resolve” button will try to determine an address to fill into the IP address” field. This can be a bit more convenient than needing to manually look up an IP address.
Now, the important part to realize here is that so far, NO changes have been made, and NO DNS server addresses will get handed out yet. First, make sure to use the Add button.
Choosing the Apply button will make the changes take effect.
- DNS servers
The address to use will often be the DNS server that is used by the computer that is running the DHCP server, unless that address is a loopback address (IPv6 ::1 or IPv4 most commonly 127.0.0.1). If the DNS server on that computer is a loopback address, then just enter in the actual IP address of the machine. (A private address is okay. A loopback address is not something that will be good to hand out.)
Most often, a good idea is to use a local, privately run DNS server. If there is some reason that such a local server is not going to be existing (which would be unusual, since the Windows Server operating system comes with a DNS server which could then relay any requests of external addresses to any other preferred server), then publicly available usable DNS servers should work suitably.
- Setting a new set of DNS servers, using the command line
set optionvalue 006 IPADDRESS
- Adjusting via GUI
This is quite similar to setting up a Router/“Default Gateway”, so this section will simply show some screenshots.
After setting the options on the server, test the changes by having a DHCP client re-obtain settings, and verify that the client has changed relevant settings.
- Interacting with DNS servers
- DNS Credentials
If the scope is created, and is Activated, and yet communication is still not working, this may often be because the Scope does not match the subnet that the server is listening for traffic on. (This probably means that the Scope does not match the "Server Bindings", which can be viewed by accessing the context menu of the server name, and choosing “Add/Remove Bindings...”. It is also believed that the available bindings tend to be related to the first IP address of each network connection. In practice, simply making the scope match the IP address of a network connection has been sufficient to make DHCP be startable.)