You are on page 1of 31

70-741: Networking with Windows Server 2016

Chapter 2 – Installing and Configuring DHCP


Slide 1

 Agenda
o Overview of DHCP Server Role
o Deploying DHCP
o Managing and Troubleshooting DHCP

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 2

 Overview of the DHCP Server Role

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 3

 Dynamic Host Configuration Protocol simplifies the


assignment of IP addresses on local networks and provides
numerous benefits in comparison with manual configuration
o Less prone to error
o Ensures correct configuration information
o Updates clients automatically for mobile clients
o Eliminates a common source of network problems

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 4

 Components
o DHCP Server
o DHCP Database
o Scopes of addresses
o DHCP client service

 Processes
o Lease generation
o Lease renewal
o IP address validation at boot

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 5

 Clients request an address from DHCP servers when they start


up or when they connect to a new network using the lease
generation process
o Discover
o Offer
o Request
o Acknowledge

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 6

 When a DHCP lease reaches 50% of the lease time the client
will automatically attempt to renew the lease
o Background process
o Could result in clients utilizing the same IP address for long periods of
time
o DHCPREQUEST message is sent directly to configured DHCP server
o Server will likely respond with DHCPACK message
 If client cannot contact DHCP it waits until the 87.5% mark of
the lease and then sends a DHCPREQUEST broadcast to all
servers
 If at 100% of the lease duration a server is unavailable the
client will be unable to communicate with the network

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 7

 There are certain issues to be aware of when utilizing DHCP


o Client broadcasts must reach DHCP servers
o If multiple DHCP servers exist on the network the client will choose a
server in a completely random fashion
o Multiple servers should be configured appropriately so as to avoid
conflicts or misconfiguration
o Lease durations should be carefully chosen based on various factors
• Number of available addresses
• Type of network
• Mobility of clients

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 8

 Deploying DHCP

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 9

 The DHCP role is supported in Windows Server 2016 and


installed using
o Add Roles and Features wizard in Server Manager
o Install-WindowsFeature cmdlet in Windows PowerShell

 Requirements
o Local administrative rights
o Static IP address
o Post installation tasks
• Creating DHCP security groups
• Authorizing the server
• Creating and configuring scopes and options

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 10

 Rogue DHCP servers can cause issues on the network by


giving out inaccurate information to clients
 Windows Server 2016 and AD DS help to protect against
rogue servers by requiring authorization for DHCP to operate
o Windows Server 2016 must be authorized in AD DS in order for the
service to start and service client requests (requires Enterprise Admin)
o Standalone systems will not require authorization unless an authorized
server is detected on the network
o Non-Microsoft devices often will run DHCP without verifying
authorization status or even having the ability to recognize authorized
DHCP servers

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 11

 In order for the DHCP server to assign addresses to clients you


must create scopes defining the information
 Scope components
o Range of IP addresses
o Subnet mask
o Lease duration
o Exclusions
o Optional
• Reservations
• DHCP options

 Scopes can be created using the DHCP management console


or Windows PowerShell

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 12

 In addition to IP address and subnet masks, clients will need


various options in order to fully communicate on the network
 These are referred to as DHCP options and can be applied at
multiple levels
o Server
o Scope
o Class
o Reservation

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 13

 DHCP clients rely on broadcast packets in order to obtain an IP


address from a DHCP server
 Network routers are configured to block network broadcast to
ensure efficient network communication
 If the DHCP clients and servers are separated by a router,
several options exist
o DHCP server on each subnet
o DHCP relay agent on the subnets that don’t have a server
o RFC 1542 compliant routers
 Relay agents will intercept broadcasts and communicate on
behalf of the client to the DHCP server

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 14

 Managing and Troubleshooting DHCP

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 15

 DHCP is a critical yet unsecure network service and special


precautions should be taken to ensure that only authorized
clients are able to obtain IP addresses
 Options
o Limit access to the network
• Reduce physical access
• Require authenticated Layer 2 connections using 802.1X
o Enable DHCP auditing
o DHCP name protection
o IDS and IPS to prevent rogue DHCP servers

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 16

 Auditing on the DHCP server provides trace data that can


show if an unauthorized computer obtains an IP address on
the network along with identifying rogue DHCP servers
o Auditing is enabled by default
o Audit logs are created for each day and overwritten each week
o Audit logs must be reviewed regularly in order to ensure security

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 17

 DHCP in Windows Server 2016 provides numerous ways of


distributing IP addresses based on attributes of the device
requesting the address
o Policy based assignments
• MAC addresses
• FQDN
• Relay agent information
• User classes
• Vendor classes

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 18

 Superscopes
o A collection of individual scopes grouped together for administrative
purposes
o Clients can receive an address from multiple logical subnets when
located on the same physical subnet
o Requires two scopes to already be created
o Useful in several scenarios

 Multicast scopes
o Collection of Class D multicast addresses
o Commonly referred to as MADCAP (Multicast Address Dynamic Client
Allocation Protocol)

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 19

 As DHCP is a critical network service, it is important to plan for


high availability, and several options exist
o DHCP failover clustering
• DHCP service is highly available
• Configuration information is on shared storage
o DHCP split scopes
• Two DHCP servers
• Each server controls a portion of the address range and is active on the
network
• Configured as 50/50 for the same segment or 80/20 if serving a remote
subnet
o DHCP failover

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 20

 DHCP Failover is the preferred option in Windows Server 2016


and provides the ability for two servers to work together to
service clients without using failover clustering
o Two DHCP servers provide addresses and optional configurations to
the same subnets or scopes
o Uses a failover relationship between the two systems
o Modes
• Hot standby
• Load sharing
o Considerations
• MCLT
• Auto state switchover interval
• Message authentication
• Firewall configurations

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 21

 DHCP is a dynamic database containing all the information


you see in the management console
o Default location is Windows\System32\DHCP
• dhcp.mdb
• Tmp.edb
• J50.log and j50res####.jrs
• J50.chk
o Database is automatically backed up every 60 minutes or manually
performed, though backup location should be moved
o Reconciling the database is necessary when inconsistencies exist
o Moving the DHCP role from one server to another necessitates moving
the DHCP database

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 22

 There is a specific process for migrating DHCP role from one


server to another
o Install the DCHP server role on another computer
o Stop the DHCP service on the current server
o Export the DHCP data
• Export-DhcpServer
• Netsh
o Copy the data to the new server or make available on the network
o Import the DHCP data to the new server
• Import-DhcpServer
• netsh

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 23

 Various issues can arise with DHCP and it is important to be


able to diagnose and resolve these issues efficiently
o Address conflicts
o Failure to obtain DHCP addresses
o Addresses obtained from the wrong scope
o Database corruption or failure
o Exhaustion of the IP address pool

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Slide 24

 Overview of DHCP Server Role


 Deploying DHCP
 Managing and Troubleshooting DHCP

_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Review Questions:
1. You have installed the DHCP server role on a Windows Server 2016 machine in
your organization. What is the next step to configuring the server to respond to
clients?
A. Configure firewall rules
B. Authorize the server in AD DS
C. Create a scope
D. Create a superscope

2. You need to configure a single scope that includes multiple logical subnets in
order to extend the address space for your organization. Which of the following
should you configure?
A. IPv4 scope
B. IPv4 superscope
C. IPv4 multicast scope
D. IPv6 scope

3. You need to ensure that a network printer in the branch office uses DHCP but
always receives the same IP address for consistent configuration of client
computers. Which of the following should you configure?
A. MAC address
B. Exclusion ranges
C. 006 Scope option
D. Client reservation

4. You need to configure the default gateway for DHCP clients. Which of the
following option levels should you choose for this configuration?
A. Scope level
B. Server level
C. Reservation level
D. Class level

5. Which of the following DHCP options will be configured for DHCP clients in order
to ensure that they use the correct DNS server?
A. 006
B. 003
C. 015
D. 044
6. You are configuring a DHCP server in a network environment that contains three
subnets. A single server will allocate addresses to clients. What must be
configured on the subnets that are without a DHCP server?
A. DHCP options
B. Default gateway
C. DHCP relay agent
D. DHCP failover

7. Which of the following in Windows Server 2016 provides the ability to monitor
DHCP client and server activities and is enabled by default?
A. Name protection
B. Database monitoring
C. Audit logging
D. Debug logging

8. After you deploy a DHCP server for the 192.168.1.0/24 subnet, you find that
none of the DHCP clients can communicate beyond the local subnet when they
specify the IP address of a computer on the company network. Statically
assigned computers can successfully communicate beyond the local subnet.
How should you configure the DHCP server so that clients can communicate
beyond the local subnet?
A. Configure the 003 Router option
B. Configure the 006 DNS Server option
C. Configure the 015 DNS Domain Name option
D. Configure the 044 WINS/NBNS option

9. You want to deploy a DHCP server on a computer named


DHCP1.companyabc.com. On this server you have configured a static address
of 10.10.0.5/24 and assigned a DNS server address of 10.10.1.1. On DHCP1
you configure a scope within the range 10.10.1.0/24. You then activate the scope
and authorize the server, but the server does not successfully lease any
addresses to computers on the local subnet. When you verify the addresses of
the clients on the subnet, you find that they are all assigned addresses in the
169.254.0.0/16 range. Which of the following options will most likely fix the
problem?
A. Configure the clients as DHCP clients
B. Enable the DHCP client service on DHCP1
C. Change the address of DHCP1 and redeploy the server
D. Run the command ipconfig /registerdns
10. You need to ensure that you can migrate data from a DHCP server that is going
to be replaced to the new DHCP server. Which of the following Windows
PowerShell cmdlets will you use first?
A. Export-DHCPServer
B. Export-DHCPServerData
C. Import-DHCPServer
D. Backup-DHCPServer

11. You are configuring DHCP failover in Windows Server 2016. Which of the
following values is there to ensure that a failover partner will transition the partner
to a down state within a certain period of time automatically?
A. MCLT
B. Message Authentication
C. Auto State Switchover Interval
D. None of the above; this must be done manually
Answer Key:
1. B
You must authorize Windows DHCP servers in AD DS in order for those servers
to service clients. While the creation of a scope is required, it is configured after
authorizing the server.

2. B
A superscope is configured in order to provide the management of multiple
logical subnets within a single scope. It also provides the ability to extend the
address space from a single logical subnet.

3. D
Client reservations ensure that a client with a particular MAC address is always
assigned the same IPv4 or IPv6 address via DHCP.

4. A
The default gateway is unique for each individual scope and should be
configured as a scope option.

5. A
The 006 DNS Server option is used to configure the preferred DNS server for
DHCP clients.

6. C
You should configure a DHCP relay agent on the subnets that do not possess a
local DHCP server. The relay agent will intercept client broadcasts and forward
them to the server on the other subnet.

7. C
Audit logging is turned on by default in Windows Server 2016 and provides a text
log of client and server activities. This can identify unauthorized clients, rogue
servers, and be used to troubleshoot problems.

8. A
You must configure the 003 Router option to assign a default gateway to clients
to provide them with the ability to communicate with systems on other network
segments.
9. C
It appears that you have incorrectly configured the static IP address on the
DHCP server as it is on a different logical network (and possibly physical) than
the clients it is servicing. If this is the case, a relay agent would be required, but it
seems only a misconfiguration is at fault.

10. A
You must first export the data from the current server, then copy the data to the
new server and run the import-DHCPServer cmdlet to import the data into the
database on the new server.

11. C
When communications are interrupted, the server loses contact with its partner
and will remain in this condition until an administrator manually changes the
system into a down state. The Auto State Switchover Interval provides a
threshold, after which this will happen automatically.

You might also like