August 2021 update breaks DHCP server with Fortigate relay

Seth Simmons 1 Reputation point
2021-09-07T01:59:06.09+00:00

In my test environment, the August update (KB5005043) installed fine and had no issues after testing.

Last Thursday I installed the update on my domain controllers in production. It installed fine but then had some strange issues over the weekend.
Devices were not getting an address from either domain controller. They would show an APIPA address and ipconfig /renew would only get a timeout. After spending hours on the phone with Meraki and Fortinet looking at switch/firewall configs and packet captures, decided to uninstall the August update from one domain controller.

Firewall debug was showing the DHCP broadcast but the domain controller sent nothing back. After a reboot, clients started getting addresses again from that server. Uninstalled the update from the other domain controller and clients were pulling from that server also. In the test environment, Windows 10 clients had no issues getting a DHCP address.

Anyone else ever heard of such a thing? Searched around and found nothing but clearly it broke after installing the update.
It is a Fortigate 501E with 6.4.6 firmware. Multiple vLANs configured for DHCP relay to both domain controllers.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,127 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,351 Reputation points
    2021-09-07T10:12:47.117+00:00

    Hello SethSimmons,

    This is a known issue described in https://support.microsoft.com/en-us/topic/june-21-2018-kb4284833-os-build-14393-2339-e1f91533-bb14-7076-2b9d-ad061b11d7cb
    "After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid configuration when requesting a new IP address. This may result in loss of connectivity as systems fail to renew their leases."

    It has been resolved in KB4345418
    https://support.microsoft.com/en-us/topic/july-16-2018-kb4345418-os-build-14393-2368-f75223b5-1fda-1afa-4c8c-48a4cd3fb8ab

    Hope this helps,
    Best regards,

  2. Seth Simmons 1 Reputation point
    2021-09-07T17:14:26.933+00:00

    It's not configured as a failover.

    0 comments