August 2021 update breaks DHCP server with Fortigate relay

Seth Simmons 1 Reputation point

In my test environment, the August update (KB5005043) installed fine and had no issues after testing.

Last Thursday I installed the update on my domain controllers in production. It installed fine but then had some strange issues over the weekend.
Devices were not getting an address from either domain controller. They would show an APIPA address and ipconfig /renew would only get a timeout. After spending hours on the phone with Meraki and Fortinet looking at switch/firewall configs and packet captures, decided to uninstall the August update from one domain controller.

Firewall debug was showing the DHCP broadcast but the domain controller sent nothing back. After a reboot, clients started getting addresses again from that server. Uninstalled the update from the other domain controller and clients were pulling from that server also. In the test environment, Windows 10 clients had no issues getting a DHCP address.

Anyone else ever heard of such a thing? Searched around and found nothing but clearly it broke after installing the update.
It is a Fortigate 501E with 6.4.6 firmware. Multiple vLANs configured for DHCP relay to both domain controllers.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,457 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,032 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Limitless Technology 39,476 Reputation points

    Hello SethSimmons,

    This is a known issue described in
    "After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid configuration when requesting a new IP address. This may result in loss of connectivity as systems fail to renew their leases."

    It has been resolved in KB4345418

    Hope this helps,
    Best regards,

  2. Seth Simmons 1 Reputation point

    It's not configured as a failover.

    0 comments No comments