Setting Up DHCP for Devices
Topic Last Modified: 2012-06-21
For internal communications, ensure that the following options are set up on the organization’s DHCP servers, see Configuring DHCP Options to Enable Sign-in for IP Phones in the Deployment documentation.
The DHCP protocol (see RFC 2131 for details) exchanges information using several options. The following options are used in Lync Server connectivity:
Option 120 (SIP Servers) is defined in RFC 3361. It is used to return a list of SIP servers.
Option 55 is used by the device to ask the DHCP server for the values of specific options (in our case 120 and 43).
Option 60 is used by the client to specify the vendor for which option 43 is requested.
Option 43 is a complicated option: it has many sub-options and can also have many values. The effective value for option 43, IOW the value that the DHCP server will send to the client, depends on the vendor class id. So, in a sense there is a <key, value> relationship between option 60 and option 43: for the vendor specified in option 60, option 43 provides a set of sub-options that have been configured for that vendor.
There are two options for DHCP servers when using:
Enterprise DHCP Servers
These are DHCP servers which are already being used in the enterprise and providing IP discovery and other services. They can be either Windows DHCP servers (part of Windows Server) or manufactured by other vendors like Cisco. In this document, only configuration of Windows DHCP servers is provided.
When configuring a central site, we recommend that enterprise DHCP servers are used because:
These do not require re-configuration of all the Bootp relay agents to relay packets to a new server.
Using the DHCP server that is included with the Lync Server Registrar results in unneeded packets being sent to an additional DHCP server. DHCP does not participate in the address acquisition process and these type of packets will be ignored.
Enabling DHCP server by using the Registrar adds one more responsibility to the Front End Server or Director roles. This could potentially affect performance and impact core functionality.
Registrars and DHCP Servers
Registrars have a built in DHCP component, which can listen for DHCP broadcasts and respond to appropriate DHCP INFORM packets. The use case for this component is very small branches which have no DHCP servers and minimal server administration. The DHCP component does not participate in or affect the IP acquisition process in the enterprise, and you can use it side-by-side with existing DHCP servers. This component only responds to DHCP INFORM messages which:
Have vendor class identifier = MS-UC-Client
Ask for Option 120 or 43 (using option 55 – parameter request list)
In the case of a branch office, when there is no enterprise DHCP server in the branch, the Registrar running the DHCP server is needed because:
Without an enterprise DHCP server the branch is relying on DHCP functionality provided by routers. It is likely not possible to configure DHCP options on these.
Depending on the branch size, all unified communications (UC) devices can be in the same subnet. In this case relay reconfiguration is not required. If there are multiple subnets it is likely that there are not many and reconfiguration is manageable.
It is much easier to enable DHCP on the Registrar than to configure and deploy an enterprise DHCP server for the vender-specific Lync Server DHCP options.
Using the Registrar DHCP Server and Static DNS
The DHCP server on the Registrar does not grant IP leases. Instead, it provides only the Web Services URL and Registrar fully qualified domain name (FQDN).
It is highly recommended that you deploy DHCP servers on the Registrar in subnets where computers running Lync Server are located. This is because they do not provide IP addresses but do provide the preceding DHCP options. Computers running Lync Server need these options available, so if using static DNS for Lync Server host machines, you must also deploy Lync DHCP and enterprise DHCP servers.
Using DHCP on the Registrar and Enterprise DHCP servers
DHCP server on the Registrar provides the Web Services URL and Registrar FQDN to clients. This is turned off by default, and can be enabled by running the following cmdlet in the Lync Server Management Shell:
set-CsRegistrarConfiguration –EnableDHCPServer $true
In addition, ensure that broadcast packets from the client can reach the DHCP server(s) on the Registrar. This may mean configuring DHCP relay agents to forward DHCP packets to DHCP servers on the Registrar.
Enterprise DHCP servers can also be configured to give out appropriate values to Lync devices. DHCPUtil.exe, a Lync Server tool, can assist in this.
Using DHCPUtil to Configure DHCP options
There are two types of DHCP servers that DHCPUtil.exe works with, Windows DHCP server, available in Windows Server, and the DHCP server on the Registrar.
Alternately, you can use any other DHCP server to configure the options needed in Lync Server, however DHCPUtil.exe does not work with these. You will need to use the management tools provided with the other DHCP server to configure these options.
DHCPUtil does the following:
Generates the values for option 120 and 43.
In addition to the DHCPConfigScript batch file, configures Windows DHCP server with options 120 and 43.
Tests DHCP server configuration.
Cleans up configuration on Windows DHCP server that is related to Lync Server.
Only the 64-bit version of DHCPUtil is included with Lync Server.
To use DHCPUtil with a 32-bit version of DHCP Server, do the following:
On a client computer running the 64-bit version of DHCPUtil, run the following command, replacing the example FQDN (pool.contoso.com) with the FQDN of your Lync Server:
DHCPUtil.exe -SipServer pool.contoso.com
The following is an example of the output this command generates:
SIP Server FQDN: pool.contoso.com Certificate Provisioning Service URL: https://pool.contoso.com:443/CertProv/CertProvisioningService.svc Option 120: 0004706F6F6C07636F6E746F736F03636F6D00 Vendor Class Identifier: MS-UC-Client Option 43 (for vendor=MS-UC-Client): sub-option 1 <UC Identifier>: 4D532D55432D436C69656E74 sub-option 2 <URL Scheme>: 6874747073 sub-option 3 <Web Server FQDN>: 706F6F6C2E636F6E746F736F2E636F6D sub-option 4 <Port>: 343433 sub-option 5 <Relative Path for Cert Prov>: 2F4365727450726F762F43657274 50726F766973696F6E696E67536572766963652E737663 To configure DHCP Server with appropriate values, you can do one of the following things: 1. Run DHCPUtil on the DHCP Server: use '-RunConfigScript' switch 2. Run the following command on the DHCP Server (modify the path of DHCPConfigScript.bat appropriately): "DHCPConfigScript.bat" Configure MS-UC-Client 0004706F6F6C07636F6E746F736F03636F6D00 4D532D55432D436C69656E74 6874747073 706F6F6C2E636F6E746F736F2E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
Copy DHCPConfigScript.bat to a location that you can access from the 32-bit DHCP Server.
On the 32-bit DHCP server, at the command line, run DHCPConfigScript.bat as described in option 2 of the preceding output.
For example, if you saved DHCPConfigScript.bat to C:\Users\tbinder\Desktop, you would run the following:
"C:\Users\tbinder\Desktop\DHCPConfigScript.bat" Configure MS-UC-Client 0004706F6 F6C07636F6E746F736F03636F6D00 4D532D55432D436C69656E74 6874747073 706F6F6C2E636F 6E746F736F2E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E6753 6572766963652E737663
To generate the values for Options 120 and 43, use the following syntax:
DHCPUtil –SipServer <FQDN of the Front End Server> [-WebServer <FQDN of the web server> | -CertProvUrl <URL of the certificate provisioning service>]
The following table explains the parameters and how they are used:
The FQDN of the main Director or main Front End pool in a particular site
This is used to generate the value of DHCP Option 120. If an enterprise has two sites, the United States and Singapore, then Option 120 for the United States needs to be the FQDN of the Director or Front End pool in the United States site; Option 120 for Singapore site will be set to the FQDN of the Director or Front End pool in Singapore.
The FQDN of the Web Server
This is used to calculate URL of the web server in DHCP Option 43 as follows: https://<fqdn>:443/CertProv/CertProvisioningService.svc
This is needed when the Lync Server web server is not collocated with either the main Director or within the Front End pool in a site.This might be due to a load balancer configuration where web traffic is load balanced differently to SIP traffic resulting in different FQDNs for the SIP and web servers. If this is not provided, the value for option 43 is calculated using the FQDN provided with –SipServer.
This parameter is optional, and is used only when SipServer is provided
The URL of the Lync Server Certificate Server
This parameter can be used instead of the WebServer parameter in order to specify the full URL of the Certificate Provisioning Web service. This can be useful when the calculation used in WebServer will not yield the correct URL.
This parameter is optional, and is used only when SipServer is provided.
Run as a client: sending a packet to the DHCP server and receiving the response
When this parameter is provided, DHCPUtil acts as a client, sending a packet to the DHCP server requesting the Lync Server options. This command cannot be run on the same machine as a DHCP server.
Run DHCPUtil with a script
When this option is specified DHCPUtil generates the values for option 120 and 43, and then passes the values to the configuration script.If “-RunConfigScript” is specified without any path, then DHCPConfigScript.bat is run from the same folder that DHCPUtil.exe is run from.If a valid file path is specified, then that file is run. This file can be anything – a script, or an executable.
Removes Lync Server options
This option removes options 43 and 120 on the local DHCP server. DHCPConfigScript.bat must be located in the same folder as DHCPUtil.exe.
For example, to set the SIP server and web server values, run the following command:
DHCPUtil.exe -SipServer sip.contoso.com -WebServer web. contoso.com
This produces the following output:
Sip Server FQDN: sip.contoso.com Certificate Provisioning Service URL: https://web.contoso.com:443/CertProv/CertProvisioningService.svc Option 120: 0003736970076578616D706C6503636F6D00 Vendor Class Identifier: MS-UC-Client Option 43 (for vendor=MS-UC-Client): sub-option 1 <UC Identifier>: 4D532D55432D436C69656E74 sub-option 2 <URL Scheme>: 6874747073 sub-option 3 <Web Server FQDN>: 7765622E6578616D706C652E636F6D sub-option 4 <Port>: 343433 sub-option 5 <Relative Path for Cert Prov>: 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
To configure a DHCP server with appropriate values, do the following:
Run DHCPUtil on the DHCP server using the '-RunConfigScript' switch.
Run the DHCPConfigScript batch file using the following command:"DHCPConfigScript.bat" Configure MS-UC-Client 0003736970076578616D706C6503636F6D00 4D532D55432D436C69656E74 6874747073 7765622E6578616D706C652E636F6D 343433 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
The values input and set on the DHCP server are printed out, followed by the value for Option 120. Vendor Class Identifier refers to what is included in the request to the DHCP server. This is how a DHCP server knows to provide these options in a response and will always be MS-UC-Client.
Next, the sub options for Option 43 corresponding to the Lync Server vendor class ID are printed. These are in the format of a hex-encoded binary string which is what is expected by the DHCP server. They are:
Identifier value which must be MS-UC-Client.
URL scheme identifies which of HTTP or HTTPS is used.
Web server FQDN is the value set for the web server.
Web Server FQDN is the value set for the web server.
Relative Path for Cert Prov is the relative path of the Certificate Provisioning Web service.
Together, this are combined to give the full Certificate Provisioning Server URL: <url scheme>://<web server FQDN>:<port><relative path>