Managing DHCP Failover Cluster with IPAM in Windows 2012 R2
With the release of Windows Server 2012 new DHCP functionality "DHCP Failover" has been added even with this new feature some administrators still wanted to keep their old "DHCP Failover Cluster" in place due to some missing features in new "DHCP Failover" such as IPv6 and bootp support. Those administrators who wants to implement IPAM and manage "DHCP Failover Cluster" with IPAM would not be able to manage "DHCP Failover Cluster" this time, due to lack of support in IPAM. However there is a workaround to manage your "DHCP Failover Cluster" in IPAM. Please keep in mind this is unsupported scenario in terms of support perspective. However no issues expected unless you have an individual case.
In order to accomplish this task, understanding how IPAM work is the key fact and it requires serials of steps to be completed. These steps may also apply for IPAM on Windows Server 2012 but it is not tested.
Requirements
- IPAM can manage Domain controllers, NPS, DNS, and DHCP servers running Windows Server® 2008 or later.
- GPOs are used for managing clients (it is recommended method however manual provisioning is also possible)
- "DHCP Failover Cluster" role is in place
- "File Server" and "File Server Resource Manager" sub roles installed on "DHCP Failover Cluster"
Steps of the deployment
Following 4 steps are required to start managing your "DHCP Failover Cluster" in IPAM.
- Configure VCO (Virtual Computer Object) attributes.
- Apply IPAM GPO for DHCP to all members of the cluster.
- Give IPAMUG read rights to shared DHCPAudit log folder.
- Make DHCP Cluster as a managed DHCP node in IPAM.
Configure VCO (Virtual Computer Object) attributes
When you try to add a computer from IPAM console, IPAM runs several checks on the computer object in AD to make sure that the version is supported version.
Have you ever tried to add your "DHCP Failover Cluster" workload's VCO to IPAM manually? Then you must be familiar with the following error message!
This message always pops up irrelevantly from OS the version. Yes, it's weird error message but can be tricked very easily by just changing the computer object attributes.
Open adsiedit.msc and find the VCO right click and hit properties. In the properties of the VCO find operatingSystem and operatingSystemVersion attributes. In my case DHCP-Cluster below is one of my cluster node.
In adsiedit.msc find the one of the cluster node and copy/take note values of operatingSystem and operatingSystemVersion. In my case DHCPCLS1 below is one of my cluster node and the operatingSystem attribute is set to "Windows Server 2012 R2 Datacenter" and operatingSystemVersion is set to "6.3 (9600)".
Set values and make sure that you use appropriate values copied on previously.
Apply IPAM GPO for DHCP to all members of the cluster
"DHCP Failover Cluster" is not a typical and supported IPAM deployment, in this scenario the target is to manage the Virtual DHCP role in IPAM. IPAM uses GPOs to set the required configuration on managed computers. IPAM adds computer's account to the security filtering of the relevant GPO whenever you set machine on IPAM console as managed. Since the only computer will be added from added in IPAM console is VCO, cluster nodes must be accompanied to VCO in order to nodes to receive settings in GPO.
Open Group Policy Management console, select IPAM GPO for DHCP. Go to security filtering and all of the cluster member nodes.
Give IPAMUG read rights to shared DHCPAudit log folder
Ensure that IPAM's computer account can access to daily DHCP logs shared on DHCP cluster role. To share a folder from Failover cluster manager make sure that File Server" and "File Server Resource Manager" sub roles installed.
Open Failover Cluster Manager console, go to Roles, right click on DHCP cluster role object and select Add File Share
Make DHCP Cluster as a managed DHCP node in IPAM
Since all prerequisites have been configured. Now it's time to start managing your "DHCP Failover Cluster" with IPAM. Open IPAM management console go to Server Inventory and add your "DHCP Failover Cluster" (VCO Name). Set Manageability Status to Managed and select DHCP server from Server type.
Make sure the GPO applied successfully before refreshing or start managing your new "DHCP Failover Cluster" on IPAM Console.
Conclusion
IPAM is promising gadget with of course some missing features although lots of advantages over the competitors. But I believe that "DHCP Failover Cluster" management functionality will be available out-of-box. Until that point this workaround can be used for managing your "DHCP Failover Cluster" workloads in IPAM.
Hope it helps!
Yagmur Sahin