다음을 통해 공유

Installing and Configuring DHCP role on Windows Server 2012

  • 아티클

With the new Server Manager in Windows Server 2012, there have been some changes in the way DHCP role will be installed. The blog post describes, in the sections below, installation and configuration of DHCP Role using Server Manager and PowerShell on Windows Server 2012. Before starting, the user needs to ensure that he/she logs in as a domain user with local administrative privileges, in case the machine involved is a domain joined machine.

 Installing DHCP role via new Server Manager

  • Ensure the computer has at least one static IP address assigned before starting the role installation.
  • Launch the Add Role Wizard from Server Manager.
  • Select DHCP server role and go through the steps needed for installation.
  • The last page of the wizard (which comes up after the role has been installed), provides a link - "Complete DHCP configuration" . This provides some tasks that need to be performed to enable the DHCP server role to work properly after role installation.

Figure 1: The last page of Add Role Wizard after DHCP role installation

 

  • Launch the DHCP post-install wizard and complete the steps required.
  • Creation of DHCP security groups (DHCP Administrators and DHCP Users). For these security groups to be effective, the DHCP server service needs to be restarted. This will need to be performed separately by the administrator.

 

Figure 2: DHCP Post-Install configuration wizard - Introduction Page

 

  • Authorization of DHCP server in Active Directory (only in case of a domain-joint setup). In a domain joined environment, only after the DHCP server is authorized, it will start serving the DHCP client requests. Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory. See how to delegate permissions to do this in active directory.

 

Figure 3: DHCP Post-Install configuration wizard - Authorization Page

Figure 4: DHCP Post-Install configuration wizard - Summary Page

 

  • In case completing of the post-install step is missed after role installation, the administrator will continue to see a notification on the action pane and also a link on the DHCP role tile on the main Server Manager page suggesting that some configuration is required. That link would go away only after completion of the post-install task.

Figure 5: Server Manager: DHCP Post-Install configuration wizard launch point

 

  •  The configuration of DHCP server parameters such as scope, options etc. are no longer available in the new Server Manager. The administrator can now launch DHCP MMC either via Server manager (as shown below), or via the DHCP MMC application in the Start Menu, or writing dhcpmgmt.msc on the command prompt. The administrator can now create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients. 

 

Figure 6: Server Manager: DHCP MMC launch point

 

Installing via PowerShell 

To install the DHCP server role via PowerShell, one needs to run the following command:

  •  Command: Add-WindowsFeature -IncludeManagementTools dhcp

Note the extra switch (IncludeManagementTools) which is now needed, in contrast to Windows 7. Without this switch, just the DHCP server role would be installed. The DHCP server RSAT tools which includes DHCP MMC, netsh context and the new DHCP PowerShell cmdlets,  is not installed by default, unless you give the above flag.

  •  After the role is installed, there are a few other steps that the administrator needs to perform so that the server can work correctly and lease out addresses. This the post-install configuration as performed by the above mentioned post-install wizard. The administrator can either launch the Server Manager and complete the DHCP post-installation task from there (as this is UI-only task) or run the below set of commands which are an equivalent of above.
  • Creating DHCP security groups
    • Command:netsh dhcp add securitygroups
    • You will need to restart the DHCP service for these groups to become active.
      • Command:  Restart-service dhcpserver
    • Authorizing the DHCP server in Active Directory (only needed for a domain-joined setup)
      • Command: Add-DhcpServerInDC <hostname of the DHCP server> <IP address of the DHCP server>
  • Now the administrator can launch DHCP MMC either via Server manager, or via the DHCP MMC application from the start menu, or by writing dhcpmgmt.msc on the command prompt. The administrator can now also create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients using DHCP MMC or the new DHCP PowerShell.

If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

  • Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2

 

Team DHCP

Comments

  • Anonymous
    January 01, 2003
    Paul, have you configured the IP helper/DHCP relay to point to the new DHCP server. Its likely that you are missing that configuration. Please check if client messages are being received on the new DHCP server.

  • Anonymous
    January 01, 2003
    Thanks WillB! It will be great if you could share how you are using the DHCP policies...It will help us understand the scenarios and plan for any future updates.

  • Anonymous
    January 01, 2003
    Hi Matt, I am assuming that by clustered DHCP servers you mean DHCP servers participating in failover. Using DHCP failover with NLB is not recommended as NLB can send request packet to only one server. It selects the server to send the packet to, after applying a logic (which is a configurable setting). It does not send the packets to multiple servers. DHCP failover requires that a request packet be received by both the failover partners. We recommend that you instead use a DHCP relay agent (in Routing and Remote Access Service role in windows server). A DHCP relay agent can relay a DHCP request to multiple servers.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    You can configure DHCP failover between 2 DHCP servers which are running DC. There are not specific advantages or disadvantages to doing so.

  • Anonymous
    January 01, 2003
    TRogers, yes if you have not run the post-install configuration the DHCP server is not authorized in AD and will not be serving any clients in case its a domain-joined deployment.

  • Anonymous
    January 01, 2003
    The router connected to the client network needs to be configured with IP address of the DHCP server (IP helper). Once configured this way, the router will unicast the DHCP client messages (which are broadcast) to the IP address of the DHCP server.

  • Anonymous
    January 01, 2003
    Hi Minoo, We have not seen this issue when the user performing the install is logged in as domain admin as the domain admin has the required permissions. However, as mentioned in earlier responses, the error is benign since the installation has completed successfully in this case. Below is what you can do, to get rid of the prompt in server manager to complete the post-install configuration step (this has also been added to the blog above) - If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command: •Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftServerManagerRoles12 –Name ConfigurationState –Value 2

  • Anonymous
    January 01, 2003
    The list above is the commonly used DHCP options and hence are part of the scope creation wizard. There is no way to extend the wizard to include other DHCP options. After creating the scope, you can always go to the scope options and assign values for other options.

  • Anonymous
    January 01, 2003
    Can the clustered DHCP servers be accessed via NLB?  We have an issue with some old networking equipment that will only allow us to configure 1 address for the IP helper.

  • Anonymous
    January 01, 2003
    Hi Victor, We have seen this issue when you are try to perform post install configuration through server manager while logged in as a local administrator on a domain joined computer. You should be able to work around this by logging in as a domain user who is has admin privileges on the computer (member of the local administrators group). Hope it helps. Also you have mentioned the server is not part of domain - however the rest of your description ("try to select alternate credentials and put in the admin info or say skip AD") as well as the error that you hit suggest that the server is domain joined. You will not be prompted for authorization of the server in AD unless the server is domain joined.

  • Anonymous
    January 01, 2003
    The UI in DHCP MMC for adding non-standard DHCP options has not changed. You can go to IPv4 node, right clikc, Set predefined options and then press Add to add a new option definition. Once the option definition is added, you can set values for that option at each scope or server wide. You can also use the Add-DhcpServerv4OptionDefinition cmdlet to add a new option definition and Set-DhcpServerv4OptionValue to set option value for any option.

  • Anonymous
    January 01, 2003
    Char, your Cisco Linksys router will have a DHCP server. You will need to turn that off if you are using Windows DHCP server - else both servers will be leasing IP addresses to clients.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Brian, what is the error you get when you try to authorize the DHCP Server. Can you have an enterprise admin try authorizing the DHCP server using Add-DhcpServerInDC cmdlet in PowerShell and see what error you get back.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi Brian, yes you can authorize 2012 DHCP server in a 2008R2 or even a lower version AD. There is no dependency in DHCP server on a specific AD version. What is the problem you are facing.

  • Anonymous
    January 01, 2003
    Mike, yes you can authorize the new DHCP server while keeping the older one still running. Since you will not have any scopes on it until the time you import, the new server will not serve any clients. The steps you mentioned will work.

  • Anonymous
    January 01, 2003
    Thanks, I'm searching right now. That should be it.

  • Anonymous
    January 01, 2003
    This is really great, contains many stuffs in detail

  • Anonymous
    January 01, 2003
    Hi Rob, yes - you can authorize the DHCP server after configuring the scopes and options.

  • Anonymous
    January 01, 2003
    So essentially, you will configure the IP address of the DHCP relay agent (in Routing and Remote Access Service role in windows server) in your old network equipment and configure the RRAS DHCP relay agent with IP addresses of the 2 DHCP failover servers. This would amount to cascading of DHCP relay agents.

  • Anonymous
    January 01, 2003
    Hi Mike, Thanks for sharing the feedback - that was useful. Are you deploying DHCPv6 in stateful or SLAAC mode ?

  • Anonymous
    January 01, 2003
    Jonathan, it seems like you are missing a statically configure IP address on the DHCP server. Please configure/ensure that a static IP is present on at least one of the network interfaces of the DHCP server.

  • Anonymous
    September 11, 2012
    How do you add additional non-standard DHCP options?  There used to be an available action to setup non-standard DHCP options that I have not been able to find.  What is the new method for adding new options not included in the standard list?

  • Anonymous
    September 11, 2012
    Thank you!  I feel stupid -i see it now, but not before I found the technet info on using PowerShell to add them.  Great updates to DHCP server in 2012 - I'm loving the Policy maps!

  • Anonymous
    December 05, 2012
    So, I have a private subnet that I want to provide DHCP services to and decided to use 2012 as the provider but I'm having tons of problems. This is a standalone server (ie, not part of a domain) and when I try to select alternate credentials and put in the admin info or say skip AD, I get an error about not being able to open registry keys to set the status of the post config task. It recommends setting trustedHosts via winrm which I have done even though this should not be needed as it's just a single machine but it still fails. Any thoughts would be great.

  • Anonymous
    December 14, 2012
    This is really great article and I am sure it is helping many people. I wanted to add my 2 cents by sharing a small video on steps to install and configure Windows Server 2012 <a href="www.youtube.com/watch. More videos are available at <a href="www.prohut.net/.../a>

  • Anonymous
    February 18, 2013
    Hi I have almost the same issue as Victor.  The only difference is I am signed on as a domain administrator on the machine, which happens to be a domain controller.  I actually have removed the role and tried adding it back in, but the same issue occurs every time.  "Failed to open registry key on target computer...."

  • Anonymous
    June 07, 2013
    Can I authorize a 2012 DHCP server in a 2008 R2 AD? We're having some problems doing so.  I must admit we're just in the preliminary stages, but I thought I'd ask here...

  • Anonymous
    June 10, 2013
    Hi, thanks for the reply. Our AD people are unable to authorize the DHCP server, it has the red circle with the white dash in it, so it's a permissions issue from what I understand.  They are Enterprise Admins, and the server is joined to the domain.

  • Anonymous
    June 11, 2013
    Thanks again, They are trying through the GUI, not from powershell.  When I remotely manage the 2012 server from a 2008 server, I do not get the DHCP portion.  Is it not possible to authorize through the GUI using 2008?  I'll try to get them to authorize using powershell. Thanks again, Brian

  • Anonymous
    June 11, 2013
    Sorry, meant to add they are not getting an error, the server has the red circle with the white dash (like a 'do not enter' sign), and authorize is greyed out. Thanks Brian

  • Anonymous
    July 01, 2013
    fantastic! thanks

  • Anonymous
    January 25, 2014
    Hi i want to set DHCP up, the server will be connected to a router which has a static IP address (also connected to 2 other cisco routers using OSPF)will DHCP be able to pass through the network to clients on the other side of the router to get IP address the server gives or will the router intercept

  • Anonymous
    April 02, 2014
    I am currently installing a new DHCP server using 2012 R2 to replace an existing system. Can I install the DHCP role adn configure all the scopes and options BEFORE authorising the server so as not to interupt service to our users?
    I need to put all the information in for our scopes and options before we can turn off the current system!

  • Anonymous
    April 02, 2014
    Brilliant. Thanks for the quick answer!

  • Anonymous
    April 04, 2014
    When we install DHCP on the server, we lose internet connectivity. We have a Cisco Linksys modem with DHCP. Would that be a part of the problem?

  • Anonymous
    June 11, 2014
    Hi,
    I,ve setup a new Server2012R2 DHCP server alongside our existing W2008R2 server. I authorised the new server and de-authorised the old one, but the new one is not giving addresses. On a client I'm getting 0x79 errors (cannot get new DHCP address). I exported/imported all settings with powershell from old to new.
    I started over again with a clean Server install and manually creating all scopes but still no luck. Anyone have some suggestions?

  • Anonymous
    August 06, 2014
    I just installed the DHCP services in W2K12-R2 but I have not completed the Post-Install process. My new server build got messed up with some bad NIC drivers, so I want to reinstall OS from scratch. DHCP is not "live" or Authorized in AD if I did not complete the Post-Install process right? SO I am safe to rebuild and re-do DHCP? (WSUS also)

  • Anonymous
    August 11, 2014
    We currently have a single 2008r2 dhcp server that is doing dhcp. We want to move to the new 2012 dhcp with failover. Can i authorize these new servers in ad without interrupting the current dhcp server? Then when we are ready to switch over i can just export and import the configs and leases and change the relay agents? Am i understanding this correctly?

  • Anonymous
    October 24, 2014
    I am having some problem with DHCP server 2012 ..the Server is not assigning IP address to the client .......keep getting the following error....
    This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

  • Anonymous
    January 12, 2015
    I would like your opinion on whether it is wise to install a DHCP failover (load balanced) cluster on Domain Controllers

  • Anonymous
    January 20, 2015
    Hi this is really a suggestion for DHCPv6 deployment - is there a connect area or a better place to post suggestions?
    My suggestion is as follows. In a DHCPv6 stateless environment with SLAAC, the IPv6 prefix is assigned by the ISP and may change occasionally. In such a network, static IPv6 addresses are really bad because they have to be manually changed when the ISP changes the prefix - and your own documentation says that in a well managed IPv6 network, static IPv6 addresses should be extremely rare.
    So therefore I suggest that for a stateless IPv6 DHCP server, you remove the requirement that you only bind to static IPv6 addresses. There is nothing wrong with sending DHCPv6 replies on the link local address if you are just giving out stateless configuration information, and doing so will allow a best practice of not requiring the DHCPv6 server to have a static IP at all.
    If you want to support stateful DHCPv6 in a DHCPv6-PD environment where the prefix comes from the ISP and may change, there are other issues - you will want to look at obtaining the prefix from a router rather than requiring the user to hard-wire it in to the scope, you will want to think about reservations where you are just reserving the host part of a client IPv6 address and getting the prefix from the upstream router, you will want to think about coordinating DHCPv6 lease times with an DHCPv6-PD prefix lifetime, etc,, etc. That sort of stuff would be awesome but I realize it's a lot of work. But for now if you just allow a stateless scope to work without a fixed IP, then we can handle DHCPv6-PD networks by setting them up in SLAAC mode while you guys think through the stateful issues!

  • Anonymous
    February 22, 2015
    Hi, I'm trying to migrate a Windows 2003 network server to a 2012 one. When I'm trying to complete the DHCP configuration I'm getting the following errorhttp://i.imgur.com/vfCvY8m.png I noticed earlier you said this could be disregarded, but when I go to the DHCP UI it shows the current server with a wrong IP address (a 169 based one rather than the 192 one I would expect to see) and no name rather than the <Servername.domain[IP address] . Any advice gratefully received!

  • Anonymous
    March 09, 2015
    great and well information about DHCP

  • Anonymous
    September 18, 2015
    The comment has been removed

  • Anonymous
    September 18, 2015
    The comment has been removed

  • Anonymous
    September 21, 2015
    Hello tourney, please try the below steps to get rid off the alert in server manager about post-install configuration not being complete:
    Below is what you can do, to get rid of the prompt in server manager to complete the post-install configuration step (this has also been added to the blog above) -

    If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

    Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftServerManagerRoles12 –Name ConfigurationState –Value 2

  • Anonymous
    November 06, 2015
    really helpful
    thanks

  • Anonymous
    November 30, 2015
    Hey DHCP team,
    Wanted to know what could be a possible outcome of my scenario:
    Setup:
    1) One DHCP server.
    2) Has WDS on same server.
    3) Option 60 configured.
    4) Have a router
    5) behind the router have a client.

    Scenario:
    As part of a bad flow i have configured the router to forward dhcp packets in broadcast( two DHCP relays, one to the real DHCP server the other to the broadcast address of the subnet).
    I see both packets in the wireshark.
    But, the broadcast packet is not answered by the DHCP server? only the uni-cast gets the offer.
    Why could be the reason for that?
    And how could i make dhcp server answer to both discover packets reaching it?( in dhcp server statistics i see only one discover packet arriving, but in the wireshark i see them both)