In the previous post, We added DHCP roles on both servers and configure a scope only on SrvDHCP01. You can only have 1 relationship between 2 DHCP servers. A single DHCP server can have 31 failover relationships with other DHCP servers. In the following diagram DHCP2 has 2 relationships. One with DHCP1 amd the other is with DHCP3. In our demo, we will only have 2 DHCP servers. Let's start.
After I configure Failover, the scope will be replicated to SrvDHCP02. You cannot enable DHCP failover on a DHCP scope if the scope already exists on both DHCP servers in a failover relationship. If a DHCP scope exists on the partner DHCP server it must be deleted prior to configuring DHCP failover.Right cick IPv4 and select Configure Failover on your dirst DHCP server.
You can select the scopes which will be replicated to the secondary server.
A single failover relationship can be associated to multiple DHCP scopes. You do not need to create a new failover relationship every time you enable failover on a DHCP scope, unless a new DHCP server will be used as the failover partner or a new set of failover settings are required. It is recommended to reuse existing failover relationships whenever possible to avoid unnecessary duplication of failover settings.
Add the secondary server
Hot standby mode: In hot standby mode, two servers operate in a failover relationship where an active server is responsible for leasing IP addresses and configuration information to all clients in a scope or subnet. The partner server assumes a standby role, with responsibility to issue leases to DHCP clients only if the active server becomes unavailable. Hot standby mode is ideal for scenarios where the failover partner is only intended to be used temporarily when the active server is unavailable.
Load balance mode: Load balance mode is best suited to deployments where both servers in a failover relationship are located at the same physical site.
Load balance mode is the default mode of deployment. In this mode, two DHCP servers simultaneously serve IP addresses and options to clients on a given subnet. DHCP client requests are load balanced and shared between the two DHCP servers. The default load balancing ratio between the two servers is 50:50, but this can be customized to any ratio from 0 to 100%.
In load balancing mode, when a DHCP server loses contact with its failover partner it will begin granting leases to all DHCP clients. If it receives a lease renewal request from a DHCP client that is assigned to its failover partner, it will temporarily renew the same IP address lease for the duration of the MCLT. If it receives a request from a client that was not previously assigned a lease, it will grant a new lease from its free IP address pool until this is exhausted, and then it will begin using the free IP address pool of its failover partner. If the DHCP server enters a partner down state, it will wait for the MCLT duration and then assume responsibility for 100% of the IP address pool.
Click Finish
DHCP server failover replication will run for the first time automatically.
If you make any scope configuration changes after the initial configuration replication for example adding another scope options (NTP server in this case). DHCP server will not replicate this change (strange but true).
You can see SrvDHCP02 does not recieve the new configuration for NTP.
You have to manually trigger the replication or if you dont want to bother yourself with this manual trigger you can create a powershell command and make task scheduler runs this every 5 minutes.
Command: Invoke-DhcpServerv4FailoverReplication -force
Change the txt file extension to ps1
Task scheduler will need to run this task with a user who has right to manage DHCP server. So, I add my selimatmaca to local DHCP server Admin on both DHCP servers.
I am creating a new task in Task Scheduler and set this task to be run by selimatmaca(member of local DHCP Administrators)
One time setting has no impact on this task because Advanced settings overrules it and runs the task every 5 minutes
Program/script: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add Argument: -ExecutionPolicy Bypass -file "C:\scripts\DHCPSync.ps1"
Click OK and save it.
5 minutes later, new configuration is replicated to DHCP02 automatically.
Important: During my tests, I noticed that if you run this powershell command on both servers, you might lose the changes you made and things get messy. Therefore, make sure you always change DHCP Configuration on the Primary DHCP server and make sure this powershell is run only on the primary DHCP server.
You can right click on the scope and Display statistics
Time Synchronization:
For DHCP failover to function correctly, time must be kept synchronized between the two servers in a failover relationship. Time synchronization can be maintained by deployment of the Network Time Protocol (NTP) or any other alternative mechanism. When the failover configuration wizard is run, it will compare the current time on the servers being configured for failover. If the time difference between the servers is greater than one minute, the failover setup process will halt with a critical error and request that time on the servers be synchronized.
You can run the following command to check and see what NTP Servers are used by your DHCP servers:
w32tm /query /status
Relay Agents:
When you deploy DHCP failover, a single DHCP relay address might not be sufficient, since DHCP clients must always be able to communicate with both the primary DHCP server and the failover partner server. If both DHCP servers are located on a different subnet than DHCP clients, this requires at least two DHCP relay agents. For example:
ip helper-address 10.0.1.1
ip helper-address 10.0.1.2
In this example, both DHCP servers are on the same subnet (10.0.1.0/24). The primary DHCP server’s IP address is 10.0.1.1 and 10.0.1.2 is the IP address for the failover partner server. If both DHCP servers are located on the same subnet, you can also configure the subnet broadcast address (ex: 10.0.1.255) as a single DHCP relay. The use of a subnet broadcast address as a single DHCP relay is not possible if DHCP servers are located on separate subnets.