Windows 2003 DHCP Server Installation

7/29/2019 Windows 2003 DHCP Server Installation

1/40

Windows 2003 DHCP Server Installation & Configuration:

Introduction

DHCP (Dynamic Host Configuration Protocol) is a protocol that allows clients on a network torequest network configuration settings from a server running the DHCP server service which, in

our case, will be Windows Server 2003. Additionally the protocol allows the clients to self-

configure those network configuration settings without the intervention of an administrator.Some of the settings that a DHCP server can provide to its clients include the IP addresses for the

DNS servers, the IP addresses for the WINS servers, the IP address for the default gateway

(usually a router) and, of course, an IP address for the client itself.

This article will discuss and walk you through the steps of installing and configuring DHCP on a

Windows Server 2003 member server, specifically focusing on setting up a scope and its

accompanying settings. The same configuration can be applied to a standalone server eventhough the step-by-step details differ slightly. The upcoming 'Advanced DHCP Server

Configuration on Windows 2003' article will discuss other DHCP options and features such as

superscopes, multicast scopes, dynamic DNS, DHCP Backup and more.

While our articles make use of specific IP addresses and network settings, you can change these

settings as needed to make them compatible with your LAN This won't require you to makechanges to your LAN, but you'll need to have a slightly stronger understanding of DHCP and

TCP/IP.

Assigning the server a static IP address

Before we install the DHCP server service on Windows Server 2003, we need to assign theWindows server a static IP address. To do this:

1. Go to Start > Control Panel > Network Connections , right-clickLocal Area Connectionand choose Properties .

2. When the Local Area Connection Properties window comes up, select Internet Protocol

(TCP/IP) and click the Propertiesbutton.

3. When the Internet Protocol (TCP/IP) window comes up, enter an IP address , subnet

maskand default gateway IP address that is compatible with your LAN.

We've configured our settings according to our network, as shown below:


2/40

4. Enter192.168.0.252 for the Preferred DNS server and 192.168.1.252 for the Alternate DNS

server. The Preferred and Alternate DNS server IP addresses are optional for the functionality of

the DHCP server, but we will populate them since you typically would in a real-world network.Usually these fields are populated with the IP addresses of your Active Directory domain

controllers.

5. After filling out those fields, clickOKand OKto save and close all windows.

Install DHCP server service on Windows Server 2003

Our server now has a static IP address and we are now ready to install the DHCP server service.

To do this:

1. Go to Start > Control Panel > Add or Remove Programs .

2. When the Add or Remove Programs window launches, click Add/Remove WindowsComponents in the left pane.


3/40

3. When the Windows Components Wizard comes up, scroll down and highlight Networking

Services and then click the Detailsbutton.

4. When the Networking Services window comes up, place a check mark next to Dynamic Host

Configuration Protocol (DHCP) and clickOKand OKagain.


4/40

Note that, during the install, Windows may generate an error claiming that it could not find a file

needed for DHCP installation. If this happens, insert your Windows Server 2003 CD into theserver's CD-ROM drive and browse to the i386 directory. The wizard should automatically find

the file and allow you to select it. After that, the wizard should resume the installation process.

Configure DHCP on Windows Server 2003

DHCP has now been successfully installed and we are ready to configure it. We will create a

new scope and configure some of the scope's options. To begin:

1. Launch the DHCP MMC by going to Start > Administrative Tools > DHCP .

Currently, the DHCP MMC looks empty and the server node in the left pane has a red arrow

pointing down. Keep that in mind because it will be significant later on.


5/40

2. Right-click the server node in the left pane and choose New Scope . This will launch the New

Scope Wizard.

3. On the New Scope Wizard, clickNext .

4. Specify a scope name and scope description. For the scope Name , enter Building A, Floor1 . For the scope Description , enter This scope is for Floor 1 of Building A . Afterwards,

clickNext .

The scope name can be anything, but we certainly want to name it something that describes the

scope's purpose. The scope Description is not required. It is there in case we needed to provide a

broader description of the scope.

5. Specify an IP address range and subnet mask. For the Start IP address enter192.168.0.1, for

the End IP address enter192.168.0.254 . Finally, specify a subnet maskof255.255.255.0 and

clickNext.

Specifying the IP address range of a scope requires some knowledge of subnetting. Each scope in

a DHCP server holds a pool of IP addresses to give out to clients, and the range of IP addressesmust be within the allowed range of the subnet (that you specify on the subnet mask field).


6/40

For simplicity we entered a classful, class C IP address range from 192.168.0.1 to 192.168.0.254.

Notice that the range encompasses the IP address of our server, the DNS servers and the default

gateway, meaning that the DHCP server could potentially assign a client an IP address that isalready in use! Do not worry -- we will take care of that later.

6. Specify IP addresses to exclude from assignment. For the Start IP address , enter

192.168.0.240 and for the End IP address enter 192.168.0.254 , click Add , and then click

Next.


7/40

Certain network devices, such as servers, will need statically configured IP addresses. The IP

addresses may sometimes be within the range of IP addresses defined for a scope. In those cases,you have to exclude the IP addresses from being assigned out by DHCP.

We have the opportunity here to define those IP addresses that are to be excluded. We specified

IP addresses 192.168.0.240 to 192.168.0.254 to ensure we've included our servers plus a few

spare IP addresses for future use.

7. Specify the lease duration for the scope. Verify that Days is 8 and clickNext.

The lease duration is how long clients should keep their IP addresses before having to renew

them.


8/40

There are a few considerations at this point. If a short lease duration is configured, clients will be

renewing their IP addresses more frequently. The result will be additional network traffic and

additional strain on the DHCP server. On the other hand if a long lease duration is configured, IP

addresses previously obtained by decommissioned clients would remain leased and unavailableto future clients until the leases either expire or are manually deleted.

Additionally if network changes occur, such as the implementation of a new DNS server, thoseclients would not receive those updates until their leases expire or the computers are restarted.

As Microsoft states, lease durations should typically be equal to the average time the computeris connected to the same physical network. You would typically leave the default lease duration

in an environment where computers are rarely moved or replaced, such as a wired network. In an

environment where computers are often moved and replaced, such as a wireless network, youwould want to specify a short duration since a new wireless client could roam within range at

any time.

8. Configure DHCP Options. Make sure Yes, I want to configure these settings now isselected and clickNext to begin configuring DHCP options.

DHCP options are additional settings that the DHCP server can provide to clients when it issuesthem with IP addresses. These are the other settings that help clients communicate on the


9/40

network. In the New Scope Wizard we can only configure a few options but from the DHCP

MMC we have several more options.

9. Specify the router IP address. Enter 192.168.0.254 as the IP address of the subnet's router,

clickAdd , and then clickNext .

The first option we can configure is the IP address for the subnet's router for which this scope is

providing IP addresses. Keep in mind that this IP address must be in the same network as the IP

addresses in the range that we created earlier.

10. Configure domain name and DNS servers. On the next page, enter firewall.cx" for the

domain name. Then enter192.168.0.252 for the IP address of a DNS server, click Add , enter

192.168.1.252 as the IP address for another DNS server, and click Add again. When finished,

clickNext.

If you had a DNS infrastructure in place, you could have simply typed in the fully qualifieddomain name of the DNS server and clicked Resolve .

The DNS servers will be used by clients primarily for name resolution, but also for otherpurposes that are beyond the scope of this article. The DNS domain name will be used by clients

when registering their hostnames to the DNS zones on the DNS servers (covered in the

'Advanced DHCP Server Configuration on Windows 2003 ' article).


10/40

11. Configure WINS servers. On the next screen, enter192.168.0.251 as the IP address for the

first WINS server, clickAdd , enter192.168.1.251 as the IP address for the second WINS server,clickAdd again, and then clickFinish .


11/40

12. Finally, the wizard asks whether you want to activate the scope. For now, choose No, I will

activate this scope later and clickNext and then Finish to conclude the New Scope Wizardand return to the DHCP MMC.

At this point we almost have a functional DHCP server. Let us go ahead and expand the scope

node in the left pane of the DHCP MMC to see the new available nodes:

Address Pool Shows the IP address range the scope offers along with any IP address

exclusions.

Address LeasesShows all the leased IP addresses.

Reservations Shows the IP addresses that are reserved. Reservations are made by

specifying the MAC address that the server would listen to when IP address requests are

received by the server. Certain network devices, such as networked printers, are best configured

with reserved IP addresses rather than static IP addresses.

Scope Options Shows configured scope options. Some of the visible options now are

router, DNS, domain name and WINS options.


12/40

Server Options Shows configured server options. This is similar to scope options except

that these options are either inherited by all the scopes or overridden by them (covered in

'Advanced DHCP Server Configuration on Windows 2003 ' article).

Earlier, we only defined exclusions for our servers, router plus a few more spare IP addresses. In

case you need to exclude more IP addresses, you can do it at this point by following theseinstructions:

13. Select and right-clickAddress Pool and choose New Exclusion Range.

14. When the Add Exclusion window comes up, enter the required range and then clickAdd. Inour example, we've excluded the addition range 192.168.0.230 - 192.168.0.232.

Notice that the server node and scope node still has a red arrow pointing down. These red arrowspointing down mean that the server and scope are not turned on.

The concept of turning on the scope is called activating and the concept of turning on the

server for DHCP service is called authorizing. Security has some influence in the concept of

authorizing a DHCP server and, to authorize a DHCP server, you must be a member of theEnterprise Admins Active Directory group.

15. Right-click the server (server001.firewall.cx) and choose Authorize , then right-click the

scope (Building A, Floor 1) and choose Activate . If the red arrows remain, refresh the MMC by

going to Action > Refresh .


13/40

Congratulations! At this point, you should have a working DHCP server capable of providing IPaddresses!


14/40

Windows 2003 DHCP Server Advanced Configuration - Part 1

Introduction

In this article, we will cover more advanced DHCP features and topics such as server options,superscopes, multicast scopes, dynamic DNS, DHCP database backup and restoration, DHCP

migration, and DHCP troubleshooting. We will cover these topics in two ways: by building out

from our earlier implementation and by using our imagination!

Ok, using our imagination for this purpose may seem silly but doing so will give us the

opportunity to indirectly learn how, why, and where these advanced DHCP features and topics

come into play in a real-world network and how other networking technologies are involved in aDHCP implementation.

We will imagine that we are building our DHCP server for a company that has two buildings,Building A and Building B, each with a single floor (for now). Building A is on a 192.168.0.0/24

network and Building B is on a 192.168.1.0/24 network.

Although each building has its own DNS server (192.168.0.252 and 192.168.1.252), WINS

server (192.168.0.251 and 192.168.1.251) and Cisco Catalyst 4507R-E switch (192.168.0.254and 192.168.1.254), only a single DHCP server exists it is the one that we have been building

and it resides in Building A.

The clients and servers in each building connect to their respective Cisco Catalyst switches and

the switches are uplinked to a Cisco router for Internet connectivity. The only notableconfiguration is with the Building B switch: It is configured with the ip helper-address

192.168.0.253 command.

The ip helper-address command tells the switch to forward DHCP requests in the local subnet to

the DHCP server, since the clients in Building B cannot initially communicate with the DHCPserver directly. We are not concerned with any other configuration or networking technologies

for now.

Server Options

The specifications of our imaginary company state that the company has two buildings Building A and Building B. In our first article, we created a scope called Building A, Floor 1

so a scope for our first building is already made. In this article, we will create a scope for

Building B, Floor 1, using the instructions from ourBasic DHCP Configuration articleand thefollowing specifications for the scope:
http://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.htmlhttp://www.firewall.cx/microsoft-knowledgebase/windows-2003-server/245-windows-2003-dhcp-setup.html


15/40

After creating the scope, we want to activate it as well.

Notice that, in creating this scope, we had to input a lot of the same information from ourBuilding A, Floor 1 scope. In the event that we had several other scopes to create, we would

surely not want to be inputting the same information each time for each scope.

That is where server options are useful. Server options allow you to specify options that all the

scopes have in common. In creating two scopes, we noticed that our scopes had the following in

common:

DNS servers WINS servers Domain name

To avoid having to enter this information again, we will create these options as server options.To do this:

1. On the DHCP MMC, right-clickServer Options and choose Configure Options


16/40

When the Server Options window comes up, take a moment to scroll down through the long list

of available options. Not all options are needed or used in every environment. In some cases,

however, a needed option is not available. For example, Cisco IP phones require Option 150 butbecause that option is not available it would have to be defined manually. Other than that,

options 006 DNS Servers , 015 DNS Domain , and 003 Routerare generally sufficient.

2. Scroll down to option 006 DNS Servers and place a checkmark in its box. This will activate

the Data Entry section. In that section, type 192.168.0.252 for the IP Address and clickAdd.

Then enter192.168.1.252 as anotherIP Address and clickAdd again. This will add those twoservers as DNS servers.

3. Scroll down to option 015 DNS Domain Name and place a checkmark in its box. This willactivate the Data Entry section. In that section, enterfirewall.cx in the String Value text field.

4. Scroll down to option 044 WINS/NBNS Servers and place a checkmark in its box. This willactivate the Data Entry section. In that section, enter192.168.0.251 for the IP Address and click

Add. Then enter192.168.1.251 as another IP Address and click Add again. This will add thosetwo servers as WINS servers.

5. Scroll down to option 046 WINS/NBT Node Type and place a checkmark in its box to

activate the Data Entry section. In that section, enter 0x8 for the Byte text field and clickOK. This will set the workstation node type to 'Hybrid' which is preffered.

Back on the DHCP MMC, if you click on the Server Options node you will see the following:

Subsequent scopes will inherit these options if no scope options are specified. However, if scopeoptions are specified then the scope options would override the server options in assignment.


17/40

If we did have Cisco IP phones in our environment we would define Option 150 as follows:

1. Right-click the server node on the DHCP MMC and choose Set Predefined Options

2. When the Predefined Options and Values window comes up, clickAdd

3. When the Options Type window comes up, type a name for the option such as TFTP Server

for Cisco IP Phones.

4. On the Data Type drop-down menu, select IP Address.

5. On the Code text field, enter 150.

6. On the Description text field, type a description for the scope, such as Used by Cisco IP

Phones.

7. Check the box next to Array

8. ClickOKtwice.

If you go back to the Scope/Server Options window again, you will see Option 150 available.


18/40

Dynamic DNS

At this point, our imaginary network can service a significant number of clients, but those clientscan only be referenced by IP address. Sometimes it is necessary or helpful to reference clients by

their host names rather than IP addresses.

DNS resolves client host names to IP addresses. But for DNS to be able to do that, client host

names and IP addresses must already be registered in DNS. Servers are typically registered

manually in DNS by the administrator, but workstations are not. So how do client workstationsget registered in DNS? The answer is to use dynamic DNS (DDNS), a feature that will allow

clients, or the DHCP server itself, to register clients in DNS automatically upon the client's

assignment of an IP address. Fortunately, DDNS is setup to automatically work in a domainenvironment, granted that DNS is also setup correctly in the network.

To view the options available for DDNS:

1.

On the DHCP MMC, right-click the server node and choose Properties2. When the Properties window comes up, click the DNS tab.If the network has some clients that are not in the domain, have legacy Windows operating

systems, or are not capable of registering their host names and IP addresses in DNS, the twooptions marked below would need to be selected:


19/40

But if that were the case, you would also have to specify credentials that the DHCP server would

use for DDNS on behalf of the clients. To do this, you would:

1. Click the Advanced tab on the Properties window.

1.Click the Credentialsbutton.

2. When the DNS Dynamic Update Credentials window comes up, enter an administratorusername and password andfirewallfor the domain. In a real-world environment, you would

create a separate username and password that would be used solely for DDNS and enter it here

instead.

3. ClickOKtwice to exit the Properties window.

Superscopes

Let us imagine that the number of client workstations in Floor 1 of Building A was expandedbeyond the number of available IP addresses that our Building A, Floor 1 scope could offer.

What would we do to provide IP addresses to those additional clients?


20/40

The following options may appear to be solutions, but they are not always feasible:

1. Extend the scope to include more IP addresses.2. Create an additional scope for that network segment.3. Delete and recreate the scope with a different subnetmask that allows for more hosts.

The problem with the first option is that you may not always be able to extend the scope,

depending on the scope's subnetmask and whether consecutive scopes were created based on that

subnetting. The problem with the second option is that even if you create an additional scope, theDHCP server would not automatically lease out those IP addresses to clients of that physical

network segment. Although the third option could work, this option may not always be optimal

depending on how much additional network-based changes would also be needed to reach thesolution.

There are a few options to solve this issue:

1. Place the additional clients in a separate VLAN and create a scope for that VLAN that isin a completely different network

2. Create a superscope that includes the exhausted scope and a new scope with available IPaddresses

The first option could solve the problem but, since this is a DHCP article, we will address the

problem by using DHCP features, so the second option will be our choice!

Superscopes allow you to join scopes from separate networks into one scope. Then, when one of

the scopes runs out of IP addresses, the DHCP server would automatically start leasing out IPaddresses from the other scopes in that superscope. However, solely creating a superscope is not

the complete solution. As some clients in that network segment would have IP addresses from adifferent network, the segment's router interface would also have to be assigned an additional IP

address that is in the same network as the additional scope.

To use this solution, we first have to create the additional scope. Here are the scope

specifications:


21/40

The scope will inherit the server options for DNS domain name, DNS server and WINS server.

Activate the scope when done.

Now we will create a superscope and place the two Building A scopes in it:

1. On the DHCP MMC, right-click the server node and choose New Superscope2. When the New Superscope Wizard comes up, clickNext3. On the next screen, you are prompted to enter a name for the scope. Enter All of

Building A, Floor 1 and clickNext4. On the next screen, you are asked to select the scopes that will be part of the superscope.

Select the scopes shown below and then clickNext


22/40

5. On the next screen, clickFinish to complete the wizard.

Back on the DHCP MCC, you will see that the two scopes selected earlier have been placed

under a new scopeSuperscope All of Building A, Floor 1.


23/40

Now when the scope titled Building A, Floor 1 runs out of IP addresses, the server will start

issuing IP addresses in Building A, Floor 1 Extended.

Multicast scopes

The most common systems and applications that use multicasting have multicast IP addressesstatically configured or hard-coded in some way. However, for systems and applications that

need multicast IP addresses dynamically assigned, they lease them from a MADCAP (Multicast

Address Dynamic Client Allocation Protocol) server, such as Windows Server 2003.

One example of such an application that leased a multicast IP address from a MADCAP server is

an old application from Windows 2000 called Phone Dialer. This application allowed the

creation of video conferences that people could attend. When creating a conference, theapplication would lease a multicast IP address from the MADCAP server and stream to that IP

address. Clients wishing to join the conference would join that established multicast group.

Setting up a multicast scope is similar to setting up a standard scope:

1. On the DHCP MMC, right-click the server node and choose New Multicast Scope2. When the New Multicast Scope Wizard comes up, clickNext3. On the next screen, specify a Scope Name of Video Conferencing and a Scope

Description of Multicast scope for conference presenters. Afterwards, clickNext

4. On the next screen, enter

239.192.1.0 in the Start IP Address field and 239.192.1.255 in the End IP Address field. Since

this scope will only service video conferences within the company, we define an IP address


24/40

range in the multicast organization local scope range. Leave the TTL at 32. ClickNext when

done.

1. On the next screen, clickNext again. No exclusions need to be defined.2. On the next screen, set the Days to 1 and clickNext3. On the next screen, clickNext to activate the scope.4. On the next screen, clickFinish5. Back on the DHCP MMC, expand the multicast scope that we just created and select

Address Pool . Notice that an exclusion range encompassing the entire pool is also

created. Select it and delete it.

The DHCP server can now provide multicast IP addresses. For the most part, the multicast scope

functions the same as a standard scope. One different feature is that you can set a multicast scope

to automatically expire and delete itself at a certain time.

To configure this:

1. Right-click the multicast scope and choose Properties2. When the Properties window comes up, click the Lifetime tab.3. On the Lifetime tab, select Multicast scope expires on and select when you would like

it to expire. When this date and time is reached, the server automatically deletes the

scope.


25/40

Conclusion

The Advanced DHCP configuration article continues with part 2, covering the DHCP databasebackup and restoration, troubleshooting the DHCP service using audit logs and finally DHCP

Migration.


26/40

Windows 2003 DHCP Server Advanced Configuration - Part 2

Backing up the DHCP database

Our DHCP server is fully functional but it may not always remain that way. We definitely wantto back it up so we can quickly restore the functionality in the event of a disaster.

The DHCP scopes, settings and configuration are actually kept in a database file, and thedatabase is automatically backed up every 60 minutes. But to manually back it up:

On the DHCP MMC, right-click the server node and choose Backup When the Browse for Folder window comes up, verify that it points to C

:\windows\system32\dhcp\backup and clickOK:

Restoring the DHCP database

Let us imagine that a disaster with the DHCP server did occur and that we now have to restorethe DHCP functionality. Restoring the DHCP database is just as simple as backing it up:

1. 1. On the DHCP MMC, right-click the server node and choose Restore2. 2. When the Browse for Folder window comes up, clickOK3. 3. You will receive a prompt informing you that the DHCP service will need to be

stopped and restarted for the restore to take place. ClickOK

The DHCP database will then be restored.


27/40

Troubleshooting DHCP

Let us imagine that, after restoring the database, the DHCP server developed some issues and

started malfunctioning. Luckily, DHCP comes equipped with several tools to help ustroubleshoot.

Event Viewer

The Event Viewer displays events that the server has reported and whether those events represent

actual issues or normal operation. Most of the issue events related to DHCP will be reported inthe System log of the Event Viewer with a Source of DHCPServer.

To view the Event Viewer:

1. Go to Start > Administrative Tools > Event Viewer2. When the Event Viewer window comes up, click the System log on the left pane and its

events will be displayed on the right pane.

Depending on how active the server is, the System log may be cluttered with Information,

Warning and Error events that are unrelated to DHCP. To see only DHCP issues, filtering non-

important events is necessary. To do this:

1. Go to the View > Filter2.

When the System Properties window comes up, click on the Event Source drop-downmenu and select DHCPServer . This tells the log to display only DHCP server events.

3. Next, uncheck the box next to Information . This tells the log to display only eventsregarding issues.

4. (Optional) On the From and To drop-down menus on the bottom, adjust the time and dateframe to when an issue was suspected to have occurred.

5. When finished, clickOK

The System log is now displaying only DHCP Warning and Error events. This should cause any

DHCP-related issues to stick out:


28/40

Every event has an Event ID. In case a particular event's description is too vague to understand,

you may have to research the Event ID for further clarification.

DHCP Audit Logs

Another DHCP troubleshooting tool is the DHCP audit logs. These logs display detailed

information about what the DHCP server has been doing. If a client leases an IP address, renews

its IP address, or releases its IP address, the DHCP server will audit this activity.

More concerning events are also audited: if the DHCP server service stops, encounters a rogue

DHCP server in the network, or fails to start, the server will audit this issue as well. These logsprovide closer visibility into what the DHCP server is doing.

To access the DHCP audit logs:

1. Go to Start > Run2. When the Run box comes up, type c:\windows\system32and clickOK3. When the System32 folder comes up, navigate to and double-click the dhcp folder.

In the dhcp folder, the log files will be titled DhcpSrvLog -%WeekDay%. log, where

%WeekDay% is a week day. There should be one for the past six days.


29/40

The log may appear overwhelming, but it is very simple to read. Each line contains several

pieces of information but the most important is the code at the beginning of the line, since thatdescribes what is being audited. That code is defined on the top portion of the log file. As each

line is comma-separated you can actually save the log file in .csv format and open it in Excel for

easier and more convenient reading and analysis.

Protocol Analyzer

Although a protocol analyzer is not an official DHCP troubleshooting tool, it is nonetheless anexcellent tool for troubleshooting issues where the server is not servicing clients. In such

situations you would use the protocol analyzer on the server to determine whether DHCP

Discover/Request packets from clients are arriving at the server at all or if they are arriving butbeing ignored by the server.

If you find that the packets are not arriving at the server at all, you would have isolated the

problem to most likely being a routing issue or an issue with any relay agents/configured IP

helpers in the network.

However, if you find that the packets are arriving but being ignored by the server, then you

would have isolated the problem to either residing on the server or the configuration of DHCP.

The screen shot below, of Wireshark, shows that the server received a DHCP Discover packet

from a client and properly responded to it.


30/40

DHCP Migration

Continuing from our previous storyline, let us pretend that we found the issue that was affecting

our DHCP server but to fix it we would have to take the DHCP server offline for a considerableamount of time, so for the time being we will just setup a different server as our DHCP server.

To accomplish this, we will have to transfer the DHCP database to our new server. Migrating theDHCP database is not only done in situations such as this. When a DHCP server is

decommissioned, for example, you would need to transfer the DHCP database to the new server.

Although the transfer can technically be done in more than one way, presented below is one

method. Regardless of the approach chosen, you should aim to minimize the amount of time that

both DHCP servers are simultaneously active and able to service clients as this would increasethe chances of one server leasing an IP address that is already in use.

1. On the old server, go to Start > Run , type cmd, and clickOK.2. When the Command Prompt window comes up, type netsh dhcp server export

c:\dhcp_backup.txt alland hit Enter. This command exports all the scopes in the DHCP

database to a file titled dhcp_backup.txt.3. Copy the export file ( dhcp_backup.txt) to the new server.4. On the new server, install the DHCP server role. Do not authorize the DHCP server yet.5. On the new server, go to Start > Run , type cmd, and clickOK.6. When the Command Prompt window comes up, type netsh dhcp server import

c:\dhcp_backup.txt alland hit Enter. This command imports all the scopes in the DHCP

database from the file titled dhcp_backup.txt.

7. On the new server, enable conflict detection so IP addresses that have been leased out bythe old server since the start of the migration are not reissued.

a. On the DHCP MMC, right-click the server node and choose Properties b. When the Properties window comes up, click the Advanced tab. c. On Conflict Detection Attempts , increase the number to 2 just to be safe. This tells

the server to ping an IP address before it assigns it. If there is a response, then the DHCPserver will not lease out the IP address since that address would already be assigned.

d. ClickOK


31/40

8. On the new server, authorize the DHCP server.

9. On the old server, unauthorized the DHCP server.

Although we could perform a migration by simply backing up the DHCP database on the old

server using the backup procedure and restoring it on the new server using the restore procedure,this approach also restores the old DHCP server's configuration settings, such as audit settings,

conflict detection settings, DDNS settings, etc. It may not always be desirable to transfer those

settings in a migration. The procedure described above only transfers the scopes and theirsettings.

Conclusion

Without careful observation, the full capabilities of DHCP can be overlooked. The protocol, in

combination with the DHCP MMC, provides numerous methods to control client configuration

settings and server administrative functions.


32/40

Windows 2003 DNS Server Installation & Configuration

Introduction

For both private and public networks (i.e.: the Internet), DNS is used for translating host namesto IP addresses and the reverse. DNS does this by using records stored in its database. On theInternet DNS mainly stores records for public domain names and servers whereas in private

networks it may store records for client computers, network servers and data pertaining to Active

Directory.

In this article, we will install and configure DNS on a standalone Windows Server 2003. We will

begin by setting up a cache-only DNS server and progress to creating a primary forward lookup

zone, a reverse lookup zone, and finally some resource records. At the end of this article we willhave set up a DNS server capable of resolving internal and external host names to IP addresses

and the reverse.

Install DNS on Windows Server 2003

Before installing and configuring DNS on our server we have to perform some preliminary tasks.Specifically, we have to configure the server with a static IP address and a DNS suffix. The

suffix will be used to fully-qualify the server name. To begin:

1. Go to Start > Control Panel > Network Connections , right-clickLocal Area Connectionand choose Properties .

2. When the Local Area Connection Properties window comes up, select Internet Protocol(TCP/IP) and clickProperties . When the Internet Protocol (TCP/IP) window comes up, enter

an IP address , subnet maskand default gateway IP addresses that are all compatible withyour LAN.

Our LAN is on a 192.168.1.0/24 network, so our settings are as follows:


33/40

3. For the Preferred DNS Server , enter the loopback address 127.0.0.1 . This tells the server touse its own DNS server service for name resolution, rather than using a separate server. After

filling out those fields , click the Advancedbutton.

4. When the Advanced TCP/IP Settings window comes up, click the DNS tab, enterfirewall.test

on the DNS suffix for this connection text field, checkRegister this connection's address in

DNS , checkUse this connection's DNS suffix in DNS registration , and clickOK, OK, and

then Close


34/40

Now that we have configured our server with a static IP address and a DNS suffix, we are ready

to install DNS. To do this:

1. Go to Start > Control Panel > Add or Remove Programs .

2. When the Add or Remove Program window launches, clickAdd/Remove Windows

Components on the left pane.

3. When the Windows Components Wizard comes up, scroll down and highlight Networking

Services and then click the Detailsbutton.

4. When the Networking Services window comes up, place a check mark next to Domain Name

System (DNS) and clickOKand OKagain.


35/40

Note that, during the install, Windows may generate an error claiming that it could not find a file

needed for DNS installation. If this happens, insert your Windows Server 2003 CD into the

server's CD-ROM drive and browse to the i386 directory. The wizard should automatically find

the file and allow you to select it. After that, the wizard should resume the install.

After this, DNS should be successfully installed. To launch the DNS MMC, go to Start >

Administrative Tools > DNS


36/40

As our DNS server was just installed it is not populated with anything. On t he left pane of theDNS MMC, there is a server node with three nodes below it, titled Forward Lookup Zones,

Reverse Lookup Zones and Event Viewer.

The Forward Lookup Zones node stores zones that are used to map host names to IP addresses,

whereas the Reverse Lookup Zones node stores zones that are used to map IP addresses to host

names.

Setting Up a Cache-Only DNS Server

A cache-only DNS server contains no zones or resource records. Its only function is to cache

answers to queries that it processes, that way if the server receives the same query again later,

rather than go through the recursion process again to answer the query, the cache-only DNSserver would just return the cached response, thereby saving time. With that said, our newly

installed DNS server is already a cache-only DNS server!

Creating a Primary Forward Lookup Zone

With its limited functionality, a cache-only DNS server is best suited for a small office

environment or a small remote branch office. However, in a large enterprise where ActiveDirectory is typically deployed, more features would be needed from a DNS server, such as the

ability to store records for computers, servers and Active Directory. The DNS server stores those

records in a database, or azone .


37/40

DNS has a few different types of zones, and each has a different function. We will first create a

primary forward lookup zone titledfirewall.test. We do not want to name itfirewall.cx , or any

variation that uses a valid top-level domain name, as this would potentially disrupt the clients'abilities to access the real websites for those domains.

1. On the DNS MMC, right-click the Forward Lookup Zones node and choose New Zone .

2. When the New Zone Wizard comes up, clickNext .

3. On the Zone Type screen, make sure that Primary zone is selected and clickNext .

4. On the Zone Name screen, type firewall.test .

5. On the Zone File screen, clickNext .

6. On the Dynamic Update screen, make sure that Do not allow dynamic updates is selected

and clickNext .

7. On the next screen, clickFinish .

We now have a foundation that we can place resource records in for name resolution by internal

clients.

Creating a Primary Reverse Lookup Zone

Contrary to the forward lookup zone, a reverse lookup zone is used by the DNS server to resolveIP addresses to host names. Not as frequently used as forward lookup zones, reverse lookup

zones are often used by anti-spam systems in countering spam and by monitoring systems when

logging events or issues. To create a reverse lookup zone:

1. On the DNS MMC, right-click the Reverse Lookup Zones node and choose New Zone .

2. When the New Zone Wizard comes up, clickNext .

3. On the Zone Type screen, make sure that Primary zone is selected and clickNext .

4. On the Reverse Lookup Zone Name screen, enter192.168.1 and clickNext .

5. On the Zone File screen, clickNext .

6. On the Dynamic Update screen, make sure that Do not allow dynamic updates is selected

and clickNext .


38/40

7. On the next screen, clickFinish .

There is now a reverse lookup zone titled 192.168.1.x Subneton the left pane of the DNS MMC.

This will be used to store PTR records for computers and servers in those subnets.

Using the instructions above, go ahead and create two additional reverse lookup zones, one for a

192.168.2.x subnet and for a 192.168.3.x subnet.

Creating Resource Records

DNS uses resource records (RRs) to tie host names to IP addresses and the reverse. There aredifferent types of resource records, and the DNS server will respond with the record that is

requested in a query.

The most common resource records are: Host (A); Mail Exchanger (MX); Alias (CNAME); and

Service Location (SRV) for Active Directory zones. As such, we will create all but SRV records

because Active Directory will create those automatically.


39/40

1. On the DNS MMC, expand the Forward Lookup Zones node followed by the firewall.testzone.

2. Right-clickfirewall.test zone and choose Other New Records .

3. On the Resource Record Type window, select Host (A) and clickCreate Record

4. On the New Resource Record window, type webserver001 on the Host text field, type

192.168.2.200 in the IP address text field, check the box next to Create associated pointer

(PTR) record and clickOK.

This tells DNS to create a PTR record in the appropriate reverse lookup zone. And, for

demonstration purposes, it does not matter whether this server actually exists or not.

5. Back at the Resource Record Type window, select Host (A) again and clickCreate Record .

6. On the New Resource Record window, type mailserver001 on the Host text field and type 192.168.3.200 in the IP address text field. Make sure that the check box next to Create

associated pointer (PTR) record is checked and clickOK. A corresponding PTR record will be

created in the appropriate reverse lookup zone.

7. Back at the Resource Record Type window, select Alias (CNAME) and clickCreate Record

.

8. On the New Resource Record window, type www on the Alias name text field, then click

Browse .

9. On the Browse window, double-click the server name, then double-click Forward LookupZones, then double-clickfirewall.test, and finally double-clickwebserver001 . This shouldpopulate the webserver001's fully qualified domain name in the Fully qualified domain name(FQDN) for target host text field. ClickOKafterwards.

10. Back at the Resource Record Type window, select Mail Exchanger (MX) and clickCreateRecord .

11. On the New Resource Record window, clickBrowse , double-click the server name, then

double-click Forward Lookup Zones, then double-click firewall.test, and finally double-click

mailserver001 . This should populate the mailserver001's fully qualified domain name in the

Fully qualified domain name (FQDN) of mail server text field. ClickOKafterwards.

12. Back at the Resource Record Type window, clickDone .


40/40

Conclusion

Our standalone Windows Server 2003 DNS server now has a primary forward lookup zone, aprimary reverse lookup zone, and multiple resource records. As a standard function, it will also

cache the answers to queries that it has already resolved.

Windows 2003 DHCP Server Installation

Documents

Transcript of Windows 2003 DHCP Server Installation