MCSE/MCSA Exam 70-291 Exam Prep: Implementing, Managing, and Troubleshooting DHCP

Date: Apr 6, 2007

Return to the article

DHCP was the Internet community's answer to dynamically distributing IP addresses. This sample chapter examines the basics of DHCP as it applies to systems administrators, and how it can be used to make your life and your network better.

Objectives

Microsoft lists the following objectives for the DHCP portion of the "Implementing, Managing, and Maintaining IP Addressing" section of Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure":

Manage DHCP.

Troubleshoot DHCP.

Outline

Introduction

72

Understanding DHCP

72

DHCP

73

BOOTP

75

What's New with Windows Server 2003 DHCP

75

Configuring and Managing DHCP

77

Installing the DHCP Server Service

77

Understanding DHCP Scopes

79

Understanding DHCP Superscopes

80

Understanding Multicasting and Multicast Scopes

80

Creating a DHCP Scope

82

Configuring Scope Properties

88

Authorizing a DHCP Server in Active Directory

93

Configuring DHCP for DNS Integration

95

Configuring and Implementing a DHCP Relay Agent

99

Configuring Security for DHCP

104

DHCP Server Management and Monitoring

107

Examining the DHCP Server Statistics

107

DHCP Server Backup and Restore

108

Reconciling the DHCP Database

110

Stopping the DHCP Server

110

Configuring Options and Classes

111

Changing the Server State

112

DHCP Server Common Commands

112

Troubleshooting DHCP

115

Troubleshooting DHCP Server Authorization Problems

115

Using the DHCP Logs

120

Troubleshooting DHCP Reservations

123

Troubleshooting the DHCP Relay Agent

124

Chapter Summary

125

Key Terms

125

Apply Your Knowledge

126

Exercises

126

Exam Questions

129

Answers to Exam Questions

134

Suggested Readings and Resources

137

Study Strategies

Introduction

TCP/IP is the de facto standard for computer networking and appears to have no challengers in the networking protocol arena. If you are going to work with Windows Server 2003, you should expect to work with TCP/IP. One of the keys to successfully working with TCP/IP is having an understanding of the concept of TCP/IP addresses. The designers of TCP/IP wanted an identification scheme that was independent of any one computer or network equipment design, so they established a scheme of IP addresses.

If you've ever surfed the Web, you have probably seen IP addresses at one time or another (numbers such as 192.168.144.77). As you administer TCP/IP on a network, a considerable part of your time will be devoted to IP address assignment because IP addresses don't just magically get assigned to network hosts—they have to be provided through manual configuration or some other means. When a computer is added to a network, it needs an IP address to communicate on that network. When the computer moves to a new location, it is likely to need a new IP address. If you are just starting out with managing a large TCP/IP network, you might find the notion of managing all those addresses a bit daunting. If you move a DNS server to a new subnet, you may have to reconfigure every client computer. If you move a client computer to a new subnet, you may have to update its IP address. This does not endear you to road warriors who travel among several offices, especially those who are regional managers. If you manually manage IP addresses, almost any change to the network will require a visit to one or more computers to update TCP/IP configurations—not a happy prospect. Fortunately, the people who brought us DNS to replace the hosts file also came up with a solution to this dilemma.

DHCP was the Internet community's answer to dynamically distributing IP addresses. DHCP is open and standards-based, as defined by the Internet Engineering Task Force (IETF) in their Requests for Comments (RFCs) 2131 and 2132. (The IETF is the main standards organization for the Internet.) This chapter examines the basics of DHCP as it applies to you, the systems administrator, and how you can use it to make your life and your network better.

Understanding DHCP

Public IP addresses are registered with the Internet Assigned Numbers Authority (IANA) so that IANA can keep track of IP addresses that are being used on the Internet. In some cases, a network will not be connected to the Internet and will not need to use registered public IP addresses. In other cases, the network is connected to the Internet with special hardware and software that can be configured to allow the network to use private addresses in conjunction with address translation, commonly referred to as Network Address Translation (NAT). By using NAT, you can (in simple terms) place an entire private network behind a single public IP address. As an example, the organization I work for has over 5,000 hosts on its internal network. When I or anyone else visits a Web site on the Internet, we all appear to be coming from a single IP address. That's NAT in action!

NOTE: What Are RFCs?

RFCs are used to propose changes to existing standards and to help create new standards that specify the way the Internet and IP behave. If an RFC can garner enough interest, it might eventually become a standard. Topics of RFCs range from File Transfer Protocol (FTP; originally RFC 0114 but updated by RFC 0141, RFC 0172, and RFC 0171) to the Hitchhiker's Guide to the Internet (RFC 1118). The first RFC was posted in 1969 by Steve Crocker, and the topic of that document was host software. You can find listings of all the RFCs at a number of sites throughout the Internet. One place is www.rfc-editor.org.

Quite often, systems administrators use private (unregistered) addresses on their internal networks to ensure that there are enough readily available addresses for all users. This model works great on a network that is not tied directly to the Internet. However, with the shortage of Class A and Class B (and even Class C) IP addresses, some environments use small pools of registered addresses to service larger numbers of DHCP clients; the idea is that not every client computer would need access simultaneously. These environments require aggressive leasing policies to ensure that everyone can get an address.

In addition to IP addresses, DHCP can also provide gateway addresses, DNS server addresses, and Windows Internet Name Service (WINS) server addresses—in essence, everything the client computer needs to participate in the network. This means that all available IP addresses can be stored in a central database, along with associated configuration information, such as the subnet masks, gateways, and addresses of DNS servers.

DHCP

DHCP provides the mechanism for dynamically distributing IP addresses on a network—but it doesn't happen magically. Here's how a client computer gets an address:

  1. After boot up, the client computer broadcasts a DHCPDISCOVER message that is intended for the DHCP server(s) on the network. If a router sits between the DHCP server and the client, it needs to be configured with the IP address of the DHCP server as well as be configured to forward BOOTP. BOOTP is discussed in the next section, "BOOTP."
  2. Each DHCP server that receives the DHCPDISCOVER message responds with a DHCP offer message. That message includes an IP address that is appropriate for the subnet where the client computer is attached. The DHCP server determines the appropriate address by looking at the source subnet for the broadcast DHCPDISCOVER message.
  3. The client computer considers the offer messages and selects one (usually the first offer it receives). It sends a request (DHCPREQUEST) to use the address to the DHCP server that originated the offer. If there are multiple DHCP servers, they need to be carefully configured. It is easy to inadvertently configure servers and end up with them conflicting, so it is important if you have multiple DHCP servers on a network that they do not have the capability to offer duplicate IP addresses. Because DHCP servers do not communicate with one another, they have no way of telling whether an address has already been issued by another DHCP server.
  4. The DHCP server acknowledges the request and grants the client computer a lease to use the address.
  5. The client computer uses the IP address to bind to the network. If the IP address is associated with any configuration parameters, the parameters are incorporated into the client computer's TCP/IP configuration.
  6. For the first renewal of the IP address, when 50 percent of the configured lease time has elapsed, the client sends another DHCPREQUEST message to the DHCP server that granted its lease, asking to renew and extend its current lease. All subsequent lease renewal will be at 75 percent.
  7. If the DHCP server is reachable, it responds with a DHCPACK message to the client, renewing and extending the DHCP lease as requested.
  8. If the DHCP server is not reachable, the client continues trying to reach it until 87.5 percent of the lease time has elapsed. At this point, the client attempts to renew its lease with any DHCP server that responds. If this is unsuccessful, the client starts the process of acquiring a new DHCP lease.

Exam Alert: DHCP Solitude

Be sure to remember that DHCP servers do not communicate with one another, therefore they have no way of telling whether an address has already been issued by another DHCP server. It is for this reason that you will never create identical DHCP scopes on multiple DHCP servers.

The first step of this process indicates that DHCP clients request their addresses by using broadcast messages. If you are familiar with routing, particularly TCP/IP routing, you are probably familiar with the fact that one of the benefits of routing is that the router segregates broadcast domains. In other words, broadcasts do not generally cross routers. Does that mean that DHCP works only on the local segment and you need 50 DHCP servers for 50 subnets? No, that is not the case, not if you configure your routers or other Windows Server 2003 computers to act as DHCP relay agents.

Configuring a router or server as a DHCP relay agent causes it to begin using BOOTP. BOOTP was the precursor to DHCP, and it was the first protocol used to assign IP addresses dynamically. BOOTP was specially designed to pass across a router, and it continues to be used to allow DHCP broadcasts to propagate across routers. You'll learn about the installation and configuration of DHCP relay agents later in this chapter, in the section "Configuring and Implementing a DHCP Relay Agent."

BOOTP

Before we discuss installing and configuring the DHCP service in Windows Server 2003, a brief discussion about BOOTP is necessary. A number of DHCP's features had their beginnings in BOOTP. BOOTP was originally designed in 1985 by Bill Croft and John Gilmore to automate the configuration of network devices. To use BOOTP, the systems administrator must create a table with a list of client computers, their IP addresses, and network configurations. When a client computer comes on to the network, it broadcasts a request that the BOOTP server receives. The BOOTP server looks up the client computer in the table and responds with the configuration information stored in the table, allowing the client computer to communicate on the network.

Because BOOTP worked well, it was used extensively in the early 1990s in conjunction with diskless workstations. (A BOOTP chip was a common option on a network interface card [NIC], and many networks thrived on BOOTP.) The downside of BOOTP was that it provided only the configuration information entered in the table. The administrator still needed to configure the table. The limitations of BOOTP effectively prevented any automation of these tasks, so it was eventually replaced with DHCP. BOOTP and DHCP packets look virtually identical, and DHCP even takes advantage of the BOOTP forwarder functionality of many routers and switches. DHCP offers the automation features BOOTP was lacking.

Now that we've completed the history lesson, you should have a pretty good understanding of the theory of DHCP. Before moving on to the workings of DHCP in Windows Server 2003, let's examine the new DHCP features that Windows Server 2003 provides.

What's New with Windows Server 2003 DHCP

DHCP is not a new service in Windows Server 2003, but it has undergone some changes from both Windows 2000 and Windows NT 4.0. The following list summarizes some of the major changes in DHCP in Windows Server 2003, as compared to Windows 2000 Server and Windows NT 4.0:

Now that we've briefly examined the improvements made in the DHCP service in Windows Server 2003, we can talk about configuring and implementing it on the network.

Configuring and Managing DHCP

The first question many managers ask when presented with a request to install Windows Server 2003 DHCP is this: "Can't we just use our existing DHCP?" The answer to this question is both yes and no. If you are maintaining a legacy domain and WINS network, Windows Server 2003 can receive DHCP information from any DHCP server with which Windows NT 4.0 or Windows 2000 works. However, if you want to take advantage of the features of Active Directory and migrate away from the legacy WINS architecture, you need the Windows Server 2003 DHCP service.

The following sections discuss how to install and configure DHCP for a network.

Installing the DHCP Server Service

When you install Windows Server 2003, you have the ability to install DHCP as one of the optional services. To prepare for Exam 70-291, you need to know how to install DHCP on an existing server that does not already have DHCP installed.

NOTE: A DHCP Server Cannot Also Be a DHCP Client

If you currently have a server configured as a DHCP client, the DHCP installation will prompt you to enter a static IP address for the server.

Before you install DHCP, you must configure the server with a static IP address, as discussed in Chapter 1, "Configuring and Troubleshooting TCP/IP Addressing." After the DHCP server's network adapter is configured with a static IP address, you can go about the process of installing the DHCP service onto the server. To install the DHCP service on your server, perform the steps described in Step by Step 2.1.

Step By Step 2.1 Installing the DHCP Service

  1. Select Start, Settings, Control Panel, Add or Remove Programs.
  2. On the Add or Remove Programs page, click Add/Remove Windows Components to open the Windows Components Wizard.
  3. Select Networking Services, as shown in Figure 2.1.

    Figure 2.1 DHCP is located in the Networking Services group in the Windows Component Wizard.

  4. Click the Details button to open the Networking Services window, shown in Figure 2.2.
  5. Select Dynamic Host Configuration Protocol (DHCP) and click OK.

    Figure 2.2 You select the Dynamic Host Configuration Protocol (DHCP) option to install the DHCP server.

  6. Back in the Windows Components Wizard page, click Next to begin the installation.
  7. If you are prompted to supply the location of your Windows Server 2003 CD-ROM or installation files, provide the correct location. Windows installs the DHCP service files on your computer.
  8. When prompted that installation is complete, click Finish to close the Windows Components Wizard.

After you've installed the DHCP service, you next need to begin configuring the DHCP server so that it can service network clients. Before you can begin the configuration process, you first need to get an understanding of the types of DHCP scopes in Windows Server 2003.

Understanding DHCP Scopes

A scope is a range of IP addresses that are available for dynamic assignment to hosts on a given subnet. The scope for a particular subnet is determined by the network address of the broadcast DHCP request. In addition to address information, a scope can include a set of configuration parameters to be assigned to client computers when the address is assigned. This list of configuration parameters can include DNS servers, WINS servers, default gateways, the subnet mask, a NetBIOS scope ID, IP routing information, and WINS proxy information.

You should make the scope as large as you can. Later in the scope-creation process, you have the ability to exclude addresses, and you can also define reservations for particular addresses that exist within the scope.

NOTE: At Least One Scope

After you install the DHCP service, you must define at least one scope on the server. Otherwise, the service will not respond to DHCP requests.

Exam Alert: Planning for Redundancy

Although most of the examples in this chapter assume that you have only one DHCP server on the network, that is most often not the case. The discussion here is oriented this way to help you get the important knowledge down without adding any confusion.

In reality, you will want to have two or three or perhaps even more DHCP servers to service clients. Let's examine, for example, a situation in which you have two DHCP servers servicing network clients. The network has these two DHCP scopes configured with IP addresses: 192.168.50.10-192.168.50.169 and 192.168.51.10-192.168.51.169. Your first thought might be to just place one complete IP address range on each server. This would not be the best solution, however.

For redundancy and protection in the event that disaster strikes, you should place a portion of each IP address range on each DHCP server. You should consider using either the 80/20 or the 70/30 rule (the most common DHCP distribution methods in use today). If you used the 80/20 rule, you would create a scope on the first DHCP server with 80 percent of the first IP address range (192.168.50.10-192.168.50.127) and another scope with 20 percent of the second IP address range (192.168.51.128-192.168.51.169). You would then create a scope on the second DHCP server with 80 percent of its IP address range (192.168.51.10-192.168.51.127) and a second scope with 20 percent of the other IP address range (192.168.50.128-192.168.50.169).

This design prevents the failure of one DHCP server from completely preventing network clients from obtaining DHCP leases and accessing network resources. In addition, you can cluster DHCP servers to provide another form of redundancy in even larger networks.

Understanding DHCP Superscopes

The superscope type of scope was introduced to the Windows NT product family with Service Pack 2 for Windows NT 4.0. A superscope allows you to support a supernetted or multinetted network with a Windows Server 2003 DHCP server.

A supernetted network is a network that has multiple network addresses or subnets running on the same segment. This configuration is common in a network environment with more than 254 hosts on a subnet and in an environment in which certain hosts need to be isolated from the rest of the logical network for security or routing reasons. Superscopes support a local multinet or a multinet that is located across a router and configured to use the BOOTP forwarder service.

When to Use Supernetting

Visualize a large company that has been assigned the IP address block 198.142.1.0-198.142.6.254 by its ISP. The company occupies five floors in a building. On each of these floors are approximately 300 users, all on the same physical network. Traditional network design would have a routed backbone running between the floors, and each floor would be its own IP network. But there's one problem: There are too many users on these floors to be handled by a single Class C subnet. What are the alternatives?

You could place a router somewhere on each of the floors to further segment the network. This is an expensive and support-intensive solution and is generally considered to be impractical.

You could purchase a block of Class B addresses, but this could get costly and is generally very wasteful.

The last thing you could do is place multiple IP networks on the single-routed segment. In other words, you could create a supernet. This capability is supported by any of the routers on the market today, including the operating system-based routing services in Windows Server 2003, Novell NetWare, and any of the Unix flavors. So when you think about a supernet, think about a floor in a building with too many users for 254 IP addresses.

Understanding Multicasting and Multicast Scopes

Multicasting is the act of transmitting a message to a select group of recipients. This is in contrast to the concept of a broadcast, in which traffic is sent to every host on the network, or a unicast, in which the connection is a one-to-one relationship and there is only one recipient of the data.

Let's look at an example using an email message. If you send an email message to your manager, that email is a unicast message. If you send an email message to every user on the system, you have sent a broadcast. If you send an email message to a mailing list, you have sent a multicast message, which falls between a unicast message and a broadcast message. Teleconferencing and videoconferencing use the concept of multicasting, as does broadcast audio, in which the connection is from one source computer to a selected group of destination computers. At this time, only a few applications take advantage of multicasting, but with the growing popularity of multicast applications, we might see more multicast applications in the future.

The following are a few terms you need to understand before we discuss the Windows Server 2003 multicast capabilities:

Windows Server 2003 makes use of the concept of a multicast scope. The DHCP service has been extended to allow the assignment of multicast addresses in addition to unicast (single-computer) addresses. A proposed IETF standard (RFC 2730), Multicast Address Dynamic Client Allocation Protocol (MADCAP), defines multicast address allocation. MADCAP (also known as MDHCP in Microsoft lingo) would allow administrators to dynamically allocate multicast addresses to be assigned in the same fashion as unicast addresses. The Windows Server 2003 DHCP multicasting capability also supports dynamic membership, which allows individual computers to join or leave a multicast group at any time. This is similar to registering to receive an Internet broadcast or joining and leaving an email mailing list. Group membership is not limited by size, and computers are not restricted to membership in any single group.

How do client computers join and leave a multicast group? The answer is via MDHCP and the MDHCP application programming interface (API). Client computers using MDHCP must be configured to use the MDHCP API. MDHCP assists in simplifying and automating configuration of multicast groups on a network, but it is not required for the operation of multicast groups or for the DHCP service. Multicast scopes provide only address configuration and do not support or use other DHCP-assignable options. MDHCP address configuration for client computers should be done independently of how the client computers are configured to receive their primary IP addresses. Computers using either static or dynamic configuration through a DHCP server can also be MDHCP clients.

Exam Alert: Class D IP Addresses for the Multicast Scope

Remember that along with a primary IP address, a computer receives a multicast address, and that address is for multicasts only and uses the Class D IP addresses specified in the multicast scope. Multicast addresses are not used for regular network traffic such as Web traffic or other IP-based applications.

Now that you have knowledge of the different types of scopes supported in Windows Server 2003, you can move forward to creating scopes on a DHCP server.

Creating a DHCP Scope

Objective:

Manage DHCP.

Now that you are familiar with the different types of scopes, you can create one. To create a standard DHCP scope, you perform the steps described in Step by Step 2.2.

Exam Alert: Preparing Before Performing

Before you actually start to create a DHCP scope, you should ensure that you have gathered all required information. You typically need the starting and ending IP addresses, the subnet mask, the DNS server IP address, and the gateway IP addresses.

Step By Step 2.2 Creating a DHCP Scope

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select New Scope from the context menu.
  3. Click Next to dismiss the opening page of the New Scope Wizard.
  4. On the first page of the wizard, the Scope Name page, enter a name and description for the new scope, as shown in Figure 2.3. You should make this name something that will allow you to easily identify this scope in the event that you have multiple scopes on the DHCP server. When you're done entering the information, click Next to continue.

    Figure 2.3 You should enter an intuitive name and description for the new scope.

  5. On the next page of the wizard, the IP Address Range page, enter the IP address range and subnet mask that you need for the network, as shown in Figure 2.4. You can define the subnet mask by using the standard octet method (for example, 255.255.255.0) or by using the more router-centric mask length field (for example, 24 bits). When you're done entering the information, click Next to continue. If you need a refresher on subnet masks, refer to Chapter 1.

    Figure 2.4 Configuring the IP address range and subnet mask information defines the scope boundaries.

  6. On the next page of the wizard, the Add Exclusions page (see Figure 2.5), you can configure a range of IP addresses that will not be leased to client computers. These are typically addresses assigned to application servers, routers, printers, or other infrastructure equipment that requires static addresses. You can have multiple excluded IP addresses or ranges for each scope. When you're done entering the information, click Next to continue.

    Figure 2.5 Configuring IP address exclusions allows you to prevent addresses within the scope from being leased out.

  7. On the next page of the wizard, the Lease Duration page, you can configure the amount of time for which a DHCP lease is valid, as shown in Figure 2.6. The default setting is 8 days and can be changed to any value between 1 minute and almost 1,000 days (999 days, 23 hours, 59 seconds, to be exact). For the average network, the default setting of 8 days is sufficient. In a network that has a large number of computers connecting at various locations, such as portable computers on wireless connections, you might want to reduce the lease duration. Conversely, in a network with clients that do not change location, you might consider increasing the lease duration to cut down on DHCP traffic on the network. When you're done entering the information, click Next to continue.

    Figure 2.6 You should configure the lease duration that seems appropriate for the network.

  8. On the next page of the wizard, the Configure DHCP Options page, you are given the choice to configure additional options for your scope now or later. It is usually best to configure these options at the time of scope configuration, and thus you should do that now. Table 2.1, later in this chapter, presents the entire list of DHCP scope options that can be configured, although you will only be able to configure three of them at this time. Select Yes, I want to Configure These Options Now and click Next to continue.

    Table 2.1. Common DHCP Scope Options

    Code

    Option Name

    Option Description

    2

    Time Offset

    Specifies the offset of the client's subnet in seconds from UTC.

    3

    Router

    Specifies a list of IP addresses for routers on the client's subnet.

    4

    Time Server

    Specifies a list of RFC 868 time servers available to the client.

    5

    Name Servers

    Specifies a list of name servers available to the client.

    6

    DNS Servers

    Specifies a list of DNS servers available to the client.

    9

    LPR Servers

    Specifies a list of RFC 1179 line printer servers available to the client.

    15

    DNS Domain Name

    Specifies the domain name that the client should use when resolving hostnames via DNS.

    27

    All Subnets Are Local

    Specifies whether the client can assume that all subnets of the IP network to which the client is connected use the same MTU as the subnet of the network to which the client is directly connected.

    28

    Broadcast Address

    Specifies the broadcast address in use on the client's subnet.

    44

    WINS/NBNS Servers

    Specifies a list of RFC 1001/1002 NBNS servers, listed in order of preference.

    46

    WINS/NBT Node Type

    Allows NetBT clients, which can be configured as described in RFC 1001/1002.

    47

    NetBIOS Scope ID

    Specifies the NetBT scope parameter for the client, as specified in RFC 1001/1002.

    NOTE: Options Levels

    You can configure DHCP options at four different levels for each DHCP server:

    • Server options—These are DHCP options that are applied, by default, to all scopes on the DHCP server.
    • Scope options—These are DHCP options that are applied only to the specific scope on the DHCP server. When a scope option conflicts with a server option, the scope option wins and that value is made a part of the scope. If the conflicting scope option is later removed, the server option once again becomes effective in the scope.
    • Class options—These are DHCP options that are applied only to clients identified as members of specified user or vendor classes.
    • Reservation options—These are DHCP options that are applied only to a single specific computer.
  9. On the next page of the wizard, the Router (Default Gateway) page, enter the default gateway for the network or the subnet that the scope serves, as shown in Figure 2.7. When you're done entering the information, click Next to continue.

    Figure 2.7 If you configure multiple gateways, you need to ensure that you place them in preferred order from top to bottom.

  10. On the next page of the wizard, the Domain Name and DNS Servers page, configure the parent domain of which all DHCP clients should be made part as well as any number of DNS servers you require, as shown in Figure 2.8. It is recommended that you enter at least two DNS servers for your clients to use. If you need to resolve a server name to an IP address, you can enter the server's name and then click the Resolve button. Configuring the DNS service is discussed in Chapter 3, "Implementing and Managing DNS." When you're done entering the information, click Next to continue.

    Figure 2.8 If you configure multiple DNS servers, you should ensure that you place them in preferred order from top to bottom.

  11. On the next page of the wizard, the WINS Servers page, enter the IP addresses of the network's WINS servers, as shown in Figure 2.9. WINS servers are used to convert NetBIOS names to IP addresses for legacy clients on the network. As in the Domain Name and DNS Servers page, you can use the Resolve button to resolve a hostname to an address. If a network is purely Windows 2000 or better, you do not need to have a WINS server on the network because Windows 2000, Windows XP, and Windows Server 2003 use DNS by default for all name resolutions. If you do have the need for WINS servers on a network, it is recommended that you enter at least two of them here. When you're done entering the information, click Next to complete the scope creation process.

    Figure 2.9 WINS servers are not required for networks that use only Windows 2000, Windows XP, or Windows Server 2003 computers.

  12. On the next page of the wizard, the Activate Scope page (see Figure 2.10), you are given the option to active the configured scope now or later. In most cases you want to activate the scope right away. Select Yes, I Want to Activate This Scope Now and click Next to activate the configured scope.

    Figure 2.10 You typically want to activate the scope immediately after configuring it.

  13. Click Finish to close the New Scope Wizard. Note that the DHCP won't issue any IP address from your new scope unless it has already been authorized in Active Directory, which we discuss a little bit later in this chapter.

NOTE: Configuring Scope Ranges

The common practice when configuring a new DHCP scope is to configure it and leave out enough addresses to cover all servers and other infrastructure devices that require statically assigned IP information without needing all the other options provided in a DHCP scope, such as DNS servers, WINS servers, and default gateways. For example, you might configure a scope of 192.168.0.10-192.168.0.200, with the remaining IP addresses available for servers, routers, switches, and other infrastructure equipment on that subnet. This practice prevents the possibility of forgetting a configured reservation and ending up with duplicate IP addresses.

Exam Alert: When to Use the New Multicast Scope Option

Creating a new scope and creating a new multicast scope are two different tasks. If you get a question on the exam regarding the procedure for creating a multicast scope, remember that you need to start the process by selecting New Multicast Scope, not New Scope.

Configuring Scope Properties

Objective:

Manage DHCP.

After you've created a scope, you might want to modify its properties. To modify a scope's properties, you perform the steps described in Step by Step 2.3.

Note: Changing Scope Properties

It's worth it to point out that you cannot change every option a scope has. For example, if you need to change the subnet mask that DHCP clients are receiving as part of their DHCP lease, you'll need to create a new DHCP scope reflecting this change and then remove the existing DHCP scope. Clients will then get the new information when they renew their lease the next time.

Step By Step 2.3 Configuring a DHCP Scope's Properties

  1. Right-click the scope and select Properties from the context menu.
  2. The Properties dialog box opens, as shown in Figure 2.11.

    Figure 2.11 You can use the Scope Properties dialog box to change scope properties after you create a scope.

  3. On the General tab, change the scope name, IP address range, lease duration, and scope description if you want to.
  4. If you want to change the options on the DNS tab, do so now. The options on the DNS tab are discussed later in this chapter, in the section "Configuring DHCP for DNS Integration."
  5. On the Advanced tab, select options related to BOOTP clients, as shown in Figure 2.12. If you have BOOTP clients on your network, select either the BOOTP Only option or the Both option, depending on your network configuration. The default setting is DHCP Only. Click OK to close the Scope Properties dialog box after you make your changes.

    Figure 2.12 You can configure the scope to service BOOTP clients on the Advanced tab of the Scope Properties dialog box.

  6. To view the address pool and configured exclusion ranges, click the Address Pool node of the DHCP console, as shown in Figure 2.13.

    Figure 2.13 You can quickly view all configured scope ranges and exclusion ranges from the Address Pool node.

  7. To add a new exclusion range, right-click Address Pool and select New Exclusion Range from the context menu. The Add Exclusion window appears (see Figure 2.14). Click Add after you enter your new exclusion range.

    Figure 2.14 You can add a new exclusion range to a configured DHCP scope by using the Add Exclusion dialog box.

  8. To view the addresses that have been leased, click the Address Leases node, as shown in Figure 2.15. (Of course there won't be any leases shown here until you authorize the DHCP server, as discussed later in this chapter, in the section "Authorizing a DHCP Server in Active Directory.")

    Figure 2.15 You can view all active scope leases from the Address Leases node.

  9. If you want to manually revoke an active client lease, right-click it in the right pane of the Address Leases node and select Delete from the context menu.
  10. To view the configured reservations, click the Reservations node of the DHCP console.
  11. You can configure a new address reservation by right-clicking Reservations and selecting New Reservation from the context menu. You can configure a reservation for any device that you want to have a DHCP-assigned IP address that never expires. Configure the reservation as shown in Figure 2.16 and click Add to add it. Click Close to close the New Reservation input box after you're done configuring reservations for this scope. After you've configured a reservation, you can see it in the Reservations node of the DHCP console, as shown in Figure 2.17.
  12. You can view existing scope options by clicking the Scope Options node, as shown in Figure 2.18.

    Figure 2.16 You can configure a new DHCP reservation, which is typically done for printers and other static infrastructure devices.

    Figure 2.17 You can view all scope reservations from the Reservations node.

    Figure 2.18 The Scope Options node lists all currently configured scope options.

  13. To configure a new scope option, right-click the Scope Options node and select Configure Options from the context menu. Configure the options in the Scope Options window (see Figure 2.19). Table 2.1 lists the common DHCP options available for configuration. Table 2.2 explains the Microsoft-specific DHCP options that are available for configuration.

    Figure 2.19 You can configure extra scope options from the Scope Options dialog box.

Exam Alert: Configuring Server Options

You can configure server-wide DHCP options as mentioned in Step by Step 2.3. To configure server DHCP options that apply to all scopes on the DHCP server, right-click the Server Options node in the DHCP console and select Configure Options from the context menu.

Some of the more common DHCP scope options are presented in Table 2.1.

There is a provision in DHCP for manufacturer-specific DHCP options to be configured. You can select these options by opening the DHCP management console and selecting the scope for which to configure options, as described in Step by Step 2.3. Selecting the Advanced tab allows you to select Microsoft Options from the drop-down list in the Vendor Class window. Table 2.2 shows the manufacturer options that are defined by Microsoft.

Table 2.2. Microsoft-Specific DHCP Options

Code

Option Name

Option Description

1

Microsoft Disable NetBIOS

This option can be used to selectively enable or disable NetBT for DHCP-enabled computers running Windows.

2

Microsoft Release DHCP Lease on Shutdown

This option can be used to control whether DHCP-enabled computers running Windows send a release for their current DHCP lease to the DHCP server when shutdown occurs.

3

Microsoft Default Router Metric Base

This value is a specified router metric base to be used for all default gateway routes.

Authorizing a DHCP Server in Active Directory

For security reasons, a new DHCP server must be authorized in Active Directory before it can assign IP addresses by an administrator with Enterprise Admin credentials. This prevents unauthorized DHCP servers from running on the network. One of the nastiest things a troublemaker can do is to put up a rogue DHCP server and have it issue addresses that conflict with infrastructure devices' addresses. The nice thing about this feature is that if you are running Windows 2000 or better client computers and they are using Active Directory, the computers will not accept DHCP addresses from an unauthorized server. To authorize a DHCP server in Active Directory, you perform the steps described in Step by Step 2.4.

Step By Step 2.4 Authorizing a DHCP Server in Active Directory

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select Authorize from the context menu.
  3. The authorization process might take some time, depending on network conditions. Refresh the DHCP console by pressing F5, and you should see the window shown in Figure 2.20. When authorization is complete, the status is shown as Active and the server is ready to issue addresses when it receives DHCP requests. Note also that the status arrow on the server itself is now pointing up instead of down as before.

    Figure 2.20 When a DHCP server is authorized, DHCP server scope information shows up in the right pane of the DHCP console window.

Windows Server 2003 and Windows 2000 Server DHCP servers that are not authorized do not provide DHCP services to network clients. These unauthorized servers also check every five minutes to see if their authorization status has changed, thus allowing them to begin servicing clients.

You have now installed, configured, and authorized a Windows Server 2003 DHCP server. We next examine configuring DHCP for DNS integration.

Configuring DHCP for DNS Integration

One of the keys to effectively implementing an Active Directory environment is the capability for Windows 2000 and Windows XP workstations using DHCP to be automatically registered in DNS. You can set the following settings for DNS integration (see Step by Step 2.5):

NOTE: New Group Policy Object Options

Although it is beyond the scope of Exam 70-291, you can also configure the DNS options discussed here from Group Policy. The options are located in the Computer Configuration, Administrative Templates, Network, DNS Client node.

Because DNS dynamic updating is controlled by the DHCP server, you will need to perform all of the applicable DNS configuration from the DHCP console. The DHCP server automatically updates any DNS server configured as part of the server's TCP/IP network properties. It is important to be sure that the primary DNS server is configured as one of the DNS servers because any updates sent to it will be propagated to the rest of the DNS servers for that domain. However, the DNS server in question must support DDNS. DNS is discussed in more detail in Chapter 3. The Windows Server 2003 DNS server supports these updates, as do a number of other DNS servers.

To configure a DHCP server for DNS integration, you perform the steps described in Step by Step 2.5.

Step By Step 2.5 Configuring DHCP for DNS Integration

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select Properties from the context menu. Select the DNS tab of the DHCP Server Properties dialog box, as shown in Figure 2.21.

    Figure 2.21 You can configure DDNS options on the DNS tab.

  3. To enable DHCP integration with DNS, ensure that the Enable Dynamic DNS Updates According to the Settings Below check box is selected.
  4. Select to have the DHCP server update A and PTR records when requested or to always update A and PTR records.
  5. To help keep the DNS database clean and consistent, allow the DHCP server to cause expired leases to lead to A and PTR record deletion.
  6. If there are legacy clients on the network, ensure that dynamic updating is configured for them.
  7. If you are using secure dynamic updates, you should consider configuring a dedicated network user account for dynamic updating. You can enter the account credentials by switching to the Advanced tab of the DHCP Server Properties dialog box, as shown in Figure 2.22.

    Figure 2.22 You need to click the Credentials button to enter the account username and password for DDNS.

  8. Click the Credentials button to open the DNS dynamic update credentials window, which is shown in Figure 2.23.

    Figure 2.23 You need to enter the dynamic updates account credentials on the DNS dynamic update credentials dialog box.

  9. Enter the domain user account name, domain, and password in the DNS dynamic update credentials dialog box. Click OK to accept the credentials or Cancel to avoid entering credentials at this time.
  10. Click OK to close the DHCP Server Properties dialog box.

DHCP option code 81 is required in order to make dynamic update work. Let's look at two examples that explain the basic dynamic update process.

The first example looks at a Windows 2000 Professional client computer that has requested a DHCP lease from a Windows Server 2003 DHCP server configured with the default options:

  1. During the DHCP lease negotiation process, the Windows 2000 Professional client sends a DHCPREQUEST message. By default, the client includes DHCP option 81 in this message, informing the DHCP server that it is requesting that its PTR record be registered in DNS by the DHCP server. The client will be responsible for registering its A record on its own.
  2. The DHCP server replies with a DHCPACK message, granting the requested DHCP lease. This message includes DHCP option 81. With the default DHCP server settings, the DHCP server informs the client that it will register the PTR record and that the client will be responsible for registering the A record in DNS.
  3. The client registers its A record, and the DHCP server registers the client's PTR record in DNS.

The second example looks at a Windows NT 4.0 Workstation client computer that has requested a DHCP lease from a Windows Server 2003 DHCP server configured with the default options:

  1. During the DHCP lease negotiation process, the Windows NT 4.0 Workstation client sends a DHCPREQUEST message. DHCP option 81 is not included in this message.
  2. The server returns a DHCPACK message to the client, granting its DHCP lease request.
  3. The DHCP server updates the DNS server with the client's A and PTR records.

Exam Alert: DHCP and DNS

It is important to remember that Windows 2000 and Windows XP client computers update the A records in DNS without any assistance from the DHCP server. The only client computers for which DHCP updates DNS are older legacy clients.

CAUTION: DDNS Updates and Domain Controllers

To perform DDNS updates, you should not configure the DHCP service on a computer that is also a Domain Controller. If a DHCP server exists on a domain controller, the DHCP server has full control over all DNS objects stored in Active Directory because the account under which it is running (the domain controller computer account) has this privilege. This creates a security risk that should be avoided. You should not install the DHCP server service that is configured to perform DDNS updates on a domain controller; instead, you should install it on a member server if you're performing DDNS updates.

As an alternative, you can use a new feature in Windows Server 2003 DHCP. This feature allows you to create a dedicated domain user account that all DHCP servers will use when performing DDNS updates.

Configuring and Implementing a DHCP Relay Agent

Objective:

Manage DHCP.

Today, most networks that use DHCP are routed. As discussed previously, DHCP messages are broadcast messages. By default, nearly all routers do not pass broadcast traffic in the interest of reducing overall network traffic levels. Fortunately, you can get around this design limitation by configuring a DHCP relay agent to pass BOOTP messages across routers.

There are three basic configurations in which you can set up a DHCP relay agent. The first involves entering the IP address or addresses of the DHCP server(s) into the router itself, instructing it to pass DHCP messages to a specified IP address for action. The second method involves using the Windows Server 2003 Routing and Remote Access Service (RRAS) component as a router (in the place of a hardware-based router) and configuring the DHCP relay agent within it. The third solution, and the one that we examine in this section, is to use a Windows Server 2003 computer located on a subnet without a DHCP server to act as a DHCP relay agent. This option requires the use of the RRAS components, but it does not involve the creation or configuration of a router as the second solution would. What's important to understand is that the server providing the DHCP relay agent service does not have to be dedicated to that purpose; it could be a file server, print server, or any other type of Windows Server 2003 (or Windows 2000 Server) server on that subnet. Figure 2.24 shows how this arrangement would look on a network.

Figure 2.24 The DHCP relay agent allows clients on the other side of a router to communicate with the DHCP server.

Exam Alert: DHCP Relay Agent

Recall that the DHCP relay agent is needed only to help pass DHCP traffic across a router that otherwise cannot pass that traffic. As such, the server acting as the relay agent is not going to be the same server providing DHCP and will be located on the subnet on the other side of the router in question. Referring back to Figure 2.24, the DHCP server is located on subnet A whereas the DHCP relay agent is located on subnet B.

In Step by Step 2.6, you enable the DHCP relay agent on a Windows Server 2003 computer. This exercise assumes that you have not previously configured and enabled RRAS on the computer.

Step By Step 2.6 Configuring a DHCP Relay Agent

  1. Select Start, Programs, Administrative Tools, Routing and Remote Access to open the Routing and Remote Access console, which is shown in Figure 2.25. (If you've previously configured and enabled RRAS, you can skip to Step 7.)

    Figure 2.25 The Routing and Remote Access console is initially empty.

  2. Right-click the server name and select Configure and Enable Routing and Remote Access from the context menu. The Routing and Remote Access Server Setup Wizard appears. Click Next to dismiss the opening page.
  3. On the Configuration page of the wizard, shown in Figure 2.26, select the Custom Configuration option and click Next to continue.
  4. On the Custom Configuration page of the wizard, shown in Figure 2.27, select the LAN routing option and click Next to continue.
  5. When the summary page is displayed, review your selections and then click Finish to continue.
  6. You are prompted to start RRAS. Click Yes to start the service.
  7. Back at the Routing and Remote Access console, expand the following nodes: Routing and Remote Access, ServerName, IP Routing, and General, as shown in Figure 2.28.

    Figure 2.26 You need to specify a custom configuration in order to perform a basic DHCP relay agent setup.

    Figure 2.27 The LAN routing option is the bare minimum you need to support later installation of the DHCP relay agent.

    Figure 2.28 You need to add the DHCP relay agent from the General node.

  8. Right-click the General node and select New Routing Protocol from the context menu. This opens the New Routing Protocol dialog box.
  9. From the New Routing Protocol dialog box, shown in Figure 2.29, select DHCP Relay Agent. Click OK to confirm your configuration.

    Figure 2.29 You can add the DHCP relay agent in addition to standard IP routing protocols.

  10. To select a network interface for the DHCP relay agent to run on, right-click the DHCP Relay Agent node in the RRAS console and select New Interface from the context menu.
  11. On the New Interface for DHCP Relay Agent page, shown in Figure 2.30, select the network interface that you want to be available for the DHCP relay agent. Click OK to continue. The DHCP Relay Properties dialog box, shown in Figure 2.31, opens.

    Figure 2.30 You need to select one or more installed network adapters for use by the DHCP relay agent.

    Figure 2.31 You need to configure the maximum hop count and length of delay time for the DHCP relay agent.

  12. In the DHCP Relay Properties dialog box, configure the required values for hop-count threshold and boot threshold. The default value for each of them is 4. Click OK to confirm your settings.
  13. The last configuration you need to perform is to assign the DHCP server IP addresses to which the DHCP relay agent forwards DHCP messages. Right-click the DHCP Relay Agent node in the RRAS console and select Properties to open the DHCP Relay Agent Properties dialog box, which is shown in Figure 2.32. Enter one or more remote DHCP servers into the list and click OK to confirm your settings.

Figure 2.32 You need to provide one or more remote DHCP servers to which the DHCP relay agent can forward DHCP messages.

Exam Alert: DHCP Relay Agent Options

The Hop-Count Threshold option allows you to configure a value for the maximum number of DHCP relay agents that are allowed to handle DHCP-relayed traffic. The maximum value is 16 hops—meaning that you can have only 16 DHCP relay agents (typically on different connected subnets) between a client and a DHCP server.

The Boot Threshold option allows you to specify how long the DHCP relay agent waits before forwarding DHCP messages. By configuring DHCP relay agents with different values, you can establish one that is to respond first and then one or more DHCP relay agents that are to forward DHCP messages if required.

Configuring Security for DHCP

Although there are no administrative tasks that outwardly appear that they will help secure your DHCP infrastructure, there are some best practices and other actions that you can follow that will provide a more secure (and thus, more reliable) DHCP implementation in your environment. We briefly examine them here:

Figure 2.33 DHCP audit logging is enabled from the General tab of the DHCP server Properties dialog box.

Exam Alert: Clusters?

The topic of configuring and managing server clusters using Windows Server 2003 is one that is beyond the scope of the 70-291 exam, so don't worry about it if you're not all that knowledgeable about them right now. We do examine clustering in detail in the MCSE 70-293 Exam Prep: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure by Will Schmied in preparation for that exam, so rest at ease.

Challenge

You are the systems administrator for NR Widgets, Inc., a computer manufacturing company. NR Widgets, Inc., is just about to migrate to a purely Windows Server 2003 environment. You have two user networks—Sales and Engineering—and a corporate backbone network where all servers and other key infrastructure equipment are located.

The Sales network has more than 400 users and is multinetted to provide an adequate number of addresses for everyone. The Engineering network has only 75 users, but that network also contains a number of printers, plotters, and test equipment, so there are only 40 addresses for the users' computers. The users work three shifts in Engineering, with 25 engineers working each shift.

A major brand router separates the two user networks from each other and also from your corporate backbone. The multinetted Sales network has been implemented using a major brand switch configured to create Virtual Local Area Networks (VLANs).

Today, all of the hosts use static addresses, which works okay for the Sales network, but it means that to avoid IP address resolution problems, the engineers have to be careful about which computers are left connected to the network. Yesterday your manager suggested, "While you're migrating to Windows Server 2003, why don't you fix the IP address problems on the network?"

Your task is to implement a DHCP solution for NR Widgets, Inc., to eliminate the need to manually assign static IP addresses to the Sales and Engineering networks.

Try to complete this exercise on your own, listing your conclusions on a sheet of paper. After you have completed the exercise, compare your results to those given.

Answers

Some key questions to which you will need to provide answers to successfully complete this task are as follows:

  1. How can you configure enough DHCP addresses for the 400 clients located on the Sales network?
  2. Assuming you have the hardware resources available to configure and implement only a single DHCP server at this time, on what network should you place the new DHCP server?

Given what you know, your best option will be to configure and implement the new DHCP server on the corporate backbone network where your other servers are located (this is a general best practice). This location, however, assumes that you will be able to create a DHCP scope that contains more than the 40 IP addresses that are currently assigned to the Engineering department and that you will be able to configure the router to pass DHCP traffic. Following along with this design, you would then create the following scopes on the DHCP server:

Before you can call your solution complete, however, you will need to complete at least two more tasks if you haven't already done so:

In the unlikely event that you are not able to procure more IP addresses for use by the Sales network, your design may end a bit differently, especially if network traffic from DHCP is a concern. In this scenario, your design will be different in the following ways:

Regardless of the restrictions and criteria that are imposed on you in this scenario, using Windows Server 2003 DHCP can produce a solid solution.

DHCP Server Management and Monitoring

Objective:

Manage DHCP.

We have spent some time now examining the installation and configuration of the Windows Server 2003 DHCP service. The final piece of the DHCP puzzle is managing and monitoring the server after it is installed and configured. The Windows Server 2003 DHCP server bundles enhanced monitoring and statistical reporting for precisely that purpose.

The DHCP console has several features that can be accessed by selecting the server and clicking the Action menu or by right-clicking the server. We examine these management and monitoring features in more detail in the following sections.

Examining the DHCP Server Statistics

The Display Statistics command opens the Server Statistics window, which is shown in Figure 2.34.

Figure 2.34 The Server Statistics window quickly displays pertinent DHCP statistics.

The Server Statistics window displays the following statistics:

DHCP Server Backup and Restore

As mentioned earlier in this chapter, DHCP server backup and restore is one of the new features found in the DHCP service in Windows Server 2003. Two types of backups from the DHCP console are supported:

Both types of DHCP backups place their data in the same location, which is %systemroot%\System32\Dhcp\Backup by default. You can then use Windows Backup (NTBACKUP.exe) or any other backup application to safely back up this data to another location. You can change the database backup folder by selecting a different local folder during a manual backup or by changing the backup folder location in the DHCP server properties.

Backups of the DHCP data from the DHCP console include the following items:

NOTE: Dynamic Update Credentials

Regardless of how you back up DHCP data, the DNS dynamic update credentials that the DHCP server uses for registering DHCP client computers in DNS will not be backed up.

Exam Alert: Performing a Backup

You do not need to stop the DHCP service on the server to perform either an asynchronous backup or a synchronous backup unless you will be migrating the database to a different DHCP server.

You can manually perform a backup by selecting Action, Backup. In addition, you can perform the restoration of the DHCP data by selecting Action, Restore. If you want to change the backup path, you can do so from the Advanced tab of the DHCP Server Properties dialog box.

NOTE: DHCP Database Restoration Caveats

You can restore DHCP databases only to the same language version of Windows from which they were backed up. For example, you cannot restore an English language version DHCP database to a DHCP server running the Japanese version of Windows Server 2003.

During the restoration process, the DHCP service is stopped for a short period of time on the server. During this time, clients are not able to contact the DHCP server.

Reconciling the DHCP Database

Objective:

Troubleshoot DHCP.

When you reconcile scopes on your DHCP server, you are comparing the information contained in the DHCP database against the information stored in the registry. Typically, reconciliation of scopes is performed when you are observing problems with the DHCP server and want to verify the configured addresses. The Reconcile All Scopes command allows you to perform this comparison should you need to. You can click the Verify button in the Reconcile All Scopes dialog box (shown in Figure 2.35) to check the consistency of the database and get a report of any errors.

Figure 2.35 You can reconcile all scopes from the Reconcile All Scopes dialog box.

Stopping the DHCP Server

Sometimes you'll want to prevent a DHCP server from giving out leases so that you can perform maintenance on the server or make configuration changes to scopes on the server. You can cause this happen by either unauthorizing the server or by stopping the DHCP server service. The Unauthorize command removes the DHCP server from the list of authorized DHCP servers in Active Directory. You are warned before removal occurs, as shown in Figure 2.36.

Figure 2.36 Unauthorizing a DHCP server prevents it from servicing client requests.

The advantage of unauthorizing a server versus stopping the DHCP server service, as shown in Figure 2.37, is that you can still perform scope and server configuration and modification while the server is unauthorized. That is not possible when the DHCP server service has been stopped on the server.

Figure 2.37 Stopping the DHCP server service removes the ability to perform configuration on it.

Configuring Options and Classes

The options Define User Classes, Define Vendor Classes, and Set Predefined Options are beyond the scope of Exam 70-291. You will probably not use them in the context of a standard DHCP installation, but you should be aware of what user classes and vendor classes are in general so that your knowledge of DHCP will be complete.

Changing the Server State

Should you want to change the state of the server, perhaps pause or stop the DHCP server altogether, you can do this from the Action menu. Selecting Action, All Tasks opens a submenu that allows you to control the operational state of the DHCP server. The following options are available:

DHCP Server Common Commands

The three commands Delete, Refresh, and Export List are common ones. The Delete command deletes the DHCP server. The Refresh command causes all the displayed information to be refreshed with a current status. The Export List command allows you to export the information displayed in the right pane of the console window to a tab- or comma-delimited text or Unicode text file. You can export a list of various nodes by clicking them before selecting the Export List command.

The Properties command opens the Properties dialog box for the selected DHCP server. The Properties dialog box (shown previously in Figure 2.33) opens to the General tab, which allows you to configure the following options.

Figure 2.38 When the BOOTP Table folder is enabled, you can perform configuration of BOOTP boot images.

The DNS tab of the Properties dialog box is discussed in detail earlier in this chapter, in the section "Configuring DHCP for DNS Integration." You can use the Advanced tab, shown in Figure 2.39, to perform more advanced and less common configuration tasks.

The Advanced tab has the following configuration options:

Exam Alert: Resolving Conflict Problems

When you start seeing a large number of declines per second (as discussed in the next section, "Troubleshooting DHCP"), you might want to enable conflict detection on the DHCP server. Conflict detection causes the server to look for conflicts before issuing an address, and it should take care of conflict problems until you can find the problem. You should do this only until the problem is addressed. Forcing the DHCP server to detect conflicts every time it issues an address adds a lot of overhead to the server and the DHCP service, and it should be avoided on a long-term basis. After you have resolved a problem, be sure to turn off this feature.

Troubleshooting DHCP

Although DHCP is typically one of the easiest of the common network services to configure and maintain, from time to time, you might encounter problems. More often than not, the DHCP-related problems that you will have will be due to misconfiguration in a scope, unauthorized DHCP servers on the network, or network connectivity problems. You might also have instances in which information has changed in some way, but the change has not been reflected in your DHCP configuration, as in the case of DHCP reservations (which are tied to MAC addresses) or the changing of a DHCP server's IP address. Network connectivity issues are addressed in Chapter 1, and the following sections examine some troubleshooting tasks you can do in an effort to quickly determine the cause of DHCP woes and get this vital network service back into proper operation.

Troubleshooting DHCP Server Authorization Problems

Objective:

Troubleshoot DHCP.

As discussed previously, one of the first indicators you might see of an unauthorized or rogue DHCP server is an unexpected increase in the number of DHCPNACK messages. You can monitor this statistic over time by using the Performance console. The Performance console includes several counter objects that you can use to monitor and troubleshoot your DHCP server:

Configuring the Performance console to monitor and collect data about a DCHP server is a simple process, as outlined in Step by Step 2.7.

Step By Step 2.7 Monitoring DHCP Performance

  1. Select Start, Program, Administrative Tools, Performance to open the Performance console.
  2. Click System Monitor, as shown in Figure 2.41.

    Figure 2.41 You can view server performance statistics by using the Performance console.

  3. To create an entry in System Monitor, click the + icon. The Add Counters dialog box shown in Figure 2.42 opens, allowing you to begin adding counters.

    Figure 2.42 You can add counters to begin monitoring DHCP server statistics.

  4. Select the DHCP Server performance object in the Performance object drop-down list box. You then see the list of counters available for selection that relate to the DHCP service. If you need to know what a counter means, select the counter and click the Explain button.
  5. When you have decided what counter you want to monitor, click Add. You can add multiple counters either by selecting each counter and clicking Add or by holding down the Ctrl key while you select all the counters you want to monitor and then clicking Add. Click Close when you are finished. Your counters are graphed like those shown in Figure 2.43.

    Figure 2.43 You can monitor DHCP server statistics in real time.

NOTE: Creating Server Baselines

If you create baselines on servers, you will be able to compare the performance at any given time to a known value. This can be very useful in performing troubleshooting, and it also helps in periods when configurations are being modified. To create a baseline, you create a counter log from the Counter Logs option of the Performance Logs and Alerts node shown in Figure 2.42. The configuration and usage of a counter log is nearly identical to the creation and usage of the System Monitor, as described in Step by Step 2.7.

If you notice a trend of higher-than-normal numbers of DHCPNACK messages, you need to determine what the source is. The most common cause is that a rogue DHCP server has been set up on the network. You can also examine the DHCP lease properties of clients to determine whether any of them have different information than what you have configured in your DHCP scopes.

It's important to remember that Windows 2000 and Windows XP clients in an Active Directory environment that are configured to use DHCP do not accept leases from unauthorized DHCP servers. Older clients accept these leases and can contribute to the number of DHCPNACK messages when they attempt to renew their DHCP leases.

You can also examine the DHCP server daily audit logs, located in the %systemroot%\sysytem32\dhcp folder, to look for rogue detection events. The DHCP audit logs are discussed in the next section.

Using the DHCP Logs

Objective:

Troubleshoot DHCP.

The DHCP server daily audit logs are often overlooked as a valuable source of information. You have learned how to enable the audit logs; now let's have a look at what they contain. Unlike the logs produced by the Windows 2000 Server DHCP service, the Windows Server 2003 daily audit logs are natively in text format, and you open them simply by double-clicking them. A sample of what you might expect to find in a log is displayed here:

ID,Date,Time,Description,IP Address,Host Name,MAC Address
00,04/27/06,20:08:38,Started,,,,
55,04/27/06,20:08:39,Authorized(servicing),,lab1.area51partners.com,,
24,04/27/06,20:44:10,Database Cleanup Begin,,,,
25,04/27/06,20:44:10,0 leases expired and 0 leases deleted,,,,
25,04/27/06,20:44:10,0 leases expired and 0 leases deleted,,,,
24,04/27/06,21:44:12,Database Cleanup Begin,,,,
25,04/27/06,21:44:12,0 leases expired and 0 leases deleted,,,,
25,04/27/06,21:44:12,0 leases expired and 0 leases deleted,,,,
11,04/27/06,19:39:46,Renew,192.168.0.231,
   xpclient01.corp.quepublishing.com,00E07DC13E70,
31,04/27/06,19:39:46,DNS Update Failed,
   192.168.0.231,xpclient01.corp.quepublishing.com,-1,
10,04/27/06,19:43:07,Assign,192.168.0.230,
   iMac01.corp.quepublishing.com,00306509D772,
30,04/27/06,19:44:14,DNS Update Request,192.168.0.231,
   xpclient01.corp.quepublishing.com,,
31,04/27/06,19:44:14,DNS Update Failed,192.168.0.231,
   xpclient01.corp.quepublishing.com,-1,
30,04/27/06,19:47:03,DNS Update Request,192.168.0.231,
   xpclient01.corp.quepublishing.com,,
11,04/27/06,19:47:03,Renew,192.168.0.231,
   xpclient01.corp.quepublishing.com,00E07DC13E70,
30,04/27/06,19:47:03,DNS Update Request,
   192.168.0.231,xpclient01.corp.quepublishing.com,,
11,04/27/06,19:47:03,Renew,192.168.0.231,
   xpclient01.corp.quepublishing.com,00E07DC13E70,
32,04/27/06,19:47:03,DNS Update Successful,192.168.0.231,
   xpclient01.corp.quepublishing.com,,
32,04/27/06,19:47:03,DNS Update Successful,192.168.0.231,
   xpclient01.corp.quepublishing.com,,

As you can see from this example, the DHCP server cleans up the database hourly. You can also see that two clients requested leases. One of them, an Apple iMac, requested and was assigned the IP address 192.168.0.230, with no further actions. Another client, a Windows XP Professional computer, requested and received the IP address 192.168.0.231, with several failed DNS updates (evidenced by ID 31). After the DNS dynamic update account was properly configured, the DHCP server was able to make the DNS dynamic updates and generate an ID of 32. Table 2.3 explains the ID codes used in the DHCP daily audit logs.

Table 2.3. The DHCP Daily Audit Log ID Codes

ID

Description

00

The log was started.

01

The log was stopped.

02

The log was temporarily paused due to low disk space.

10

A new IP address was leased to a client.

11

A lease was renewed by a client.

12

A lease was released by a client.

13

An IP address was found to be in use on the network.

14

A lease request could not be satisfied because the scope's address pool was exhausted.

15

A lease was denied.

16

A lease was deleted.

17

A lease was expired.

20

A BOOTP address was leased to a client.

21

A dynamic BOOTP address was leased to a client.

22

A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted.

23

A BOOTP IP address was deleted after a check was made to see that it was not in use.

24

The IP address cleanup operation has began.

25

IP address cleanup statistics are provided.

30

A DNS update request to the named DNS server was made.

31

The DNS update failed.

32

The DNS update was successful.

50+

These IDs are used for Rogue Server Detection information.

In addition to the DHCP daily audit logs, events related to the DHCP service are also generated and placed in the system log, as shown in Figure 2.44.

Figure 2.44 The system log contains events related to the DHCP service.

As you can see in Figure 2.45, there is a DHCP server on the network that has not been authorized in Active Directory. The system log contains many useful log events about all aspects of a server and is an area you should review often.

Figure 2.45 An unauthorized DHCP server cannot start the DHCP service.

Troubleshooting DHCP Reservations

Objective:

Troubleshoot DHCP.

For the most part, the only problem that prevents a DHCP reservation from functioning properly is a misconfigured MAC address. If you have a misconfigured DHCP reservation, you should see it show up in the Address Leases node of your DHCP server, with the status Reservation (Inactive). Reservations that are configured properly show the status Reservation (Active). If you look back at Figure 2.16, you'll see the reservation we created had a bad MAC address and thus was the cause of the problem seen in Figure 2.46.

Figure 2.46 A DHCP reservation that is not active usually indicates a misconfiguration.

To verify that a reservation is configured properly, you can compare the MAC address of the component that is to have a reserved DCHP address (a print server, for example) to the MAC address entered in the reservation Properties dialog box. The vast majority of the time, this will reveal the source of the problem.

Troubleshooting the DHCP Relay Agent

Objective:

Troubleshoot DHCP.

The DHCP relay agent, like a DHCP reservation, typically doesn't present a problem. However, there may be cases when relay services are not being provided to network clients. Some of the most common problems that you might encounter with the DHCP relay agent include the following:

Chapter Summary

In this chapter, we've examined how to implement, manage, and troubleshoot DHCP in Windows Server 2003. Some points of interest to take away from this chapter include the following:

Key Terms

Apply Your Knowledge

In this chapter, you have learned what DHCP is and how it works to make IP address assignment easier, quicker, and more accurate. In the following exercises, you will practice some of the concepts and methods discussed in this chapter.

Exercises

2.1 Creating a DHCP Scope

This exercise guides you through the process of creating a standard DHCP scope. This exercise requires you to have a Windows Server 2003 computer with the DHCP service installed.

Estimated time: 20 minutes

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select New Scope from the context menu.
  3. Click Next to dismiss the opening page of the New Scope Wizard.
  4. On the Scope Name page, enter the name SCOPE1 and an appropriate description for the new scope. Click Next to continue.
  5. On the IP Address Range page, enter the IP address range 10.0.0.2-10.0.0.100, and the subnet mask 255.255.255.0. Click Next to continue.
  6. On the Add Exclusions page, enter the IP address ranges 10.0.0.5-10.0.0.10 and 10.0.0.15-10.0.0.20 as exclusions. Click Next to continue.
  7. On the Lease Duration page, you can leave the default setting of eight days. Click Next to continue.
  8. Select to configure advanced options and click Next to continue.
  9. On the Router (Default Gateway) page, enter the default gateway IP address 10.0.0.1. Click Next to continue.
  10. On the Domain Name and DNS Servers page, enter the IP addresses 10.0.0.250 and 10.0.0.251 for the DNS servers. Specify the parent domain as testlab.local. Click Next to continue.
  11. On the WINS Servers page, enter the IP addresses of the WINS servers if you have legacy clients that still need WINS services. Enter the IP addresses 10.0.0.250 and 10.0.0.251 for the WINS servers. Click Next to continue.
  12. Opt to activate the scope now and click Finish to complete the wizard.

2.2 Creating a Superscope

This exercise shows you how to manage multiple scopes by creating a superscope. You need to have completed Exercise 2.1 in order for this exercise to work.

Estimated time: 20 minutes

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select New Scope from the context menu.
  3. Create a second scope, using the IP address range 10.0.0.102-10.0.0.200, using the same default gateway, DNS servers, and WINS servers as detailed in Exercise 2.1, with no exclusions. Name the scope SCOPE2.
  4. Right-click the DHCP server and select New Superscope from the context menu.
  5. Click Next to dismiss the opening page of the New Superscope Wizard.
  6. On the Superscope Name page, enter SUPERSCOPE1 and click Next to continue.
  7. On the Select Scopes page, select SCOPE1 and SCOPE2 by holding down the Ctrl key and clicking both scopes. Click Next to continue.
  8. Verify your configuration on the Completing the New Superscope Wizard page. Click Next to complete the superscope creation process.
  9. The Completing the New Superscope Wizard dialog box gives you a summary of the selections you made throughout the wizard. Click Finish to create the superscope.

2.3 Configuring a DHCP Relay Agent

This exercise walks you through the process of creating and configuring a DHCP relay agent for a network.

Estimated time: 15 minutes

  1. Open the Routing and Remote Access console.
  2. Expand the console nodes so that you can access the IP Routing, General node.
  3. Right-click the General node and select New Routing Protocol.
  4. Select the DHCP relay agent.
  5. Right-click the DHCP Relay Agent node and select New Interface from the context menu to select the interface to be used for the DHCP relay agent.
  6. Configure your required values for hop-count threshold and boot threshold.
  7. Right-click the DHCP Relay Agent node and select Properties. Enter one or more remote DHCP servers into the list and click OK to confirm your settings.

2.4 Authorizing a DHCP Server in Active Directory

This exercise walks you through authorizing a DHCP server in Active Directory. This exercise requires that you have an Active Directory environment with an installed DHCP server.

Estimated time: 5 minutes

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select Authorize from the context menu.
  3. The authorization process may take some time, depending on network conditions. Refresh the DHCP console by pressing F5. The DHCP server status is shown as Active when the authorization is complete. The server is then ready to issue addresses when it receives DHCP requests.

2.5 Configuring DHCP for DNS Integration

This exercise walks you through configuring a DHCP server for DNS integration. This exercise requires that you have an Active Directory environment with an installed DHCP server and DNS server. To complete this exercise, you need to have completed Exercise 2.4.

Estimated time: 15 minutes

  1. Open the DHCP console by selecting Start, Programs, Administrative Tools, DHCP.
  2. Right-click the DHCP server and select Properties from the context menu. Switch to the DNS tab of the DHCP Server Properties dialog box.
  3. To enable DHCP integration with DNS, ensure that the Enable Dynamic DNS Updates According to the Settings Below check box is selected.
  4. Select to either have the DHCP server update A and PTR records when requested or to always update A and PTR records.
  5. To help keep your DNS database clean and consistent, you should allow the DHCP server to cause expired leases to lead to A and PTR record deletion.
  6. If you have legacy clients on the network, ensure that dynamic updating is configured for them as well.
  7. If you are using secure dynamic updates, you should consider configuring a dedicated network user account for the dynamic updating. You can enter the account credentials by switching to the Advanced tab.
  8. Click the Credentials button on the Advanced tab to open the DNS Dynamic Update Credentials dialog box.
  9. Enter the domain user account name, domain, and password.

Exam Questions

  1. You are the systems administrator for Wild Widgets, Inc. You are training a new employee on the use of the DHCP service in Windows Server 2003. She asks you how the client computer requests and receives an address from the server. Which of the following answers is correct?

    A.

    The client computer broadcasts a DHCPDISCOVER message. The DHCP server offers an IP address. The client computer accepts the address and uses it to communicate on the network.

    B.

    The client computer broadcasts a DHCPDISCOVER message. The DHCP server offers an IP address. The client computer accepts the address and sends a request to use that address back to the DHCP server. The client computer uses the address to communicate on the network.

    C.

    The client computer broadcasts a DHCPDISCOVER message. The DHCP server offers an IP address. The client computer accepts the address and sends a request to use that address back to the DHCP server. The DHCP server acknowledges the request and grants the client computer a lease to use the address. The client computer uses the address to connect to the network.

    D.

    The client computer broadcasts a DHCPDISCOVER message. The DHCP server offers an IP address. The client computer accepts the address and sends a request to use that address back to the DHCP server. The DHCP server acknowledges the request and grants the client computer a lease to use the address. The client computer responds with an acknowledgement of the lease and uses the address to connect to the network.

  2. You are the system administrator for Phil's Phill-up Stations, a chain of gas stations. As part of the network, you maintain a Windows Server 2003 DHCP server to dynamically assign addresses. You have three superscopes set up, and within each superscope are four scopes. One day, you start experiencing problems with one of the scopes issuing bad addresses. You check the server and suspect that there is a database problem. How can you verify that the database is intact?

    A.

    Open the DHCP console. Select the scope in question and select Action, Reconcile Scope.

    B.

    Open the DHCP console. Select the superscope that contains the scope in question and then select Action, Reconcile All Scopes.

    C.

    Open the DHCP console. Select the DHCP server that contains the scope in question and then select Action, Reconcile All Scopes.

    D.

    Open the DHCP console. Select the DHCP server that contains the scope in question and then select Action, Reconcile DHCP Database.

  3. You are the LAN administrator for Get Stuffed Taxidermy, and you are responsible for maintaining the company's Windows Server 2003 DHCP server. While doing your daily system checks, you notice that the number of DHCPDISCOVER packets spiked at 9:00 this morning. What could cause the Discovers/Sec counter to spike at 9:00 a.m.?

    A.

    A network problem

    B.

    The DHCP service being restarted

    C.

    A large number of computers entering the network at approximately the same time

    D.

    A rogue DHCP server issuing duplicate addresses

  4. You are the systems administrator for Hank's Harmonicas, Ltd. Your Active Directory-based network consists of all Windows Server 2003 server computers and Windows 98, Windows 2000 Professional, and Windows XP Professional client computers. This morning one of the users of a Windows 98 computer called you and said that she could no longer connect to network resources. Upon further investigation, you discover that several other Windows 98 clients are experiencing the same problem. You determine that the cause of the problem is due to an incorrectly configured DHCP lease. What is the most likely reason that only your Windows 98 clients are exhibiting this problem?

    A.

    The DHCP service in Windows 98 is not as stable as that in Windows 2000 or Windows XP, and this sometimes results in corrupted lease information.

    B.

    An unauthorized DHCP server has been set up on the network.

    C.

    A misconfigured DHCP server has been set up on the network.

    D.

    The Windows 98 clients were unable to renew their DHCP lease and have thus assumed APIPA IP addresses instead.

  5. You are the lead systems administrator for Little Faith Enterprises, and a customer has asked you to install the DHCP service on her Windows Server 2003 computer, get one scope configured, and issue addresses. What minimum steps do you need to take in order to accomplish this?

    A.

    Install the DHCP service from the Windows Components Wizard. After the service is installed, authorize it in Active Directory. Next, create the scope. Finally, configure the DNS integration.

    B.

    Install the DHCP service from the Windows Components Wizard. After the service is installed, create the scope and then configure the DNS integration.

    C.

    Install the DHCP service from the Windows Components Wizard. After the service is installed, create the scope. Create a superscope and add the scope to it. Authorize the server in Active Directory.

    D.

    Install the DHCP service from the Windows Components Wizard. After the service is installed, create the scope. Authorize the server in Active Directory.

  6. You are the systems administrator for the Hittem Boxing Glove Corporation. The corporation is running a routed network with a centrally located Windows Server 2003 DHCP server. The server is able to issue addresses to users on the local segment but cannot issue addresses to any of the sites that are across a router. What is the most probable cause of this problem?

    A.

    The DHCP forwarder service is not enabled on the DHCP server.

    B.

    The BOOTP forwarder service is not enabled on the DHCP server.

    C.

    The DHCP forwarder service is not enabled on the routers.

    D.

    The BOOTP forwarder service is not enabled on the routers.

  7. You manage the Windows Server 2003 DHCP servers for the Really Big Screwdriver Corporation. You are running in a purely Windows Server 2003 environment with all Windows XP Professional clients, and you need to make sure that workstations are registered properly in DNS for Active Directory integration. How should you configure DNS integration?

    A.

    Set DNS integration to automatically update DHCP client information in DNS.

    B.

    Set DNS integration to discard A and PTR records when a lease is deleted.

    C.

    Set DNS integration to enable updates for DNS clients that do not support dynamic updates.

    D.

    Set DNS integration to enable DNS keepalives.

  8. You are the systems administrator for UR Write publishing, a bookseller. Your Windows Server 2003 DHCP server issues a block of 40 addresses to 120 salespeople on the Sales network. These users are frequently in and out of the office, so no more than 40 users are ever on the network at one time. What do you need to do to ensure that users get addresses when needed?

    A.

    Set the DHCP lease duration to 60 minutes.

    B.

    Set the DHCP lease duration to 5 days.

    C.

    Configure a reservation for each user.

    D.

    Configure an exclusion for each user.

  9. You are the distributed computing administrator for Talk to Me Telephone. The company has Windows Server 2003 installed, with the DHCP service running. Mixed in with the DHCP client computers, the company still has some old workstations on the network with BOOTP chips on their Ethernet cards. You need to add support for BOOTP for these computers. How do you ensure that support?

    A.

    Add the BOOTP service to the server.

    B.

    In the Advanced tab of the scope Properties dialog box, configure the server to issue addresses to BOOTP clients.

    C.

    In the Advanced tab of the server Properties dialog box, configure the server to issue addresses to both DHCP and BOOTP clients.

    D.

    In the Advanced tab of the scope Properties dialog box, configure the server to issue addresses to both DHCP and BOOTP clients.

  10. You manage the Windows Server 2003 DHCP servers for the Really Big Hammer Corporation. It is a mixed environment, with Windows 2000, Windows XP, and Windows 98 workstations. You need to make sure workstations are registered properly in DNS for Active Directory integration. What do you need to do?

    A.

    Set DNS integration to automatically update DHCP client information in DNS.

    B.

    Set DNS integration to discard A and PTR records when a lease is deleted.

    C.

    Set DNS integration to enable updates for DNS clients that do not request dynamic updates.

    D.

    Set DNS integration to enable DNS keepalives.

  11. You are the systems administrator for BT Editing Unlimited. You have a 50-host network and are running a Windows Server 2003 DHCP server to assign IP addresses. You also have five IP-based printers with static IP addresses. Your assistant administrator has been working on the DHCP server and has made some changes. Now, your users cannot print to one of the printers. What is most likely the problem?

    A.

    The scope from which the printers were receiving their IP addresses has been deleted.

    B.

    The existing scope has been modified so that it overlaps the addresses reserved for the printers.

    C.

    The existing scope has been modified so that it overlaps the addresses reserved for the printers, and a workstation has been assigned the same address as one of the printers.

    D.

    The DHCP service was inadvertently stopped.

  12. You are the systems administrator for the Little Faith Department Store. You are responsible for maintaining the company's Windows Server 2003 DHCP server. The company recently added a new router and routed a segment to the network. Now that segment must be added to the DHCP server. The address of the router port is 10.10.25.1, and the router is subnetted with a Class C subnet mask. You need to provide 40 addresses, starting at 10.10.25.20. What needs to occur for you to get DHCP working on that segment?

    A.

    You need to install and configure an additional DHCP server on that segment to provide DHCP services.

    B.

    You need to add to the DHCP server a scope that contains the addresses from 10.10.25.20 through 10.10.25.59. The scope needs a subnet mask of 255.255.255.0. You need to configure the BOOTP forwarder for the new segment's router, using the address of the DHCP server. You need to activate the scope.

    C.

    You need to add to the DHCP server a scope that contains the addresses from 10.10.25.20 through 10.10.25.60. The scope needs a subnet mask of 255.255.255.0. You need to configure the BOOTP forwarder for the new segment's router, using the address of the DHCP server. You need to activate the scope.

    D.

    You need to add to the DHCP server a scope that contains the addresses from 10.10.25.20 through 10.10.25.60. The scope needs a subnet mask of 255.255.255.0. You need to configure the BOOTP forwarder for the new segment's router, using the address of the DHCP server. You do not need to activate the scope because that happens automatically when the scope is created.

  13. You are the network manager for IntCo Manufacturing. You are running in a mixed environment, and you are using a Windows Server 2003 DHCP service to support three network segments. Your client computers consist of Windows 2000 Professional, Windows NT Workstation, and Windows 98 SE workstations. What do you need to do to ensure that all the client computers can receive DHCP addresses?

    A.

    Configure a scope for each network segment. Configure each client computer to receive IP addresses dynamically. Configure the DHCP service for backward compatibility.

    B.

    Configure a scope for each network segment. Configure each client computer to receive IP addresses dynamically. For the Windows NT Workstation client computers, ensure that the DHCP update from Service Pack 6 has been installed.

    C.

    Configure a scope for each network segment. Configure each client computer to receive IP addresses dynamically. Configure the DHCP service for mixed mode.

    D.

    Configure a scope for each network segment. Configure each client computer to receive IP addresses dynamically.

  14. You are the systems administrator for BT Editing, and you are running a purely Windows Server 2003 network using Active Directory and the Windows Server 2003 DHCP service. A user in another department has installed a DHCP server on a Unix server. How do you prevent your client computers from receiving DHCP addresses from that server?

    A.

    Disable the unauthorized server in Active Directory.

    B.

    Make sure all your domain client computers are running Windows 2000 or higher.

    C.

    Reconfigure BOOTP on the router.

    D.

    Go to each client computer and enter the address of the production DHCP server in the Internet Protocol (TCP/IP) Properties dialog box.

  15. You are the systems administrator for Area 51 Partners, a consulting firm that is not involved in any way, shape, or form with alien activity in Nevada. You have a customer who would like to ensure that only authorized DHCP servers can make dynamic updates to the DNS database. What will you configure for the customer in order to make this happen? (Choose all that apply.)

    A.

    Create a new domain user account called DNSDYNUPD.

    B.

    Enter the credentials for the DNSDYNUPD account in the scope options for your DHCP server.

    C.

    Enter the credentials for the DNSDYNUPD account in the DNS Dynamic Update Credentials dialog box for your DHCP server.

    D.

    Add the DNSDYNUPD account to the Enterprise Administrators group.

Answers to Exam Questions

  1. C. The client computer cannot use the address until the DHCP server grants the lease. After the DHCP server acknowledges the DHCP request and grants the lease, the client computer is able to use the address. Before a client computer can actually use an offered address, it must request to do so and receive an acknowledgement from the offering DHCP server; thus Answers A, B, and D are incorrect. No additional step is required in the process. For more information, see the section "DHCP."
  2. C. You need to reconcile all the scopes on the server. Answer A is almost correct because you can reconcile a single scope, but the correct command is Reconcile, not Reconcile Scope. You cannot reconcile scopes at the Superscope level, as stated in Answer B. The command in Answer D does not exist. For more information, see the section "Reconciling the DHCP Database."
  3. C. The DHCPDISCOVER packet is sent when a computer first requests an address. The most likely reason for the Discovers/Sec counter to spike would be a large number of concurrent requests occurring, which could happen when a large number of client workstations request addresses at the same time. A network problem would have the opposite effect because no DHCPDISCOVER packets would reach the server; thus Answer A is incorrect. A DHCP service restart or a rogue DHCP server couldn't affect the number of DHCPDISCOVER packets because the packets are generated by client PCs; thus Answers B and D are incorrect. For more information, see the section "Troubleshooting DHCP Server Authorization Problems."
  4. B. In this scenario, the most likely cause for the problem is that an unauthorized DHCP server has been set up on the network. Windows 2000 and Windows XP clients in an Active Directory domain do not take DHCP leases from DHCP servers that have not been authorized in Active Directory. The DHCP service in Windows 98 would not likely cause this sort of problem; thus Answer A is incorrect. A misconfigured DHCP server that was authorized would give bad DHCP lease information to all clients—not just to Windows 98 clients; thus Answer C is incorrect. In addition, if clients were unable to reach a DHCP server, the Windows 2000 and Windows XP clients would also assign themselves APIPA IP addresses; thus Answer D is incorrect. For more information, see the section "Troubleshooting DHCP Server Authorization Problems."
  5. D. If the task is to install the DHCP service and get it issuing addresses, you do not need to configure DNS, but you do need to authorize the server in Active Directory; thus Answers A and B are incorrect. Even though you learned how to create a superscope in this chapter, you do not need a superscope for the server to function; thus Answer C is incorrect. For more information, see the section "Configuring and Managing DHCP."
  6. D. To issue addresses using DHCP across a router, the router needs to have the BOOTP forwarder service enabled and configured; thus Answer C is incorrect. DHCP relay is configured on a router or a Windows Server 2003 computer running Routing and Remote Access; thus Answer A is incorrect. There is no such thing as the BOOTP forwarder server; thus Answer B is incorrect. For more information, see the section "Configuring and Implementing a DHCP Relay Agent."
  7. A. In a purely Windows 2000, Windows XP, and Windows Server 2003 environment, you need to configure DHCP to automatically update DNS to ensure that the client computers appear on the network correctly. Setting the DNS integration to discard lookups after a lease is deleted also works with a purely Windows 2000 network, but it has nothing to do with the computers registering properly; thus Answer B is incorrect. Windows 2000, Windows XP and Windows Server 2003 all support dynamic updates; thus Answer C is incorrect. Keepalives are associated with HTTP sessions, not DNS; thus Answer D is incorrect. For more information, see the section "Configuring DHCP for DNS Integration."
  8. A. To ensure that addresses are available, the DHCP lease needs to be set to a short interval; thus Answer B is incorrect. Reservations won't help since you have too few leases already; thus Answer C incorrect. There was no mention of a need for exclusions and thus no need to configure them; therefore Answer D is incorrect. For more information, see the section "Creating a DHCP Scope."
  9. D. You need to configure the scope to issue addresses to both DHCP and BOOTP clients; thus Answers A, B, and C are incorrect. For more information, see the section "Creating a DHCP Scope."
  10. C. Because the non-Windows 2000 (or non-Windows XP) machines lack the capability to directly update the DNS server themselves, you need the DHCP server to make the updates to DNS. Using DNS integration to enable updates for DNS client computers that do not support dynamic updates enables the DHCP server to perform this service. The options mentioned in Answers A and B do not exist; thus they are incorrect. Keepalives are associated with HTTP sessions, not DNS; thus Answer D is incorrect. For more information, see the section "Configuring DHCP for DNS Integration."
  11. C. The address from the printer has probably been issued to another computer. Because the printers use static addresses, the only change to the DHCP server that could have affected printing would be another host having the same address. Deleting the scope would cause problems, but not likely right away; thus Answer A is incorrect. Answer B is close, but just creating an overlapping scope is not a problem until the overlapping addresses are assigned. As with deleting the scope, stopping the DHCP service would cause problems, but not unless a client needed a new address; thus Answer D is incorrect. For more information, see the section "Configuring and Managing DHCP."
  12. B. A single DHCP server can serve multiple segments, so you do not need an additional server. To get 40 addresses, the range must be from 10.10.25.20 to 10.10.25.59, which is an inclusive range. Also, the last step of the New Scope Wizard is to authorize the new scope. The actions listed in Answer A are not enough to perform the required task; thus Answer A is incorrect. Answers C and D each provide 41 addresses; in addition Answer D has you not activating the scope, which you must do this in order to use the scope. Therefore Answers C are D are incorrect. For more information, see the section "Configuring and Managing DHCP."
  13. D. You do not need to make any special configurations to the DHCP service; it can communicate with non-Windows 2000 or non-Windows XP client computers without problems. Thus Answers A and C are incorrect. You also do not need to update any of the client computers. Windows NT and Windows 98 are capable of utilizing DHCP without needing updates applied; thus Answer B is incorrect. You just need to configure the appropriate scope and configure the client computers to utilize that scope. For more information, see the section "Configuring and Managing DHCP."
  14. B. Because a Unix server cannot be enabled in Active Directory, Windows 2000 (and Windows XP) client computers do not accept DHCP addresses from the server. Answer A is not correct because you cannot disable a server that isn't joined to the Active Directory domain. Changing the BOOTP configuration on the router might prevent remote users from receiving addresses, but local users would still be vulnerable; thus Answer C is incorrect. In Answer D, there is nowhere to enter the address of the DHCP server. For more information, see the section "Authorizing a DHCP Server in Active Directory."
  15. A, C. Windows Server 2003 allows you to use a preconfigured domain user account to perform DNS dynamic updates. This ensures that only authorized DHCP servers are performing dynamic updates and that all DHCP servers can update and modify DNS entries. In addition, this prevents problems previously associated with allowing a DHCP server running on a domain controller to perform DNS dynamic updates. The best course of action is to create a dedicated domain user account for this purpose. The account information to be used for dynamic updates is configured at the server level; thus Answer B is incorrect. The account used for dynamic updates does not need to be a member of the Enterprise Administrators group; thus Answer D is incorrect. For more information, see the section "Configuring DHCP for DNS Integration."

Suggested Readings and Resources

  1. Davies, Joseph, and Lee, Thomas. Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference. Microsoft Press, 2003.
  2. Stevens, W. Richard. TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, 1994.
  3. "Deploying Network Services,"http://technet2.microsoft.com/
    WindowsServer/en/Library/119050c9-7c4d-4cbf-8f38-
    97c45e4d01ef1033.mspx    .
  4. "Technical Overview of Windows Server 2003 Networking and Communications,"www.microsoft.com/windowsserver2003/
    techinfo/overview/netcomm.mspx    .
  5. "Windows Server 2003 Reviewer's Guide,"www.microsoft.com/windowsserver2003/techinfo/
    overview/reviewersguide.mspx    .
  6. Windows Server 2003 Online documentation: "Network Services,"www.microsoft.com/technet/prodtechnol/
    windowsserver2003/proddocs/entserver/sag_NPStopnode.asp    .
  7. "Dynamic Host Configuration Protocol (DHCP) Operations Topics,"http://technet2.microsoft.com/windowsserver/en/
    operations/dhcp.mspx    .
  8. "Windows Server 2003 Security Guide,"http://www.microsoft.com/technet/security/prodtech/
    windowsserver2003/W2003HG/SGCH00.mspx    .

© 2024 Pearson Education, Pearson IT Certification. All rights reserved.

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |