windows server 2012 introduces a failover architecture for DHCP so recently i was looking into migrating off of our 2008 core DHCP server to 2012 r2 core. i did the migration about 2 weeks ago and it was simple and mostly painless except for one unforeseen hiccup (that was difficult to troubleshoot).

first, i needed a current copy of the production DHCP database. there’s a ton of ways to accomplish this…i fell back on using:
netsh dhcp server export c:\dhcp_backup.txt all
netsh dhcp server import c:\dhcp_backup.txt all
source: http://community.spiceworks.com/how_to/show/23549-exporting-and-importing-dhcp-database-on-windows-server

you can also do backup/restore operations directly from the DHCP mmc snap-in. the default DHCP database path is c:\windows\system32\dhcp\dhcp.mdb and the backup path is c:\windows\system32\dhcp\backup

and finally powershell cmdlets are available:
Backup-DhcpServer
Export-DhcpServer
Restore-DhcpServer
Import-DhcpServer

i’m not entirely sure what the differences are between some of those cmdlets and at the moment i’m not interested enough to find out.
source: http://technet.microsoft.com/en-us/library/jj590751.aspx

here’s a quick command to disable the windows firewall in server core:
netsh advfirewall set allprofiles state off
source: http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx

after getting a current backup of the production DHCP database i then proceeded to unauthorize the production DHCP server and then shut it down. i imported the database to the new 2012 r2 server and then i ran into the hiccup i mentioned earlier. i could not connect to the new DHCP server via the MMC snap-in (even though i could moments before…prior to the cutover). i verified that the DHCP service was running. i even restarted the server…same end result. i looked at PTR records and tried MMCs on other machines. on purpose i was trying to retain two A records for this server in DNS. the reason being was because i didn’t want to break people’s saved MMCs, but it finally got to the point in the troubleshooting process where i needed to try to remove one of the records to see if it resolved the MMC issue. and it did as soon as i removed the A record for “DHCP” and kept only the “DHCP1” A record i was able to immediately connect and authorize the new DHCP server. i don’t think i’ve encountered problems with multiple A records with any other service before, but there’s a first time for everything…

the last item i dealt with was the DHCP security groups. since i installed the DHCP role from the command line i did not get a post-install configuration wizard. this wizard typically set ups the security groups. i was in a hurry to leave so i created the groups manually: DHCP Administrators (R/W access) and DHCP Users (RO access). if i had read more carefully at the time i would have noticed there was a command line option to create the groups…
netsh dhcp add securitygroups

the DHCP service should be restarted after creating the security groups
source: http://technet.microsoft.com/en-us/library/ee941205(v=ws.10).aspx

restart DHCP service from powershell: Restart-Service DhcpServer
authorize DHCP server from powershell: Add-DhcpServerInDC -DnsName <dhcp server hostname> -IPAddress <dhcp server IP address>
source: http://blogs.technet.com/b/teamdhcp/archive/2012/08/31/installing-and-configuring-dhcp-role-on-windows-server-2012.aspx

and finally here’s info for configuring DHCP failover in windows server 2012:
http://technet.microsoft.com/en-us/library/hh831385.aspx

Comments are closed.