Windows DHCP problem.

pts.
Tags:
Active Directory
Cabling
DataCenter
DHCP
DNS
Hardware
Hubs
Management
Microsoft Windows
Network monitoring
Networking
Networking services
OS
Routers
Security
Servers
SQL Server
Switches
I think I may be mssing something simple, but here is my setup and problem. I have a Windows 2003 server w/active directory, DNS, and DHCP configured. The server is connected into a cheap D-Link switch. I have one Windows XP workstation also plugged into the switch. My goal is to have the server give the workstation an IP address and then add the workstation to the domain. The problem: the workstation never is assigned an IP address. I checked the DCHP statistics and it does not even get a request. All the stats say 0. I setup a Scope. If I configure the workstation with a static IP address that is on the same network as the server, I can ping both ways, but I get an DNS type error when I try to join the domain. The error is a DNS timed out error when looking for the controller of the domain. I authorized the DHCP and DNS server. I tried adding the workstation to active directory. I can't get the workstation to get an IP address. If I connet the workstation to our normal network, it will get an IP address fine. Any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

When you configure it statically, can you ping the DNS server? Can you ping the workstation from the server? Did you put the IP of the DNS server in the client?
Don’t take this wrong, (I’ve seen experienced people mess this up), is the scope in the same subnet as the IP of the DHCP server?
You need to find out if this is a network issue or a configuration issue. The ping should answer that question.
rt

Discuss This Question: 19  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Skepticals
    Well, I got it working. It was a configuration in the remota access area which I thought was for VPNs and whatnot. There was a way to make the ethernet port public or private and put a basic firewall on it. I set the port to private and everything is working... was that a bad idea?
    0 pointsBadges:
    report
  • BIGFella
    I think that you need to clarify your setup i.e. what boxes are running what... if you are saying that you are running a single box with W2k3 server as a DC with DHCP, DNS that's fine (in a test or SOHO environment), now the question is are you also running RRAS on the same box if so then this is a bad idea... in a production environment at least (security issues if the box is breached due to unneccessary ports being open/lax config). at worst I would suggest that this style of domain config be setup within virtual machines (base config server running VMWare and as a DC, then have a seperate virtual machine running RRAS). Running RRAS on a DC will inevetability cause you isses due to multi-homing (multiple network cards on different subnets). To answer your question directly you should not be configuring DHCP, DNS through RRAS. RRAS is there soley for providing "remote" connectivity and not for use by clients "local" to the DC that is why you have the DNS, DHCP facilities within AD, and not the basic features of RRAS. Hope that this helps and possibly gives you a base of what your looking at, or am I just missing the mark with RRAS?
    0 pointsBadges:
    report
  • Skepticals
    BigFella, I agree with what you are saying. The problem was I didn't want/need RRAS installed. I only wanted DHCP and DNS. RRAS was getting in the way of DHCP working. I removed RRAS and everything seems to be fine. Do you not reccommend having active directory, DNS, and DHCP on the same server? The only other servers I will have eventually are an Exchange and a Web server. Thanks for your thoughts.
    0 pointsBadges:
    report
  • BIGFella
    OK right, so you did have RRAS installed on the DC, however you have since removed this from the DC and the problem has been corrected. Great...! Ok I can only presume what was happenning due to not knowing your network layout, but I guess that RRAS was doing it's thing and routing traffic...allbeit not as you desired. AS for AD, DNS & DHCP residing on the same box, this is a bit of a horses for courses type question and answer. Yes they will all run happly on the same box... depending upon your hardware config and the number of clients being serviced by the DC(non-exhaustive list, length of DHCP client leases, DNS lookups/updates & domain queries as you say that you will be running Exchange). DNS will always be on the same box as the domain controller due to DNS integration into AD so that's not an issue,; DHCP in it'self does not have a large overhead, as stated number of clients and lease time has an impact. I would suggest that you have a look at Microsoft's server sizing util which is available from the MS website, (sorry cannot remeber the exact name of the util or location, check the MS downloads page; this will be the best course of action to answer your question.
    0 pointsBadges:
    report
  • Astronomer
    My two cents about DHCP is: if you can avoid it, don't use your domain controller as a DHCP server. This has to do with the fact that DHCP servers don't "own" their IP addresses. You don't don't want another box stepping on your domain controller IP. Sorry my answer didn't address your problem better. When I was entering my response, the web page wouldn't display the original question and I remembered it incorrectly. rt
    15 pointsBadges:
    report
  • Skepticals
    BIGFella, The server is brand new. Dual Processor Duo core. 8 Gigs of RAM, SCSI this, fast that, etc. It will be supporting about 75 users, but never all at the same time. I could easily put DHCP elsewhere if I have to. I will see how it goes and I will look into Microsoft's server sizing util. Thanks for the advice.
    0 pointsBadges:
    report
  • AdTechJO
    Well There is no harm in having DSN, DHCP and Exchange erver on the same DC ( I have one.. of course you should consider in that case the hardwre configuration such as SCSI-based HDD and 2 GB RAM) I think to avoid 'multi-home' issues the best is to have two network cards on your gateway with routing service active. The first network is configured to carry your internet connection while the other is tat of the domain network IP address scopes. The ther thing to define the reservation address for your computers.Each Network card has unique MAC address that can assign to specific address no matter where you install. The DHCP will give that address to that card specifically assigned even if it is selected outside the scope range. You use the scope to assign guest units connecting temporarily while the others are assigne Static addresses by your DHCP Good Luck
    0 pointsBadges:
    report
  • BIGFella
    Well you say server is brand new and from the sounds of it would be more than adequate if not a fair bit over spec'd (based on the amount of RAM) for the amount of users you will be supporting, it is actually surprising what little spec you can get away with for running such services. Just make sure that you are running the right version of 2003 server, if you want to take advantage of the full 8Gb of RAM then you will need to run Enterprise edition(with the /PAE switch in the boot.ini file), Standard only supports up to 4Gb RAM max. Referring to AJTechJO's response is that if your going to run all the services together on one box (AD, DNS,DHCP + Exchange) then you might aswell have bought 2003 SBS instead, so it is my thoughts that his comments ae not really relevant to your question at hand. One other thought that springs to mind that I should of mentioned earlier is that you will only be running 1 DC, 1 single point of failure!!! for the whole domain, if your DC dies in a big way and it's not recoverable, your screwed big style.... Domain reinstallation time, not sometihing that I would want to go through with your 70'odd screaming users who are unable to access the network. Microsoft recommend that there always be at least 2 yes 2 DC's in a domain for fail over reasons(this is sound reasoning & something that I insist on sticking to), this does not mean that another hugely spec'd server would be required, what is generally best to do in the first place is that have 2 servers of a lower spec than what it sounds like you have purchased and then spread the load...follow the 80/20 run especially useful with DHCP, you can also split the FSMO roles between the servers, and have both servers as global catalogues for exchange (multiple GC's can be important if exchange utilisation is high, or there are a lot of domain queries). applogies if I'm waffling a bit had a couple of cans of the old fall'y over juice, think it's starting to take effect on the grey matter.
    0 pointsBadges:
    report
  • Skepticals
    BigFella, Ramble all you want - I enjoy reading your posts. They entertain me and have good information. I also thought the servers were over spec'd, but I was told "We need to spend the budget". I'm not sure which server 2003 we have, I will look into that. I also think it is a good idea to have a second server with AD on it. Would it make sense to make the exchange server the backup? or maybe the webserver? All the servers are equally overkilled in specs. What is all this stuff about dual homed? The server does have two network cards. I have one disabled currently. Should I enable both of them? And set one to static for the LAN and the other to the internet? Do I have to set up some type of routing for that? This brings me to another question. What's the easiest way to monitor all traffic? I think I would need a central proxy or some other point that I could run a packet sniffer or some other type of software that would allow me to inspect the traffic. Any ideas on that while we are at it?
    0 pointsBadges:
    report
  • BIGFella
    Christ... "we need to spend the budget"!!! what industry or company do you work for, got any jobs going??? Every company that I have worked for you have to fight for the money and then justify why your spending it twice over. If your going to put AD anywhere then I would strongly suggest a seperate box be purchased (of a lower spec than what you have presently bought) since it sounds like you've got cash to burn! Placing AD on the web server is definately out of the question, as this will more then likly be internet facing and would be a sure way of exposing your domain infrastructure onto the internet, if something was either not configured correctly or the web server potentially hacked + it would be infront of a firewall (hopefully) and I would not be sure if such a config would be possible, securly of course; leaving only your exchange server, if it's got to be then it's got to be, personally I would not do it, I would rather dedicate a server to exchange, due to disk usage, potential client requests & the amount of mail being processed by the server. Dual homed or multi-homed, is where by a network node (server, router, firewall, etc) has 2 or more network cards attached to different subnets i.e. 1 connected to the LAN and another connected with a public IP (or WAN) this has a number of use's RRAS server are generally multi-homed, or they can be used when there is a seperate LAN segment say for backups (to take the backup traffic off the standard LAN segment used by clients. You could have both cards enabled and have static IP's for your LAN assiged incase one of the cards died or developed a fault. Talking about packet sniffing, monitoring ALL traffic are you talking about traffic comming and going on the perimeter of your network (internet traffic) or general LAN traffic. If your talking about the perimeter than your firewall should have a logging facility which could be configured to record the traffic (though this could get very large very quickly if your not carefully you should only selectivly monitor what is necessary). If your thinking about general LAN traffic then there are plently of products out there GFI LAN gurard being one or the plain old windows network monitor capture util (Netcap.exe), though tools like these (especially windows network monitor) are generally used when there is a comms problem that you are trying to diagnose.
    0 pointsBadges:
    report
  • Skepticals
    BigFella, I was suprised also to hear about the budget. I just went with it. Because I do not think we can purchase another server, would you advise me to make the exchange server a backup DC or just keep one? Also, because you seem to know a great deal, any experience with a WSUS server for windows updates. Could that be something that I run off of the DC? I'msure that it is not the best idea.
    0 pointsBadges:
    report
  • BIGFella
    If you cannot purchase another server (at the moment) then I would stick with 1 DC and express my concerns that a single point of failure exists and is generally hazardous to your health, as you'll be the one taking all the flak when things go tits up, get something in your budget for next year (or as soon as possible)for another server to act as a secondard DC. In the mean time ensure that you are backing up the system and service state of the DC on a regular basis to removable media. Microsoft's stance is don't put exchange on a DC (or vice versa) running a quick search on the MS website return the following good article:- This Exchange server is also a domain controller, which is not a recommended configuration. which can be found at the following link:-) http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/92e23d0b-d52c-466e-b885-0e7e812efd56.mspx?mfr=true Regarding to WSUS, yep been there done that... just consolidated & upgraded 2 SUS servers into 1 WSUS, only small scale compared to some but still gives me something to keep me busy... 1 of the SUS servers that I had was at a remote site was running on a DC (the documentation for SUS does not state as far as I can remember any concerns about running on a DC). In fact again doing a quick search on the MS website does suggest that it is perfectly fine to run WSUS on a DC as long as the hardware is up to the job for the workload the server will receive. there are a few ceveats regarding WSUS having to be unistalled if you decide to demote the DC to a member server sometime in the future, nothing major to worry about.
    0 pointsBadges:
    report
  • Skepticals
    BigFella, I do recall reading something abut installing Exchange on a DC. I will hold off and see what I can work into next year's budget. I would assume that the server specs could be very low, is this correct? If that's all the server will do? Or should I spec it higher and give it additional roles? It just seems a waste having an additional server only for a backup DC. That might be a hard sell. Regarding WSUS, have you found good results using this? We have a lab that I was thinking of having the lab computers get the windows updates from a WSUS server. Is this how you use your WSUS, or do you just use it for patch management?
    0 pointsBadges:
    report
  • BIGFella
    Refering back to one of my previous posts I would suggest that you run the server sizing util this will give you a spec for the amount of workload the server will handle. When I say back up, in terms of a DC it will not sit there in the background unused until the present one dies, AD and Windows clients are intellegent enough to spread the load between the 2 server automatically for DNS, and AD queries + you could split the FSMO roles between the 2 server i.e RID & PDC & Schemea on 1 & the remaining 2 to the other, also the DHCP scope could be split between the 2 incase on of them fell over at any point leaving some clients still able to receive IP address' and connect into the LAN (The 80/20 rule I mentioned earlier). DON'T consider a 2nd DC just a peice of kit that sit's in the back office doing nothing, your DC's are you networks life blood...! I am not over exagerating here, without them your up a certain creek without a paddle, such that they should be seen as an investment & not a peice of kit that can be forgotten about just to be sold on in a couple of years. If your really struggling for cash and really do feal the need to do something to protect your hide consider having a decent spec'd PC running 2003 server, this may seem extreme but it's better than nothing, just monitor it closely. SUS ran fine on the DC that I have at the remote site thou this site only has a small number of users (20 - 30 max) so it met the needs at hand. SUS & WSUS are soley patch management products the difference being that SUS is being phased out as it only updated Windows where as WSUS can update MS apps (Exchange, SQL, Office, etc) as well as Windows. There are other products out there for patch management that will deploy patches/updates not only to MS products but other 3rd party software aswell; MS Systems Managment Server being one, Namura TrackIt (helpdesk package) with patch management addon purchased being another, but these are not free products where as WSUS is and they are a lot more complex to setup & maintain. WSUS is sufficient for anyone really with the exception of LARGE... corporates, it comes down to your requirements at the end of the day, it works fine for me and gives me all the reporting features that I need.
    0 pointsBadges:
    report
  • Astronomer
    There has been a lot of good information in the responses here but it might be helpful to look at the whole picture. As discussed, it's not a good idea to put all of the services on a single box. This leads to the question: how many boxes? Microsoft recommends a minimum of two domain controllers for each domain for the reasons already discussed. They also don't recommend running the infrastructure manager as a global catalog server but if you have just one domain, this shouldn't cause problems. As also mentioned, exchange and DHCP shouldn't be on a domain controller. I see no reason a dommain controller can't do WSUS but make sure the hard drive is big enough. I just upgraded ours to 200 when 80 Gig wasn't enough. So the minumum number we are talking about is three boxes. Two domain controllers and an exchange/DHCP server should handle everything. In our environment, we have two dedicated domain controllers on 1U dells at the main campus. These are minimal systems with two drives mirrored. The exchange server for over 500 people is a 2U dell. Following dell's recommendation this system has a mirror for drive C: and a three drive RAID for the exchange database. You may want something similar if you run a lot of email. It depends on your load. When we finally set up DHCP, I plan to chose our SNMP server as the primary. In a much more minimal environment, a TV station subnet, we are setting up two old workstations as domain controllers. This will allow centralized account management, DNS services, and a place for the pix firewall to trust authentication for VPNs. I have recommended they eventually get server class systems but this should be fine for a few years. As far as dual NICs are concerned, we had major problems when I created a private net on a domain controller for backups. The DC handed out its private address as the one to use to reach it and workstations were no longer able to connect to it. No matter what microsoft recommended hacks I tried, it insisted on handing out the private IP through DNS. I finally just disabled the second interface and we now use the main interface for backups. Hopefully this addresses your questions on how to divide up the services and how many systems you need. rt
    15 pointsBadges:
    report
  • Skepticals
    Thank you very much for your input. Everything is becoming more clear. I had some guesses, but I wanted to get ideas from people in the field.
    0 pointsBadges:
    report
  • TheVyrys
    You are getting great advice from all .... I too was going to mention splitting the DHCP between the 2 servers. My DHCP scope is split between 2 DC's and has never given me a problem being on a DC. I would start one scope at say 192.168.1.50 thru 192.168.1.150 and then the other 192.168.1.151 thru 192.168.1.250 This gives you enough on each scope to handle all requests should one of the servers go down. Then static IP the servers (and printers?) to the first 50 addresses that are not included in the scopes. Plus 4 more at the end of the scope. If you are in fact running Windows Server 2003 Standard edition, you could take 4Gb of the existing servers RAM and use it for the new server thus maybe cutting costs a smidge....(every little bit counts trying to convince them) You could also set up a batch file to xcopy or robocopy your critical files over to the new servers hard drives and provide another level of redundancy. (Quick access to restore files too...especially searching for them) To me, WSUS is not resource intensive....and depending on what all updates you need to house, is not all that space consuming. Mine is under 3Gb for XP and Office updates. It works great and it could be another definite role for the other server. Saves me a lot of time and increases security. I too agree with keeping exchange separate from your DC's. Good luck.
    0 pointsBadges:
    report
  • Skepticals
    The Virus (spelled differently), Thanks for your advice. I download some documentation on WSUS today and I do plan on implementing it for updated. Good advice on the RAM usage too. I will look into that as well. Any tips, pointers, or gotchas that could help me with WSUS? I should have plenty of space. We have 140G.
    0 pointsBadges:
    report
  • TheVyrys
    Not too many tips etc....just a few. Others may be able to contribute as well here. First, after installing WSUS, but before you download any of the updates, go and choose your languages, OS's, etc. Otherwise you will download a ton of unnecessary stuff. You will likely have some unnecessary updates anyway, and you can purge them by downloading the following tool at: http://download.microsoft.com/download/7/7/4/7745a34e-f563-443b-b4f8-3a289e995255/WSUS%20Server%20Debug%20Tool.EXE install it, then run this command - WsusDebugTool.exe /tool:purgeunneededfiles It will get rid of some of the extra stuff you don't need, therefore saving disk space. I put it in a .bat file and just double click it, but if you do you will need to enter the path as well... example: c:wsusWsusDebugTool.exe /tool:purgeunneededfiles Other suggestions, would be- In AD create an OU (or Sub OU) called something like WSUS. Here you can add only the computers you want to be updated automatically. (be sure to add computers not users) Create a Group Policy Object for this OU and assign the settings as desired for your updates, WSUS server name, etc. (you can use an existing GPO if you prefer) I did this because I can keep our Conference Room computers out of the OU and they won't auto update. There's nothing like getting a call from the CEO doing a board presentation griping about the computer running slow, and not being able to do anything about it. My reasoning is, the conference room computers sometimes will go several days, or even weeks without being turned on or used. Once they are logged on to, here comes a pile of updates all at once. I leave out the servers too...I also prefer to do them manually at my leisure...usually after hours in case of problems. I leave my workstation out of the OU and have it download and notify, but not install updates. This serves as a notification to me that the WSUS server has received new updates that need approval for everone else. If it sounds confusing or tedious, it's really not....just a little to absorb at first. I highly recommend it, and you are starting perfectly by reading the documentation and getting advice. This site is a good resource with very knowledgeable and cool people in diverse areas. good luck
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following