DHCP Failover is a new feature in Windows Server 2012 which provides for high availability of DHCP service. Two DHCP servers in a failover relationship synchronize the IP address lease information on a continual basis there by keeping their respective databases up-to-date with client information and in sync with each other. However, if the user makes any changes in any property/configuration (e.g. add/remove option values, reservation) of a failover scope, he/she needs to ensure that it is replicated to the failover server. Windows Server 2012 provides functionality for performing this replication using DHCP MMC as well as PowerShell. But these require initiation by the user. This requirement for explicitly initiating replication of scope configuration can be avoided by using a tool which automates this task of replicating configuration changes on the DHCP failover server. DHCP Failover Auto Config Sync is a PowerShell based tool which automates the synchronization of configuration changes. You can download the tool and usage guide from this post on TechNet Script Center.
Please let us know your feedback on this tool!
That's great - thanks for the heads up!
Based on feedback received from customers, the tool provided on TechNet Script Center (link is in the blog above) has been updated on 20 Jun 2013 to include a fix for periodic synchronization of scope configurations. Also while running, in its default mode, it can now automatically include any failover relationships that were created after it was started. A restart of the tool, for including new relationships, is required only if the user is running the tool in selective replication mode.
you mentioned: "Two DHCP servers in a failover relationship synchronize the IP address lease information on a continual basis " - can you provide me with further Infos about the time-interval, they are communicating? As an MCT - would be great to hear from you!
Andy, Any time the state of an IP address on a DHCP failover server changes i.e.
- an IP address is leased to a client,
- the existing lease on an IP address is renewed
- an IP address lease is released or expired
the updated IP address record post this state changes is almost immediate communicated to the partner DHCP server using a lease synchronization message (called BINDING UPDATE). This happens almost instantaneously any time the state of any IP address in a DHCP scope changes. The only delay is what may be introduced by the underlying network between the 2 DHCP failover servers.
We find that new and changed ip-reservations tend to take a little while to replicate from one server to the other, Can you confirm this to done differently than leases?
Usually we have to manually click replicate to get it on the partner server in time when a tech is standing there waiting for it.
Will an IP-Reservation follow the same sync method when created on server one and then automatically replicating to server two instantaneously?
In reality we find that we need to do a manual replication via the gui or powershell to get the new reservations copied immediately. If left to its own, there replication will occur at some point, but its nowhere instant.
Also, could 3300 scopes on two servers with 50/50 load balancing be the problem?
IP reservation does not follow the same sync method as the leases. Once you create an IP reservation on one of the servers, you need to sync it to the other DHCP server using MMC or PowerShell cmdlet. 3300 scopes on two servers with load balancing is not a problem.
You can use the script shared at the below location to achieve automatic sync of reservations and other configuration changes-
You can also use IPAM in Windows Server 2012 R2 for DHCP Failover management which will perform any configuration changes including reservations on both the DHCP failover servers.
hi, should this sync tool also sync reservations. i have hot standby mode. the script runs but a new reservation i am am adding is not syncing to the 2nd server. if i do it through the mmc works no probs
Yes, the tool should sync reservations as well. Can you send the log output of the script to email@example.com
if im using the ps tool to do the sync between Server 1 and Server 2
Server 1 being the one the tool where it runs from
what happens if the 2 boxes stop talking to each other ? but the clients still see the DHCP service ?
meaning the sync between each other will break, but the clients will still see the DHCP servers as available
im guessing they will go as partner down after 1 hour, so they will try to take over each other's IP pool ?
reading this KB http://technet.microsoft.com/en-us/library/dn338983.aspx, it says "If two DHCP servers configured as failover partners are unable to communicate, precautions are taken to avoid the same IP address lease being issued to two different DHCP clients." but im not sure how we can prevent or detect this besides adding proper monitoring ?
When the 2 DHCP servers stop talking to each other, they will both transition to COMMUNICATION INTERRUPTED state. Its fine for 2 DHCP failover servers to run in COMMUNICATION INTERRUPTED state since they will be giving new leases from their ownership of the free IP pool. If you have enabled "automatic state switchover", they will automatically transition from COMMUNICATION INTERRUPTED state to PARTNER DOWN state after expiry of state switchover interval (default 1 hour). An admin needs to avoid having both servers operating in PARTNER DOWN state since a server in PARTNER DOWN state will take over the entire free IP pool assuming the other server is down. This takeover of free IP pool occurs after a period of MCLT since moving into PARTNER DOWN.
If you have enabled automatic state switchover in DHCP failover, you should monitor events on the DHCP server which indicate PARTNER DOWN state transition and take appropriate action.
Thanks for the quick reply...so to be on the safe side, besides monitoring
it will be ok to change the MCLT to lets say 8 hours, and enable proper monitor
for the relationship "Get-DhcpServerv4Failover | select state" so...while its on COMMUNICATION INTERRUPTED state
we are ok for 8 hours and will give the admins proper time to check issues, but if they stop talking to each other for longer than 8 hours, it will go into PARTNER DOWN and at least the DHCP service on any of the 2 boxes should be DISABLED, to avoid conflicts with IP assignments ?
That would be appropriate. The DHCP server logs failover state change events in the DHCP server admins channel - you can use those events to monitor.
Thanks a bunch for the info, by the way I tested this config as well...to have switch over at 60 minutes, then blocking port 647 between each other, after 60 minutes they should go into PARTNER DOWN if I understand correctly....well...the first box goes into this state, serving 100% of scopes...but the second box goes into COMM INTERRUPTED state, not into PARTNER DOWN...even after the 60 minutes....im not sure why the second box doesn't go into PARTNER DOWN ? Thanks !