Microsoft Windows DHCP Team Blog

The world's most deployed DHCP Server! Deploy and discuss about your fav. server, here!

Automatic syncing of scope configuration changes between 2 DHCP failover servers

Automatic syncing of scope configuration changes between 2 DHCP failover servers

  • Comments 36
  • Likes

DHCP Failover is a new feature in Windows Server 2012 which provides for high availability of DHCP service.  Two DHCP servers in a failover relationship synchronize the IP address lease information on a continual basis there by keeping their respective databases up-to-date with client information and in sync with each other. However, if the user makes any changes in any property/configuration (e.g. add/remove option values, reservation) of a failover scope, he/she needs to ensure that it is replicated to the failover server. Windows Server 2012 provides functionality for performing this replication using DHCP MMC as well as PowerShell. But these require initiation by the user. This requirement for explicitly initiating replication of scope configuration can be avoided by using a tool which automates this task of replicating configuration changes on the DHCP failover server. DHCP Failover Auto Config Sync is a PowerShell based tool which automates the synchronization of configuration changes. You can download the tool and usage guide from this post on TechNet Script Center.

Please let us know your feedback on this tool!

Comments
  • Is automatic state switchover enabled on both the DHCP servers. A server will continue to stay in COMMUNICATION INTERRUPTED state if automatic state switchover is not enabled.

  • DHCP Team yes, had both servers configured as switch over enabled to 1 hour (after creating the failover relationship), then disabling the blocking the 647 TCP port between themselves so simulate site link failure, so the expected was both going into PARTNER DOWN, and own 100% of the scopes, but only first box went into PARTNER DOWN, while second one stayed on COMMUNICATION INTERRUPTED, but not PARTNER DOWN...so for now I disabled the automatic switch over, and added extra monitoring so the admins will have to fail the box accordingly, meaning depending on outage. any ideas why the second box is not going into PARTNER DOWN on its own ? the first one goes to this state as it should, but not the second one Thanks Martin

  • We tried this again (its anyway a part of our tests), blocking TCP port 647. This caused both servers to move into Communication Interrupted and on expiry of state switchover interval, to PARTNER DOWN state. What you have observed is not the expected behavior. How are you blocking port 647 - we do this using firewall. Also, if you bring down the first server, does the second server go into communication interrupted and then to partner down ?

  • correct, relationship was created to switchover 60mins enabled, then replicated to confirm failover was working, both nodes were in normal state, then tcp647 blocked thru juniper fw, both boxes are going into INTERRUPTED, after 60 mins, the first box goes into DOWN mode, second one stays in INTERRUPTED, but not DOWN i will try to replicate the same case and let you know if i can re-create Thanks Martin

  • Martin, can you bring down the first server and see if second server goes into partner down (after communication interrupted). BTW, in our tests, we block 647 using the windows firewall on the server - it should not make any difference though.

  • Hi DHCP Guys, i might be wrong (i have been wrong before) but this seems related to the way the fw is blocking the communications on the 647 tcp port, meaning the juniper is not sending the "reject" packet back to sender hence, i think the failover keeps on waiting for ever to hear back for serverdown...which never happens i configured the stateswitchinterval to 60 mins, then the fw was configured not to send reject, and i waited 3 hours...the state is not going into partnerdown, after going thru communicationinterrupted, meaning it says there on that state PS C:\Windows\system32> Get-DhcpServerv4Failover Name : PartnerServer : Mode : LoadBalance LoadBalancePercent : 50 ServerRole : ReservePercent : MaxClientLeadTime : 01:00:00 StateSwitchInterval : 01:00:00 State : CommunicationInterrupted ScopeId : AutoStateTransition : True EnableAuth : True telnet with no reject back to sender takes about 30 seconds to fail... Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> set localecho Local echo on Microsoft Telnet> o 647 Connecting To ...Could not open connection to the host, on port 647: Connect failed telnet with reject back to sender takes about 2 seconds to fail... Microsoft Telnet> o 647 Connecting To ...Could not open connection to the host, on port 647: Connect failed Microsoft Telnet> i then bounced the DHCP service while it was on CommunicationInterrupted, once the fw was re-configured to sent the reject back to sender, status goes into startup, and then communications interrupted, so i left them for 3 days even though "StateSwitchInterval : 01:00:00" they are not going into PARTNERDOWN when the fw is blocking you can test from your side if you have a hardware fw to test this...for now i will disable "StateSwitchInterval" and manually manage this once the fw rule is removed, and server is bounced, if second server is down, the partner down state kicks in as it should, sending first box into partnerdown state, after going thru communicationinterrupted Thanks Martin

  • I have been using this tool for sometime now and its been working perfectly until recently I began to see these errors in the log file, Any ideas on how to fix this? 'VFGHGBVMDHCPW2P' is the hostname of my secondary DHCP Server 'Periodic Sync TimeOut Happened: Syncing Relation:VFGHDHCPCLUSTER01 Error: Failed to get superscope information on DHCP server VFGHGBVMDHCPW2P. -------------------------------------------------------------------------------------------------- Scope not synced.Please sync it manually. If it does not belong to any relation please create a failover relation for it to ensure safety.' --------------------------------------------------------------------------------------------------

  • Hi Emmnauel, the error you mentioned is an outcome of the PowerShell cmdlet: Invoke-DhcpServerv4FailoverReplication. This error seems to have occurred when periodic sync was called for one of the failover relationships on the server. We verified that this cmdlet works for the super scope. We will add more loggint to the tool and publish a new one which will help understand the root cause of the failure. In the interim, could you send details on the superscope configuration that you have - for example number of scopes in the superscope, any disabled scopes etc. Can you please send the same to teamdhcp_at_hotmail.com

  • Hi folks,

    I've setup DHCP failover between 2 servers in my environment following this article:
    http://technet.microsoft.com/en-us/library/hh831385.aspx

    However, I need to decommission the initial the initial server from which the scope was initially replicated. How do I go about breaking the synch relationship between them? I'm afraid that if I just unauthorize the server, and take it offline that there will be replication objects left in the background.

    Any ideas?

  • Hi Val,

    Lets say you have created the failover relationship from server 1 to server 2 and now want to decommission server 1. You can do so by deleting the failover relationship from server 2. This will remove the scopes from server 1 and retain the same on server 2. You can later create new failover relationship for the scopes from server 2 to the newly commissioned server.

  • Is the log file supposed to post entries 3 to 4 times per second ? Causing large expansion of the log file. Entries coninutously are : Sync process complete at Will automatically sync again when new configuration changes are made. These repeat at least 3 to 4 times per second

  • Hi Lee, this is not the expected behavior unless there are configuration changes happening that quickly. Is that the case ? We will look into this and get back.

  • Hi Lee, can you please clarify under what user account you are running the script.

  • Hi, I have two dhcp 2012 r2 servers with loadbalance 50/50, state switchover 60minutes, MCLT 60minutes. When I shutdown the server1, the server 2 shows then partner down, but the ip pool doesn't change from 50% to 100%?
    Why doesn't this change?

  • Hi, I have two dhcp 2012 r2 servers with loadbalance 50/50, state switchover 60minutes, MCLT 60minutes. When I shutdown the server1, the server 2 shows then partner down, but the ip pool doesn't change from 50% to 100%?
    Why doesn't this change?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment