Installing and Configuring DHCP role on Windows Server 2012


With the new Server Manager in Windows Server 2012, there have been some changes in the way DHCP role will be installed. The blog post describes, in the sections below, installation and configuration of DHCP Role using Server Manager and PowerShell on Windows Server 2012. Before starting, the user needs to ensure that he/she logs in as a domain user with local administrative privileges, in case the machine involved is a domain joined machine.

 Installing DHCP role via new Server Manager

  • Ensure the computer has at least one static IP address assigned before starting the role installation.
  • Launch the Add Role Wizard from Server Manager.
  • Select DHCP server role and go through the steps needed for installation.
  • The last page of the wizard (which comes up after the role has been installed), provides a link – “Complete DHCP configuration”. This provides some tasks that need to be performed to enable the DHCP server role to work properly after role installation.

Figure 1: The last page of Add Role Wizard after DHCP role installation

 

  • Launch the DHCP post-install wizard and complete the steps required.
  • Creation of DHCP security groups (DHCP Administrators and DHCP Users). For these security groups to be effective, the DHCP server service needs to be restarted. This will need to be performed separately by the administrator.

 

Figure 2: DHCP Post-Install configuration wizard – Introduction Page

 

  • Authorization of DHCP server in Active Directory (only in case of a domain-joint setup). In a domain joined environment, only after the DHCP server is authorized, it will start serving the DHCP client requests. Authorization of DHCP server can only be performed by a domain user that has permissions to create objects in the Net services container in Active Directory. See how to delegate permissions to do this in active directory.

 

Figure 3: DHCP Post-Install configuration wizard – Authorization Page

Figure 4: DHCP Post-Install configuration wizard – Summary Page

 

  • In case completing of the post-install step is missed after role installation, the administrator will continue to see a notification on the action pane and also a link on the DHCP role tile on the main Server Manager page suggesting that some configuration is required. That link would go away only after completion of the post-install task.

Figure 5: Server Manager: DHCP Post-Install configuration wizard launch point

 

  •  The configuration of DHCP server parameters such as scope, options etc. are no longer available in the new Server Manager. The administrator can now launch DHCP MMC either via Server manager (as shown below), or via the DHCP MMC application in the Start Menu, or writing dhcpmgmt.msc on the command prompt. The administrator can now create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients. 

 

Figure 6: Server Manager: DHCP MMC launch point

 

Installing via PowerShell 

To install the DHCP server role via PowerShell, one needs to run the following command:

  •  Command: Add-WindowsFeature  -IncludeManagementTools dhcp

Note the extra switch (IncludeManagementTools) which is now needed, in contrast to Windows 7. Without this switch, just the DHCP server role would be installed. The DHCP server RSAT tools which includes DHCP MMC, netsh context and the new DHCP PowerShell cmdlets,  is not installed by default, unless you give the above flag.

  •  After the role is installed, there are a few other steps that the administrator needs to perform so that the server can work correctly and lease out addresses. This the post-install configuration as performed by the above mentioned post-install wizard. The administrator can either launch the Server Manager and complete the DHCP post-installation task from there (as this is UI-only task) or run the below set of commands which are an equivalent of above.
  • Creating DHCP security groups
    • Command:netsh dhcp add securitygroups
    • You will need to restart the DHCP service for these groups to become active.
      • Command:  Restart-service dhcpserver
    • Authorizing the DHCP server in Active Directory (only needed for a domain-joined setup)
      • Command: Add-DhcpServerInDC  <hostname of the DHCP server>  <IP address of the DHCP server>
  • Now the administrator can launch DHCP MMC either via Server manager, or via the DHCP MMC application from the start menu, or by writing dhcpmgmt.msc on the command prompt. The administrator can now also create scopes, set option values so as to be able to lease out IP addresses and provide option values to clients using DHCP MMC or the new DHCP PowerShell.

If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

  • Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\12 –Name ConfigurationState –Value 2

 

Other Links

Team DHCP

Comments (51)

  1. teamdhcp says:

    Paul, have you configured the IP helper/DHCP relay to point to the new DHCP server. Its likely that you are missing that configuration. Please check if client messages are being received on the new DHCP server.

  2. Anonymous says:

    Thanks WillB! It will be great if you could share how you are using the DHCP policies…It will help us understand the scenarios and plan for any future updates.

  3. Anonymous says:

    Hi Matt,

    I am assuming that by clustered DHCP servers you mean DHCP servers participating in failover.

    Using DHCP failover with NLB is not recommended as NLB can send request packet to only one server. It selects the server to send the packet to, after applying a logic (which is a configurable setting). It does not send the packets to multiple servers. DHCP failover requires that a request packet be received by both the failover partners.

    We recommend that you instead use a DHCP relay agent (in Routing and Remote Access Service role in windows server). A DHCP relay agent can relay a DHCP request to multiple servers.

  4. teamdhcp says:

    Hi Muhamad, you need to assign a static IP address on the system running the DHCP server.

  5. teamdhcp says:

    You can configure DHCP failover between 2 DHCP servers which are running DC. There are not specific advantages or disadvantages to doing so.

  6. teamdhcp says:

    TRogers, yes if you have not run the post-install configuration the DHCP server is not authorized in AD and will not be serving any clients in case its a domain-joined deployment.

  7. teamdhcp says:

    The router connected to the client network needs to be configured with IP address of the DHCP server (IP helper). Once configured this way, the router will unicast the DHCP client messages (which are broadcast) to the IP address of the DHCP server.

  8. Anonymous says:

    Hi Minoo, We have not seen this issue when the user performing the install is logged in as domain admin as the domain admin has the required permissions. However, as mentioned in earlier responses, the error is benign since the installation has completed successfully in this case.

    Below is what you can do, to get rid of the prompt in server manager to complete the post-install configuration step (this has also been added to the blog above) –

    If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that the post-install configuration has been completed. This can be done by the below command:

    •Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftServerManagerRoles12 –Name ConfigurationState –Value 2

  9. teamdhcp says:

    The list above is the commonly used DHCP options and hence are part of the scope creation wizard. There is no way to extend the wizard to include other DHCP options. After creating the scope, you can always go to the scope options and assign values for
    other options.

  10. Anonymous says:

    Can the clustered DHCP servers be accessed via NLB?  We have an issue with some old networking equipment that will only allow us to configure 1 address for the IP helper.

  11. Anonymous says:

    Hi Victor,

    We have seen this issue when you are try to perform post install configuration through server manager while logged in as a local administrator on a domain joined computer. You should be able to work around this by logging in as a domain user who is has admin privileges on the computer (member of the local administrators group). Hope it helps.

    Also you have mentioned the server is not part of domain – however the rest of your description ("try to select alternate credentials and put in the admin info or say skip AD") as well as the error that you hit suggest that the server is domain joined. You will not be prompted for authorization of the server in AD unless the server is domain joined.

  12. Anonymous says:

    The UI in DHCP MMC for adding non-standard DHCP options has not changed. You can go to IPv4 node, right clikc, Set predefined options and then press Add to add a new option definition. Once the option definition is added, you can set values for that option at each scope or server wide. You can also use the Add-DhcpServerv4OptionDefinition cmdlet to add a new option definition and Set-DhcpServerv4OptionValue to set option value for any option.

  13. teamdhcp says:

    Char, your Cisco Linksys router will have a DHCP server. You will need to turn that off if you are using Windows DHCP server – else both servers will be leasing IP addresses to clients.

  14. Anonymous says:

    Hi Brian, managing a high version server (2012) using lower version (2008) RSAT (GUI/netsh) is not a supported scenario. However, that is not the reason you are seeing the red circle icon. That icon means "DHCP server connected but current user does not
    have the administrative credentials to manage the server." See the DHCP server icon reference here –

    technet.microsoft.com/…/cc784812(v=ws.10).aspx

    You may need to add the specific user to the DHCP Administrators group to get resolve this.

    However, to get over the authorization hump, suggest that you try authorizing via the PowerShell cmdlet.

  15. Anonymous says:

    Hi Brian, what is the error you get when you try to authorize the DHCP Server. Can you have an enterprise admin try authorizing the DHCP server using Add-DhcpServerInDC cmdlet in PowerShell and see what error you get back.

  16. G2009 says:

    In a DHCP server, whenever a scope is created, the scope gets populated by some defalut "Scope Name" such as:

    003 Router
    006 DNS server
    015 DNS Domain Name
    044 WINS/NBN Server
    046 WINS/NBT Node Type
    066 Boot Server Host Name
    067 Boot File Name

    Is there a way to have some more "Scope Name" to be populated by default whenever a new Scope is created ?

    Thanks for your time and suggestions.

  17. Anonymous says:

    Hi Brian, yes you can authorize 2012 DHCP server in a 2008R2 or even a lower version AD. There is no dependency in DHCP server on a specific AD version. What is the problem you are facing.

  18. teamdhcp says:

    Mike, yes you can authorize the new DHCP server while keeping the older one still running. Since you will not have any scopes on it until the time you import, the new server will not serve any clients. The steps you mentioned will work.

  19. DinoZoff says:

    Thanks, I’m searching right now. That should be it.

  20. Anonymous says:

    This is really great, contains many stuffs in detail

  21. teamdhcp says:

    Hi Rob, yes – you can authorize the DHCP server after configuring the scopes and options.

  22. Anonymous says:

    So essentially, you will configure the IP address of the DHCP relay agent (in Routing and Remote Access Service role in windows server) in your old network equipment and configure the RRAS DHCP relay agent with IP addresses of the 2 DHCP failover servers. This would amount to cascading of DHCP relay agents.

  23. Anonymous says:

    Hi Mike, Thanks for sharing the feedback – that was useful. Are you deploying DHCPv6 in stateful or SLAAC mode ?

  24. Anonymous says:

    Jonathan, it seems like you are missing a statically configure IP address on the DHCP server. Please configure/ensure that a static IP is present on at least one of the network interfaces of the DHCP server.

  25. WillB says:

    How do you add additional non-standard DHCP options?  There used to be an available action to setup non-standard DHCP options that I have not been able to find.  What is the new method for adding new options not included in the standard list?

  26. WillB says:

    Thank you!  I feel stupid -i see it now, but not before I found the technet info on using PowerShell to add them.  Great updates to DHCP server in 2012 – I'm loving the Policy maps!

  27. VictorL says:

    So, I have a private subnet that I want to provide DHCP services to and decided to use 2012 as the provider but I'm having tons of problems. This is a standalone server (ie, not part of a domain) and when I try to select alternate credentials and put in the admin info or say skip AD, I get an error about not being able to open registry keys to set the status of the post config task. It recommends setting trustedHosts via winrm which I have done even though this should not be needed as it's just a single machine but it still fails.

    Any thoughts would be great.

  28. Vinita says:

    This is really great article and I am sure it is helping many people. I wanted to add my 2 cents by sharing a small video on steps to install and configure Windows Server 2012 <a href="http://www.youtube.com/watch.
    More videos are available at <a href="http://www.prohut.net/…/a&gt;

  29. Minoo says:

    Hi I have almost the same issue as Victor.  The only difference is I am signed on as a domain administrator on the machine, which happens to be a domain controller.  I actually have removed the role and tried adding it back in, but the same issue occurs every time.  "Failed to open registry key on target computer…."

  30. BrianL says:

    Can I authorize a 2012 DHCP server in a 2008 R2 AD?

    We're having some problems doing so.  I must admit we're just in the preliminary stages, but I thought I'd ask here…

  31. BrianL says:

    Hi, thanks for the reply.

    Our AD people are unable to authorize the DHCP server, it has the red circle with the white dash in it, so it's a permissions issue from what I understand.  They are Enterprise Admins, and the server is joined to the domain.

  32. BrianL says:

    Thanks again,

    They are trying through the GUI, not from powershell.  When I remotely manage the 2012 server from a 2008 server, I do not get the DHCP portion.  Is it not possible to authorize through the GUI using 2008?  I'll try to get them to authorize using powershell.

    Thanks again,

    Brian

  33. BrianL says:

    Sorry, meant to add they are not getting an error, the server has the red circle with the white dash (like a 'do not enter' sign), and authorize is greyed out.

    Thanks

    Brian

  34. ctz says:

    fantastic! thanks

  35. user new says:

    Hi i want to set DHCP up, the server will be connected to a router which has a static IP address (also connected to 2 other cisco routers using OSPF)

    will DHCP be able to pass through the network to clients on the other side of the router to get IP address the server gives or will the router intercept

  36. RobL says:

    I am currently installing a new DHCP server using 2012 R2 to replace an existing system. Can I install the DHCP role adn configure all the scopes and options BEFORE authorising the server so as not to interupt service to our users?
    I need to put all the information in for our scopes and options before we can turn off the current system!

  37. RobL says:

    Brilliant. Thanks for the quick answer!

  38. char says:

    When we install DHCP on the server, we lose internet connectivity. We have a Cisco Linksys modem with DHCP. Would that be a part of the problem?

  39. paul says:

    Hi,
    I,ve setup a new Server2012R2 DHCP server alongside our existing W2008R2 server. I authorised the new server and de-authorised the old one, but the new one is not giving addresses. On a client I'm getting 0x79 errors (cannot get new DHCP address). I exported/imported
    all settings with powershell from old to new.
    I started over again with a clean Server install and manually creating all scopes but still no luck. Anyone have some suggestions?

  40. TRogers says:

    I just installed the DHCP services in W2K12-R2 but I have not completed the Post-Install process. My new server build got messed up with some bad NIC drivers, so I want to reinstall OS from scratch. DHCP is not "live" or Authorized in AD if I did not complete
    the Post-Install process right? SO I am safe to rebuild and re-do DHCP? (WSUS also)

  41. mike says:

    We currently have a single 2008r2 dhcp server that is doing dhcp. We want to move to the new 2012 dhcp with failover. Can i authorize these new servers in ad without interrupting the current dhcp server? Then when we are ready to switch over i can just
    export and import the configs and leases and change the relay agents? Am i understanding this correctly?

  42. muhammad says:

    I am having some problem with DHCP server 2012 ..the Server is not assigning IP address to the client …….keep getting the following error….
    This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

  43. Hi teamdhcp says:

    I would like your opinion on whether it is wise to install a DHCP failover (load balanced) cluster on Domain Controllers

  44. Mike Gilbert says:

    Hi this is really a suggestion for DHCPv6 deployment – is there a connect area or a better place to post suggestions?

    My suggestion is as follows. In a DHCPv6 stateless environment with SLAAC, the IPv6 prefix is assigned by the ISP and may change occasionally. In such a network, static IPv6 addresses are really bad because they have to be manually changed when the ISP changes
    the prefix – and your own documentation says that in a well managed IPv6 network, static IPv6 addresses should be extremely rare.
    So therefore I suggest that for a stateless IPv6 DHCP server, you remove the requirement that you only bind to static IPv6 addresses. There is nothing wrong with sending DHCPv6 replies on the link local address if you are just giving out stateless configuration
    information, and doing so will allow a best practice of not requiring the DHCPv6 server to have a static IP at all.
    If you want to support stateful DHCPv6 in a DHCPv6-PD environment where the prefix comes from the ISP and may change, there are other issues – you will want to look at obtaining the prefix from a router rather than requiring the user to hard-wire it in to the
    scope, you will want to think about reservations where you are just reserving the host part of a client IPv6 address and getting the prefix from the upstream router, you will want to think about coordinating DHCPv6 lease times with an DHCPv6-PD prefix lifetime,
    etc,, etc. That sort of stuff would be awesome but I realize it's a lot of work. But for now if you just allow a stateless scope to work without a fixed IP, then we can handle DHCPv6-PD networks by setting them up in SLAAC mode while you guys think through
    the stateful issues!

  45. Jonathan says:

    Hi, I'm trying to migrate a Windows 2003 network server to a 2012 one. When I'm trying to complete the DHCP configuration I'm getting the following error
    http://i.imgur.com/vfCvY8m.png I noticed earlier you said this could be disregarded, but when I go to the DHCP UI it shows the current server with a wrong IP address (a 169 based one rather than the 192 one I would
    expect to see) and no name rather than the <Servername.domain[IP address] . Any advice gratefully received!

  46. Bashir Yousufzai says:

    great and well information about DHCP

  47. toarney says:

    VictorL: have the exact same issue:

    Windows 2012 R2
    Standalone (not part of a domain)
    Install DHCP server
    During the DHCP Post-Install configuration wizard, asked to provide domain credentials (even though it is NOT on a domain)
    No matter what what is selected, even if you select "Skip AD authorization" gives an error message:
    Failed to open registry key on target computer to set the status of pst configuration task. Error: the WinRM client cannot process the request.

    SOLUTION:
    In Server Manager, Local Server, Properties, Computer name
    To rename this computer or change its domain or workgroup, click Change
    Provide a computer name
    Click More…
    Remove "Primary DNS suffix of this computer:"
    Reboot

    You are no longer asked to provide (non -existent) credentials when installing DHCP server on a standalone non-domain server.

  48. toarney says:

    VictorL: have the exact same issue:

    Windows 2012 R2
    Standalone (not part of a domain)
    Install DHCP server
    During the DHCP Post-Install configuration wizard, asked to provide domain credentials (even though it is NOT on a domain)
    No matter what what is selected, even if you select "Skip AD authorization" gives an error message:
    Failed to open registry key on target computer to set the status of pst configuration task. Error: the WinRM client cannot process the request.

    SOLUTION:
    In Server Manager, Local Server, Properties, Computer name
    To rename this computer or change its domain or workgroup, click Change
    Provide a computer name
    Click More…
    Remove "Primary DNS suffix of this computer:"
    Reboot

    You are no longer asked to provide (non -existent) credentials when installing DHCP server on a standalone non-domain server.

  49. teamdhcp says:

    Hello tourney, please try the below steps to get rid off the alert in server manager about post-install configuration not being complete:
    Below is what you can do, to get rid of the prompt in server manager to complete the post-install configuration step (this has also been added to the blog above) –

    If the administrator has completed the post-install configuration using PowerShell, Server Manager may still raise a flag (alert) for its completion using the post-install configuration wizard. This alert can be suppressed by notifying the Server Manager that
    the post-install configuration has been completed. This can be done by the below command:

    Command: Set-ItemProperty –Path registry::HKEY_LOCAL_MACHINESOFTWAREMicrosoftServerManagerRoles12 –Name ConfigurationState –Value 2

  50. chamil says:

    really helpful
    thanks

  51. Armen says:

    Hey DHCP team,
    Wanted to know what could be a possible outcome of my scenario:
    Setup:
    1) One DHCP server.
    2) Has WDS on same server.
    3) Option 60 configured.
    4) Have a router
    5) behind the router have a client.

    Scenario:
    As part of a bad flow i have configured the router to forward dhcp packets in broadcast( two DHCP relays, one to the real DHCP server the other to the broadcast address of the subnet).
    I see both packets in the wireshark.
    But, the broadcast packet is not answered by the DHCP server? only the uni-cast gets the offer.
    Why could be the reason for that?
    And how could i make dhcp server answer to both discover packets reaching it?( in dhcp server statistics i see only one discover packet arriving, but in the wireshark i see them both)