Migrating existing DHCP Server deployment to Windows Server 2012 DHCP Failover


Introduction

This article provides information on how to migrate an existing DHCP server deployment on Windows Server 2008 or Windows Server 2008 R2 to Windows Server 2012 DHCP Failover.

DHCP Failover feature requires two Windows Server 2012 on which the DHCP role is installed. To migrate from an existing DHCP server deployment to use DHCP Failover in Windows Server 2012 is a four step process-

  1. Install DHCP Server role on 2 Windows Server 2012 computers.
  2. Export DHCP server configuration from existing server.
  3. Import all DHCP server configuration on the Windows Server 2012 DHCP server intended to be the primary server in the failover relationship.
  4. Import only server-level configuration on the Windows Server 2012 DHCP server intended to be the failover partner server.
  5. Configure DHCP failover from the intended primary server.
  6. Update DHCP relay agents with IP addresses of the DHCP failover servers

Export DHCP server configuration and leases

Windows Server 2012 has new DHCP server PowerShell cmdlets which include export/import based on PowerShell. To export the DHCP server configuration, scopes and leases from a Windows Server 2008 or Windows Server 2008 R2 DHCP server (say named win2k8r2-dhcp.corp.contoso.com), run the below command from the new Windows Server 2012 powershell console.

Export-DhcpServer –ComputerName win2k8r2-dhcp.corp.contoso.com -Leases -File C:exportdhcpexp.xml -verbose

In case one doesn’t wish to export lease information, leave out the –Leases switch from the command.

Since PowerShell provides remoting functionality, this command when run from Windows 8 client (with DHCP RSAT installed) or Windows Server 2012 computer with the –ComputerName switch being that of a Windows Server 2008 or Windows Server 2008 R2 computer running DHCP server, would be able to export and fetch all data from the remote server successfully.

After running this command successfully, the DHCP server configuration on the source server, including server level configuration, scopes present on the server, and the associated configuration and leases will be exported to the file dhcpexp.xml.

Import DHCP server configuration and leases on Windows Server 2012

Using the DHCP server Windows PowerShell import, the DHCP server configuration can be now be imported on the Windows Server 2012 DHCP server (say named DHCP1.corp.contoso.com) using the following command:

Import-DhcpServer –ComputerName DHCP1.corp.contoso.com -Leases –File C:exportdhcpexp.xml -BackupPath C:dhcpbackup -Verbose

If you wish to migrate specific scopes (e.g. 10.1.1.0, 10.1.2.0) to the Windows Server 2012 DHCP server instead of migrating all the scopes, you can use the following import command:

Import-DhcpServer –ComputerName DHCP1.corp.contoso.com -Leases –File C:exportdhcpexp.xml -BackupPath C:dhcpbackup -Verbose –ScopeId 10.1.1.0, 10.1.2.0

The above mentioned import command should be run only on the Windows Server 2012 DHCP server (DHCP1) which is intended to be the primary server for the failover relationship.

When a failover relationships is set up between two Windows Server 2012 DHCP servers (DHCP1 and DHCP2), the failover setup wizard (or cmdlet) replicates the scopes and associated configuration on the second server (DHCP2). Hence, the scopes are not required to be imported on the second server (DHCP2).

However the failover setup wizard (or cmdlet), does not replicate server level configuration to the second DHCP server.  If there is a server level configuration present on the existing DHCP server deployment, which include:

  • Vendor or User classes other than those which are built-in.
  • Option definitions other than those which are built-in
  • Server level option values
  • MAC address based filters
  • Conflict detection attempt (if set to something other than the default)

These server level configuration options must be imported on the second DHCP server (DHCP2). To import only server level configuration on the partner server DHCP2, use the following command:

Import-DhcpServer –ComputerName DHCP2.corp.contoso.com –File C:exportdhcpexp.xml –ServerConfigOnly –verbose –BackupPath C:dhcpbackup

The switch –ServerConfigOnly achieves the desired objective of just importing the server-level settings.

After having migrated all server-level and scope settings on the primary server and migrated only server-level settings on the partner server, one can now configure a DHCP Failover relationship between the two servers. Refer to the links at the end of this post to understand more about deploying DHCP Failover.

Updating other DHCP related configuration

Configurations like the DHCP relay agents for all the subnets/scopes being migrated need to be configured with IP addresses of the two Windows Server 2012 DHCP servers in the failover relationship so that the DHCP client messages are relayed by the relay agent to both the DHCP servers. Please refer the documentation of your DHCP relay agent for details on how to update the DHCP relay agent with IP addresses of the DHCP servers.

Conclusion

We hope this blog post eases migration of existing DHCP Server deployments to the new Windows Server 2012 DHCP server and enables deployment of DHCP Failover. As always, your feedback and comments are most appreciated.

Other Links

Team DHCP

Comments (50)

  1. Anonymous says:

    Hi Guys. in regards to the migration of leases question…here is mine
    i am planning to move the scopes from 2003 to 2012r2, so will run netsh to export the entire of the scopes, with the leases, and import them into the new one, but i am planning to play it safe and de-activate scopes in the old one and activate the scopes on the new 2012r2 as im moving along, the problem is since im actually doing the netsh once, the leases will be old on the 2012r2 once this is moving…im guessing i should just be deleting the leases from the 2012r2 box ? and get the clients just request a new IP ? or keep the leases info from the netsh export, and let DHCP work its magic ?

    Thanks guys

    Martin

  2. teamdhcp says:

    Its recommended that you migrate and retain the leases on the new server. The new server will automatically delete the leases if they expiry. You need not delete them. Migrating and retaining leases will avoid the problem of duplicate IPs on the network.

  3. teamdhcp says:

    Hi Bart
    For export command you do not need to stop any server. The DHCP Server from which you are exporting the data can be running.
    Similarly while importing the data you do not need to stop the DHCP server to which you are importing the data to.
    Thanks

  4. teamdhcp says:

    Hello Sven,
    Yes – when the link between the data centers goes down both the DHCP Failover servers will move into COMMUNICATION INTERRUPTED state. Both the servers will continue to service the clients assuming the clients have not lost connectivity to the data centers.

  5. This is sick! So Simple!

  6. teamdhcp says:

    Thanks Rusty for sharing your deployment information.

    From your description, I am not sure if you need a large number of failover relationships. In a single failover relationships, you can have MULTIPLE scopes. In fact, there is no upper bound on the number of scopes in a single failover relationship – we have tested till 10,000 scopes in a single failover relationship.

    Does that help or did I misunderstand your deployment need still.

  7. teamdhcp says:

    Hi JR,

    I am unable to understand the question very clearly. If you are saying, all the currently leased IP addresses need to be released/expired before performing the migration, it is definitely not required since the steps mentioned above will migrate active leases from the source server to destination server. Let us know if this did not answer your question.

  8. teamdhcp says:

    Hi Anker, You can use the script at the following location to migrate from split scope to DHCP failover
    http://gallery.technet.microsoft.com/scriptcenter/Migrate-Split-Scope-to-9791ddcd

  9. teamdhcp says:

    Hello dtg, DHCP PowerShell cmdlets cannot be used with Windows Server 2003 R2. It is only supported for Windows Server 2008 and above. However, you do not need to go thru a 2 stage process, you can use netsh export/import to migrate from 2003 R2 to 2012R2
    directly without the intermediate step of migrating to 2008/2008R2.

  10. teamdhcp says:

    Hi Mike,

    Usage example –

    -ComputerName mycomputer.mytestdomain.com

    You don't need the angle brackets. Will get the example in the blog corrected.

  11. teamdhcp says:

    Hi Hans,

    You should definitely avoid having both DHCP servers authorized and servicing clients at the same time since that could lead to duplicate IP address situation leading to bad addresses on the DHCP server. You can do the following sequence of steps –

    Remove the binding of the new DHCP server. This will ensure that clients are not serviced by this DHCP server. Even when the binding is removed, you can perform import/export on this DHCP server.

    Authorize the new DHCP server

    Remove authorization for the old DHCP server

    Enable the binding of the new DHCP server. Now the new DHCP server will start servicing the clients.

    Thanks.

  12. teamdhcp says:

    Hi Martin,
    Yes. Deactivates as well as active scopes can be migrated together.
    I noticed that you mentioned migration from WS 2003. The PowerShell cmdlets including Export mentioned in this blog is supported for WS 2008 onwards. For migrating from WS 2003, you can use netsh export/import or Windows Server Migration tool.

  13. teamdhcp says:

    Hello Opie,

    You can build the new DHCP servers using some new IP addresses.

    When you turn off the old DHCP servers, you can change the IP addresses of the new servers and assign the old IP addresses to them.

    However, if you are deploying failover configuration, and your number of DHCP servers is increasing, then you will require additional IP addresses for your DHCP servers and will have to update your relay agents with these  additional IP addresses.

  14. teamdhcp says:

    Hi HH,

    After following the steps in this article, you can configure load balance failover using the steps mentioned in the failover step by step guide at technet.microsoft.com/…/hh831385.aspx if you are using DHCP MMC. If you are using DHCP PowerShell, you can use the steps mentioned at blogs.technet.com/…/dhcp-failover-using-powershell.aspx to do the same via command line.

  15. Anonymous says:

    Thanks for the reply, I checked the DHCP documentation that the scopes should not be de-activated unless they are being deleted for good so my question is…can they co-exist while i am migrating ? meaning the scope x is disabled on w2003 while same scope x is enabled on new w2012r2 server ? Thanks Martin

  16. teamdhcp says:

    Thanks Joe for the feedback. Could you please share specifics on aspects that you are looking for from an enterprise perspective.

  17. teamdhcp says:

    Yes, David. That is a supported deployment.

  18. teamdhcp says:

    Opie,

    In addition to what we said above –

    Regarding your comment – "I saw in the documentation that building the servers requires registering their names/IP in AD, so I'm wondering if there might be a technical barrier to doing this."

    You need to do this step (authorizing the DHCP server in AD) to get the DHCP server to start servicing clients. You can complete migration of the configuration/provisioning of the DHCP servers without this. Then, after you have changed the IP address of the DHCP server to the old IP address, you can authorize it in AD to get it start servicing clients.

  19. teamdhcp says:

    Lewis,

    Import-DhcpServer will merge the configurations as long as there is no conflict. The conflict situations could be:

    – the target server already has a value for an option and the import file contains a different value for the same option.

    – the scope being imported already exists on the target DHCP server

    In such cases of conflict, the Import-DhcpServer will retain the configuration on the target DHCP server and log a warning to the console reporting the conflict.

    For the case of scope already existing, you can use the -OverWrite switch to overwrite the scope on the target DHCP server.

    Suggest to use the -Verbose swtich to get the detailed logging from this cmdlet.

  20. teamdhcp says:

    Marc,
    – to perform export/import you do not need the DHCP servers to be in authorized state.
    – you can authorize the DHCP servers even when the bindings are removed.
    – you will be able to test DHCP failover state changes with the bindings removed. But the servers will not be taking any client traffic since there are no bindings.

  21. Joe says:

    aboutu time MS catches up with world but this attempt is still not an enterpise solution – MS once again behind the market leaders in IPAM

  22. rusty says:

    Could you please share specifics on aspects that you are looking for from an enterprise perspective.

    I can……………

    We have a lot of well defined DHCP scopes that cover geographic locations on our local campus as well as our remote sites. The limit of 31 failover relationships seems low. We have a scope for each network closet and each floor. Scopes are a class C for each area, for example Floor1 North, Floor1 East, Floor1 South, Floor1 West. x 7 floors. Then the same deal for a 4 story building next door and we're over 31.

    I understand that there may have been a design consideration that led to this limit, but I was wondering if there is a way to modify a reg key, etc to increase the limit of 31.

  23. mike says:

    Am I typing out the FQDN in the <brackets> after the -ComputerName switch?  Or does the FQDN go in place of "ComputerName" ?

  24. HH says:

    Thanks team for wonderful article. Do we have here a migration from single server to 2012 load balance dhcp server? This will be perfect 🙂

  25. LewisC says:

    Hi,

    Great article thank you v much. Quick q – If you are consolidating numerous DHCP Scopes from server 2008, into 2 server 2012 boxes setup in a failover…. when you export the configs from the old dhcp servers & import them 1-by-1 into server 2012, does it MERGE the configs, or overwrite with each import?

    Thanks!

    -Lewis

  26. Opie says:

    We have over 200 subnets.  I'm not the router admin, but I think updating all the relay agents could be quite a large task for us.  It would be easier to build the DHCP servers and then turn off the old ones and assign the IP addresses of the old DHCP servers to our new Windows 2012 DHCP servers.  Then we wouldn't have to update all of the relay agents.  Is this possible?  I saw in the documentation that building the servers requires registering their names/IP in AD, so I'm wondering if there might be a technical barrier to doing this.  Also, I would like to have the new boxes built before the cutover instead of turning off the old ones and then bringing up the new ones without DHCP installed on their old IPs and building everything then.

    If this can't be done, that's OK – we'll just have to do it the way you recommend by updating all of the relay agents.  I was just hoping there might be a faster way for us.

  27. Hans says:

    Hey,

    I got a question on the timing of turning off the old DHCP and authorizing the new DHCP server.

    My old server is running, I export the config and import it on the new not-yet-AD-authorized DHCP. Now I turn off the old one and then authorize the new one? Or do I first authorize the new one and then turn off the old one?

    We got about 50 clients so it shouldn't really matter, but I'd like to avoid any mishappenings.

    Thanks,

    Hans

  28. JR Velasco says:

    The other thing I found is needed to release the existing IP, what would the best route to do without released/renew/reboot the machine? Should I just wait until the lease is over? no problem migrating the IP/Leases

    Thank,

    JR

  29. DP says:

    May want to consider enabling "conflict detection attempts" when migrating from one dhcp server to another.  DHCPSERVERNAME -> ipv4 <- right click  properties -> select advanced, put in 1 or 2.  Should be done on all dhcp servers that need it enabled.  This will make sure the IP being assigned is not in use.  

    Thanks MSFT for the LB/FO feature.  

  30. Matt Pollock says:

    Help!!

    I'm following the steps listed to import DHCP from 2K8R2 to WK12, but the import is failing on importing the active leases.

    The server config and the reservations are all pulled in OK on to the new server however, importing the active leases is failing.

    Each attempt to import an active lease fails with:

    Import-DhcpServer : Failed to add IP address lease for 10.3.37.230 on server newdhcpserver.mycompany.localnet. :

    There are no more endpoints available from the endpoint mapper. (1753)

       + CategoryInfo          : NotSpecified: (10.3.37.254:root/Microsoft/…cpServerv4Lease) [Import-DhcpServer], CimEx

      ception

       + FullyQualifiedErrorId : WIN32 1753,Import-DhcpServer

    can anyone assist with this???

    Thanks

  31. Well... says:

    is not recognized as the name of a cmdlet….

  32. teamdhcp says:

    Well, could you please mention what cmdlet are you referring to. All the cmdlets referred in the blog are part of Windows Server 2012. If you are using on Windows 8 client, you will need to install RSAT (Remote Server Administration Kit)

  33. CITS says:

    Dear Team DHCP Thank you very much for such valued article, However I have a quick question..

    When I'm done Export and Importing the backup of old dhcp server and ready  to Authorize the new DHCP server , do I have to authorize the fail-over (secondary) dhcp server as well ?

    Thanks !!!

  34. teamdhcp says:

    CITS, Glad to know that you found the article useful.

    Yes – you need to authorize both the DHCP failover servers individually.

    Another things you need to do is configure the DHCP relays/IP helpers to forward DHCP packets to both the DHCP failover servers.

  35. CITS says:

    Gr8, I'm planning to do the migration this weekend, thanks a lot for your quick reply.

  36. Anonymous says:

    Pingback from ???????????????? ???? ???????? ?????????? ???????????? ???????????? ???????? ( Windows Server Migration Tool )

  37. Anonymous says:

    Pingback from ???????????????? ???? ???????? ?????????? ???????????? ???????????? ???????? ( Windows Server Migration Tool )

  38. Sven says:

    Hi team. Thank you for this great feature and article.

    I have a question:

    If I have a subnet stretched to two datacenters and planning to put one DHCP loadbalance node in each of the datacenters, what will happen if line between datacenters goes down, but both DHCP server keep running?
    I think the failover cluster will go in communication interrupted, but clients can still reach both servers, but both servers will respond to all clients, correct?

  39. David says:

    Can I have two DHCP servers local and one remote as part of the failover?

  40. Anonymous says:

    A DHCP patch fix for Windows Server 2012 has been released for the following issues recently

    1) The

  41. anker says:

    Hi Team,
    Great Article.
    What about if we have 2 2k8 dhcp servers with the 80:20 scoping. How can I get the scopes and leases from the old "number 2" dhcp server ?

    /anker

  42. Rob says:

    Excellent Job! Very easy and simple commands to migrate from 2008 – 2012. Completed in only a few minutes.

  43. dtghelp says:

    can the script be used to migrate from 2003r2? Its not a massive problem if it can't as I was going to migrate to w2k8r2 so I already have 2 w2k8r2 VM's configured for dhcp. So I could use netsh to migrate from w2k3r2 to w2k8r2 first and then run the script
    to pull everything in to w2k12r2. Bit of a two stage process but at least I can test it first as I'm using VM's

  44. Bart says:

    Are both the 2008 R2 and 2012 R2 DHCP running at the same time for the export and import? Or does the DHCPServer need to be stopped?

  45. rolf says:

    I found this article extremely easy to follow, and very helpful. Thanks for posting it.

  46. Anup says:

    Great instructions !!! Made my life easy

  47. sam says:

    this artcile is really helpful!!! good job done teamdhcp

  48. Anonymous says:

    Here is yet another tangent thought totally not related to any other of my blog posts! Maybe some day

  49. Marc J says:

    Great article! This has been very helpful as I'm planning to migrate our DHCP server from 2008R2 to two 2012R2 servers using HA. I had a question. Would it be possible for me to test everything on my new servers before making the switch? I've been searching
    like crazy to see if I can authorize my two 2012's but have the bindings removed. (I'm extremely paranoid of having duplicate/rogue DHCP servers and wreaking havoc). My thinking is that if I can do that, I can not only test the import/export portion of the
    procedure, but I could also test the DHCP failover portion as well. Then if everything tests Ok, I can simply redo the import and enable the bindings and I'd be in business.

  50. Anonymous says:

    DHCP PowerShell in Windows Server 2012, in addition to providing cmdlets for DHCP server management,