Thursday, February 21, 2013

DHCP Migrate from Split Scope to Windows 2012 DHCP with Failover

There are already several excellent posts out there about how to migrate to Windows 2012 DHCP.
Microsofts own blog is an excellent reference.
http://blogs.technet.com/b/teamdhcp/archive/2012/09/11/migrating-existing-dhcp-server-deployment-to-windows-server-2012-dhcp-failover.aspx

I'm writing this, because I didn't find a lot about migrating from multiple DHCP servers with split scopes to a single 2012 with failover and bringing the leases along with.  This is a very easy process and requires minimal work.  (note, you can also just set conflict detection and then unauthorize the old servers and let it all sort itself out).  I decided not to use conflict detection this time around as last time I did this some users got a popup about their IP expiring, this caused a call to IT to tell them to restart.  Not a big deal, but this is easy and causes one less call to IT - I'm all for less calls.


In my case I migrated off 2 Windows 2008 R2 servers with split scopes.  I wanted to pull the leases off both servers and combine them and then make the DHCP servers failover with hot standby.
I'll refer to the old servers as DC01 and DC02
The new servers will be DC03 and DC04

  • Add the DHCP role to both of your new servers.
  • On DC03 right click, run as administrator on Powershell.
  • Export-DhcpServer -ComputerName DC01 -Leases -File C:\export\dhcpDC01.xml -Verbose
  • Export-DhcpServer -ComputerName DC02 -Leases -File C:\export\dhcpDC02.xml -Verbose
  • Open both xml files with notepad (I prefer Notepad++)
    • These xml files have the full DHCP config for your old server, we need to combine the leases so that when you import all of the leases get combined.
    • Do a search for
    • This is the begining section for all your leases.
    • On the DC02 xml file copy from the first (note that I dropped the "s") down to the last Lease section.  Make sure you get both the starting and ending tags for each active lease.
    • Remove any leases that are from reservations if you have any, otherwise they will be duplicates.
    • In the DC01 xml file paste these leases into the section.  I pasted mine after the last DC01 lease, but just before the tag.
  • On DC03 run: Import-DhcpServer -ComputerName DC03 -Leases -File C:\export\dhcpDC01.xml -Verbose
  • Ensure that DC03 is authorized
  • In the DHCP mmc "unauthorize" the server for DC01 and DC02
  • You may get a parameter error when unauthorizing servers.  I found that it still worked if I closed the mmc and reopened.  In one case I did the unauthorize from the server directly or simply waited a couple minutes then closed / reopened and did it again.  Don't forget to use refresh.
    • In a pinch you can also shutdown the DHCP Server service.
  • Close DHCP mmc and reopen.  Right click DHCP and Manage Authorized Servers and check that the list is correct.
  • Go into your scopes and "merge" your scope exclusions.  I had my new single scope exclusions already written down so that I could just delete all the old exclusions and re-enter the new ones.  EDIT: You can also modify the xml file the same way you did for the leases to include the new exclusion ranges.  Look for the tags
  • I always like having conflict detection, so ensure this is on.  It's under IPv4, Properties, Advanced.  (if you had it set on your old DHCP then it will have migrated with the import)
  • I like to use a tool like MS Windows dhcploc.exe or netscan to check and ensure that I don't have rogue DHCP servers.  Check and ensure that only your new server is handing out addresses at this point. http://www.softperfect.com/products/networkscanner/
Okay, so at this point we have:
  • 1 server 2012 handing out DHCP for the entire environment (DC03)
  • 1 server 2012 with DHCP installed, but not configured  (DC04)
  • 2 old servers that have been unauthorized (DC01 and DC02)
Now we just need to configure DC04
  • From DC03 powershell (run as administrator)
  • Export-DhcpServer -ComputerName DC03 -File C:\export\dhcpexp2012.xml -Verbose
    • Note, we don't want the leases
  • Move the export file over to DC04 locally.  The next steps can be done from DC03, but I found that it ran much faster locally then remotely.
  • From DC04:
  • DHCP role should already be installed, if not install it.
  • Open powershell with run as administrator
  • Import-DhcpServer -ComputerName DC04 -File C:\export\dhcpexp2012.xml -ServerConfigOnly -Verbose -BackupPath C:\export\backup
    • This imports the server config only. No leases or scopes
  • Refresh screen
  • Right click DC04 and authorize the server

Now lets setup failover / replication
  • These next steps are done from DC03, it will be our active server while DC04 will be the standby server
  • Right click on IPv4
  • Configure Failover
  • Select the network - Next
  • Change name if desired
  • Change to mode to "Hot Standby"
  • Enter a shared secret
  • Next
  • Close
  • Refresh DHCP mmc

That's it.  Now if you right click on a scope and go to properties you will find a failover tab.  This will tell you if it's in failover and what the role of that particular server is.

At this point I would run netscan again and check which servers it sees handing out DHCP as well as which servers it shows as AD-authorized.  In my case it shows DC03 as handing out DHCP and it shows AD authorized as DC03 and DC04.
http://www.softperfect.com/products/networkscanner/


Note: dhcploc.exe is included with the Microsoft tools on the Windows 2003 cd. (believe it's also on the 2008+ cd's).  To run it I typed "dhcploc.exe mymachinesIPaddress".  I took awhile to start displaying.


13 comments:

  1. since it is the migrate from split scopes, how you deal with the excluded IP zones between two DHCP servers? I didn't see you mentioned it?

    ReplyDelete
  2. also, it looks like it dropped some of my coding from the post. Fixing now.

    ReplyDelete
  3. I very briefly mention it.

    I manually "merged" them by writing them down and combining them into a single range via notepad (or paper).
    At that point after doing the import it will have the old exclusion range for the scope that you imported. Just delete all the "incorrect" exclusions and then added the single combined exclusion that you wrote down.

    I just went back and looked and you could go in and modify the xml file for exclusions the same way you did for the leases. Look for the tags exclusionrange and it's closing tag . In between these tags will be that scopes range, just modify them to have the single scope exclusion range.

    ReplyDelete
  4. Replies
    1. Glad it helped Jeff.
      As a side note I fixed a couple typos in the configure DC04 section.

      Delete
  5. I've got split scope in a 2012 environment with AD and DNS rolls on them. How can I best do this in my case?

    Can I somehow adjust the primary scope and delete the secondary so only the primary is handing out leases and exclusions then after a few days of running off a single DHCP host configure failover?

    ReplyDelete
  6. UncleBuc you should be able to do it the same method as moving from 2008 R2. Just run the export, merge the lease sections, and follow the same directions.

    ReplyDelete
    Replies
    1. Aaron,

      Thank you for taking time to post and replying back, very appreciative...

      So I want to re-use the secondary DHCP as my failover, do I need to do anything to that secondary DHCP to clean it out or make sure it doesn't pick up any of the old configurations?

      Thanks again!

      Delete
    2. You've probably completed this by now as I missed replying to you. Doing an uninstall of DHCP should be enough.
      Look at notes section: "when you remove DHCP, all DHCP files are deleted from the server except program files that are in use."
      https://technet.microsoft.com/en-us/library/cc775476(v=ws.10).aspx

      Delete
  7. Direct(Awesome) post I am in the same config mess as UncleBUC. Will be migrating to DHCP Failover this weekend.
    I will ping back when done.

    ReplyDelete
    Replies
    1. Great, hope it helps with your migration this weekend!

      Delete
  8. Did you have to expand your address ranges after the import of the xml file?

    ReplyDelete
    Replies
    1. Sorry for not responding sooner, changed jobs and forgot to update this sites notification address. I expanded my address range prior to the import by manually typing it back in.

      Delete