new DHCP server not seen by clients

[ciggwin]

i am retiring a DC which holds the DHCP role for my domain.

i moved my DHCP database from one 2k3 DC (old) to another 2k3 DC (new) following the instructions from http://support.microsoft.com/kb/325473

i have also authorized the new server and everything looks fine. i had no problems during the database move other than having to specify DNS dynamic updates registration credentials on the new DC. i used the domain admin because from what i read it just needed an account that can authenticate. the old DC / DHCP server did not have anything in there.

my problem is that when i stop DHCP on the old server and try to test with renewing the IP on a client, the clients are not seeing the new server and they are unable to pull a DHCP address. i have done a lot of searching and reading but i cannot find anything relating to the issue or how to see what is happening behind the scenes in order to diagnose.

any suggestions?

thank you!

 

[Jay_2]

you are starting the DHCP service on the new server? No firewalls? The clinets can ping the server? Get wireshark on it and see whats going on, make it simple, cut it down to a basic network, 1 host, the DHCP server and 1 switch

I normally just move the data bases and it works.

 

[da sponge]

DHCP clients never 'see' the server.

Use netmon to pin down where the problem is. The client is making the discovery; you need to see what offers are made in response, whether the client makes a request and whether the server acknowledges (http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol#Technical_details). That'll help you pinpoint your troubleshooting.

 

[gimp]

any layer 3 switching?
need to update the helper address on the switches?

just guesses, since no mention of what kind/how big of a network

 

[timreichhart]

I am also trying to setup a DHCP 2K3 server and after I got setup and the client is not getting IP and my computer is connected to a hub.

 

[ciggwin]

Hmm now that you mention it, it may be the helper address on the switch.

If that is not it I will try to troubleshoot with netmon - thanks guys!

The new DHCP is a VM so it is hard to isolate.

 

[compslckr]

Pretty much echoing what was said above

1) check connectivity between client and server
2) check helper addresses
3) check firewalls
4) fireup wireshark on your computer and the server and watch the handshake process and see where it breaks.

 

[Nate7311]

Did you just install the DHCP Server and configure it, or did you authorize it as well?

 

[timreichhart]

@ nate7311 are you asking me? if so I was able to get it working after putting a static IP address on my onboard nic card.

 

[ciggwin]

the server is authorized and is showing up on the other DHCP server. i have to figure out how to change the DHCP helper on my HP 5412 switch. the switch was set up by a partner and since this seems pretty easy i am going to try and figure it out rather than call him and get billed for the time.

anybody familiar with HP switch CLI?

 

[Berg0]

anybody familiar with HP switch CLI?

yup, I have 2 5412zl's in production it's super simple:

in vlan configuration for your clients vlan#

ip helper address 1.1.1.1

where 1.1.1.1=your DHCP server ip. Your switch msut have IP's inboth the VLAN the clients are in, and the VLAN your DHCP server is in. feel free to post up your config if you have trouble.

 

[Autopia]

reading the threads here I can't help but think you have two servers with DHCP enabled on them, if so you need to disable one then try ipconfig /release then ipconfig /renew on one of the client computer see if you get ip address. also you can try to unplug the client computer network cable then plug it back in to see if that gets a ip address. I also agree you should try to ping the server see if you can.

 

[MikeTrike]

Something like this

interface eth 0/2.200
  description DATA_VLAN
  vlan-id 200
  ip address  10.0.0.1  255.255.255.0
  ip helper-address  10.0.0.6
  access-policy Private
  no shutdown

It's not all that different from a cisco box. Login via telnet or ssh, enter enable mode if there is an enable PW. do sh run or show run, whatever is comfortable to see the config, so you can go about locating where the helper is at; vlan/interface/etc.

From there you will do conf t for configure terminal on the command line. Once in there you can go to the interface, for my example above it would be int eth 0/2.200 and then you would just type ip helper-address 10.0.0.6 for whatever your DHCP server IP is.

Once every thing is done and working, don't forget to do write mem. otherwise you'll love it if it gets rebooted, loses power, etc later. Because your config changes will be nice and gone.

 

[ciggwin]

Thanks. I have gotten in there and I am going to redo the ip helper address but I need to recopy the DHCP database first as it's been a few days since I last tried this.

Is there a way to export/print the "sh run" so I can see it all together and/or post it here?

 

[MikeTrike]

If you use PuTTY you can select all and copy/paste into notepad, depending on how long the config is; you may need to break it up into a few copy/paste sessions. Or if you're using hyper-terminal you can use the capture to text file option.

 

[ciggwin]

So then all I would need to do here is...

config t
ip helper address 10.1.5.10

10.1.5.10 is the new DHCP server IP

Here is the current config... and while I am posting it... does anyone see a reason in here why I would not be able to add machines to the domain unless they are in the Server VLAN? If they are in the PC VLAN it tells me no DCs are available. Is it because there is no ip helper in the PC VLAN? Those clients can still get a DHCP address, so I would not think that to be the problem.

Running configuration:

; J8698A Configuration Editor; Created on release #K.14.41

hostname "HP 5412ZL"
time timezone -5
module 1 type J9307A
module 2 type J9308A
module 9 type J9307A
module 10 type J9307A
module 11 type J9307A
module 12 type J9307A
interface B8
   name "ShoreTel"
   no power-over-ethernet
exit
interface B9
   name "ShoreTel T1K #1"
   speed-duplex 100-full
   no power-over-ethernet
exit
interface B10
   name "ShoreTel T1K #2"
   speed-duplex 100-full
   no power-over-ethernet
exit
interface B11
   name "ShoreTel 90"
   speed-duplex 100-full
   no power-over-ethernet
exit
interface B12
   name "ShoreTel 50"
   speed-duplex 100-full
   no power-over-ethernet
exit
interface B13
   name "ShoreTel SA100"
   speed-duplex 100-full
   no power-over-ethernet
exit
interface B14
   name "Wireless link to Firewall"
exit
interface B15
   name "SonicPoint 1"
exit
interface B16
   name "SonicPoint 2"
exit
interface B17
   name "SonicPoint 3"
exit
interface B18
   name "SonicPoint 4"
exit
interface B19
   name "SonicPoint 5"
exit
interface B20
   name "SonicPoint 6"
exit
interface A1
   name "Sonic Firewall"
exit
interface A2
   name "DC1"
exit
interface A3
   name "Data"
exit
ip default-gateway 10.1.5.254
ip routing
vlan 1
   name "Server VLAN"
   untagged A1-A23,B2-B6,B21-B24
   ip helper-address 10.1.5.11
   ip address 10.1.5.1 255.255.255.0
   tagged B14-B20
   no untagged A24-B1,B7-B13,I1-I24,J1-J24,K1-K24,L1-L24
   exit
vlan 2
   name "PC VLAN"
   untagged I1-I24,J1-J24,K1-K24,L1-L24
   tagged A1,B14-B20
   no ip address
   exit
vlan 3
   name "ShoreTel VLAN"
   untagged B8-B13
   tagged A1,B14-B20,I1-I24,J1-J24,K1-K24,L1-L24
   no ip address
   exit
vlan 10
   name "SonicPoint VLAN"
   untagged B14-B20
   tagged A1
   no ip address
   exit
vlan 9
   name "Security VLAN"
   untagged B1,B7
   tagged A1,B14-B20
   no ip address
   exit
vlan 110
   name "VLAN110"
   tagged A1,B14-B20
   no ip address
   exit
vlan 102
   name "VLAN102"
   tagged A1,B14-B20
   no ip address
   exit
vlan 202
   name "VLAN202"
   tagged A1,A24
   no ip address
   exit
vlan 203
   name "VLAN203"
   tagged A1,A24
   no ip address
   exit
vlan 209
   name "VLAN209"
   tagged A1,A24
   no ip address
   exit
mirror 1 port A1
timesync sntp
sntp unicast
sntp server priority 1 4.2.2.1 3
ip route 0.0.0.0 0.0.0.0 10.1.5.254
interface B9
   monitor all both mirror 1
   exit
interface B10
   monitor all both mirror 1
   exit
snmp-server community "public" unrestricted
snmp-server contact ""
password manager

 

[MikeTrike]

So then all I would need to do here is...

config t
ip helper address 10.1.5.10

10.1.5.10 is the new DHCP server IP

More like this, since it's under vlan 1

conf t
vlan 1
ip helper-address 10.1.5.50
end

EDIT: updated

Also do this after you confirm everything is working.

write mem

 

[ciggwin]

OK so i've changed the ip helper-address to 10.1.5.10 and i can also ping that address just fine (the clients can also all see it)

however the client does not see it as a DHCP server. it just does not pull any address now that i have stopped DHCP on the old server.

am i back to square one in troubleshooting with netmon or wireshark?

 

[MikeTrike]

Your DHCP server, the new one, does it have the windows firewall off? If it's on, try turning it off and testing.

 

[ciggwin]

Firewall is off by Group Policy

 

[MikeTrike]

Firewall is off by Group Policy

Ha, I do the same thing.

All of your scopes on the new DHCP server are set to active?

 

[ciggwin]

Ha, I do the same thing.

All of your scopes on the new DHCP server are set to active?

Yes active and it has been authenticated. It is also showing up on the old DHCP server when I "Manage Authorized Servers" in DHCP console so it has definitely taken effect.

The odd thing there is that the old servers are still listed with their old IP addresses 192.168.1.x (changed subnets when we moved the office) and not the new scheme (10.1.5.x) but it obviously isn't having negative effects since DHCP is currently working on that old server.

Do I need an ip helper-address in the other VLANs?

When I set the config back to the original (ip helper = 10.1.5.11 and start up DHCP on old server) everything works fine.

The only other thing I can think of is there used to be a 10.1.5.0 scope and i removed it because that scope is handed out by the SonicWALL now. could that have done something to DHCP and while it is still functional, a new setup would have problems?

my scopes are 10.2.5.0 and 10.3.5.0

here is a screenshot of the new server...

 

[Jay_2]

2 data and 3 phones?

I assume your DHCP server has 1 NIC in 1 VLAN, if so all the helpers need to be changed.

You need to get wireshark on your network to see if the DHCP is broadcasting or not.

Also make sure you have done the basics, right IP range, right subnet right default gateway. What does your Layer 3 routing?

actually 3 says PXE lol and 01 04 00 00 00 00 ff gives it away as well.

 

[ciggwin]

2 data and 3 phones?

I assume your DHCP server has 1 NIC in 1 VLAN, if so all the helpers need to be changed.

You need to get wireshark on your network to see if the DHCP is broadcasting or not.

Also make sure you have done the basics, right IP range, right subnet right default gateway. What does your Layer 3 routing?

actually 3 says PXE lol and 01 04 00 00 00 00 ff gives it away as well.

The DHCP server does have 1 NIC in 1 VLAN. So I need to add a helper to VLAN 2 and VLAN 3? I am curious why that was not needed before?

Will get wireshark going and see if I can figure that out.

Where am I doing the basics? (right IP range, right subnet right default gateway) On the new DHCP server? I exported the DHCP database from the current server and then imported it on the new one. It's the same except the old one obviously has a bunch of leases.

The HP switch is doing the Layer 3 routing, is it not?

 

[MikeTrike]

The HP switch is doing the Layer 3 routing, is it not?]

It looks like it is, since this is in there.

ip routing

 

[Jay_2]

It looks like it is, since this is in there.

ip routing

Just becuase it has IP Routing enabled doesn't mean its actually doing the routing. What is the default gateway of your devices?

Correct, never used HP CLI but it looks just like Cisco! Infact HP used to even have CDP in their switches.

What would happen if you make the switch port a trunk port and put a DHCP server in to it? A trunk can see all VLANs.

 

[ciggwin]

Just becuase it has IP Routing enabled doesn't mean its actually doing the routing. What is the default gateway of your devices?

Correct, never used HP CLI but it looks just like Cisco! Infact HP used to even have CDP in their switches.

What would happen if you make the switch port a trunk port and put a DHCP server in to it? A trunk can see all VLANs.

The default gateway is 10.1.5.1, 10.2.5.1, 10.3.5.1, etc.

I have no idea what you are talking about in regards to making the switch port a trunk port

 

[Jay_2]

no problem about the trunk just pondering to be honest.

What are those IPs are they the VLAN IPs on the switch?

 

[ciggwin]

From how it was explained when set up, each VLAN has its own "default gateway" and that is the .1 of the corresponding VLAN (10.2.5.x, 10.3.5.x) - when I do an ipconfig /all from a DHCP client computer it shows the default gateway as 10.2.5.1

Wireshark running .... lol

 

[Jay_2]

so the VLANs are setup on the HP switch with IP addresses and then these are used as the gateways for the cleints on that VLAN so yes, the switch is doing your L3 intervlan routing. There is no way it should have worked without a helper address.

I also find it odd that you are using a class A network with a /24 subnet.

 

[ciggwin]

so the VLANs are setup on the HP switch with IP addresses and then these are used as the gateways for the cleints on that VLAN so yes, the switch is doing your L3 intervlan routing. There is no way it should have worked without a helper address.

I also find it odd that you are using a class A network with a /24 subnet.

That is how it was set up. I told them I wanted something different than 192.168.... because it had previously interfered with home networks. I am not well versed yet in setting up networks so I only half understand why it would be odd You have such a large number of networks available in a Class A and yet I am limiting myself to the last octet... right?

I have added an ip helper-address on to VLANs 2 and 3, so should I give it another go?

 

[Jay_2]

yes, give it a go.

 

[ciggwin]

Well I figured it out and I am not sure if it had anything to do with the ip helper-address on the switch.

I was running Wireshark in a filter for bootp which I found out on the Wireshark site is the filter to use for DHCP. So I started looking into the DHCP packets and noticed some references to Sonicwal_15:f8:54 and wondered why those were in there... DHCP is supposed to come from my server not from the SonicWALL.

So I logged on to the SonicWALL | Network | IP Helper and sure enough IP Helper is enabled for DHCP and it is pointing to an Address Object for 10.1.5.11. I changed that to 10.1.5.10 and BAM, DHCP now working off of the new server.

On the down side, I am even more confused now as to how my network is set up

 

[MikeTrike]

I think you need to bring in a proper consultant to sort your network out.

As long as it's working for now, however it will cause you pain later if you don't set it up all proper like.

 

[ciggwin]

I think you need to bring in a proper consultant to sort your network out.

As long as it's working for now, however it will cause you pain later if you don't set it up all proper like.

Heh, that is what I thought we did in the first place...

I think it will just take some time to map it all out. It is confusing because I am overwhelmed but if I can get it on paper it should look much simpler... right????

Thanks for all of the help everyone! I love the [H]

 

[Jay_2]

That's confusing. I'll have a think about this one and post back.