DHCP failover partnership remove

Max Coder

unread,

Jan 8, 2025, 6:11:27 AMJan 8

to ntsysadmin

Hi,

I've got two Windows Server 2022 machines that are in DHCP Failover hot-standby configuration.

The first thing I’m going to do is remove the failover partnership between DHCP01 and DHCP02 machines.

but the one I run the command on will be the DHCP server that remains operational after I remove the partnership (in this case 2012-dhcp-1.contoso.com).
Right? I don't want to accidentally delete the scopes on dhcp1

I will run below commands on DHCP01 machine. Am I Correct?

Get-DHCPServerv4Failover
Remove-DHCPServerv4Failover "Failover-Group-Name"

Severino Juan Miguel

unread,

Jan 8, 2025, 8:14:29 AMJan 8

to ntsys...@googlegroups.com

Hi

I am not sure you can remove the relationship if it is in use. Remove scopes first, remove the relationsphip next once you know everything is working fine. This also allows for easy rollback. You never know with modern firewalls and it is easy to forget something.

If you run the command Remove-DhcpServerv4FailoverScope, the scope will remain configured in the system it was run on (use -computer to make sure where to run it) and it will be removed from the partner.

The best way to make sure it works like you want is creating a dummy scope. Use 1.2.3.4 or whatever and test. Once you are confident how it works, run the script on the production scopes.

To migrate the scopes, create a new relationship with the new server if you don't have already one (you will need a scope. Use a dummy one that you will delete afterwards).

For instance:

Add-DhcpServerv4Failover -ScopeId "5.5.10.0" -ComputerName "SurvivingServer" -Name "NewRelationshipName" -PartnerServer "NewDHCPServer" -MaxClientLeadTime "01:00:00" -SharedSecret "Redacted" -Force:$true -ServerRole Active -ReservePercent 20

If it didn't explode, check that both DHCP servers can see each other: Go to the scope (5.5.10.0 in this case), properties, failover and ensure that both partners are "Normal". It's very easy to forget this part and you will have a non-functional setup that looks fine, but it's not working.

Create a reservation, synchronize scopes. They should work. If they don't, check the firewalls.

Make sure the global parameters are set the way you want. Sometimes it is desired to have them different between servers (typically in failover scenarios or for load balancing), but in other occasions it's a problem if they aren't correct or worse, forgotten.

If everything looks fine, use something like this to migrate the scopes.

$vScopes=@(

"10.130.0.0",

"10.130.4.0",

"10.130.6.0",

"10.133.8.0")

foreach ($vScope in $vScopes) {

write-host "Reconfiguring $vScope"

Remove-DhcpServerv4FailoverScope -ComputerName "SurvivingServer" -ScopeId $vScope -name "OldRelationshipName"

Add-DhcpServerv4FailoverScope -ComputerName "SurvivingServer" -ScopeId $vScope -name "NewRelationshipName"

}

If it doesn't work, you can always exchange the relationship names and it is back to the original.

I've migrated close to 50 scopes last month between AD forests using something similar to that script. Your user must have at least DHCP Administrator permissions on both, local and remote server/forest.

Best regards

Seve

Von: ntsys...@googlegroups.com <ntsys...@googlegroups.com> Im Auftrag von Max Coder
Gesendet: Mittwoch, 8. Januar 2025 12:11
An: ntsysadmin <ntsys...@googlegroups.com>
Betreff: [ntsysadmin] DHCP failover partnership remove

-!-!-!- EXTERNAL EMAIL -!-!-!- This email originated from outside of SKAN. Do not click links or open attachments unless you recognize the sender and know the content is safe

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/a8a59026-c9f9-42aa-a4e5-b757e7b7e8efn%40googlegroups.com.

The content of this message is confidential and shall be used solely for the intended purpose and by the intended recipient. If you received this email by mistake, please inform us immediately and delete this message without disclosing its content to any other person. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. The integrity and security of this email cannot be guaranteed over the internet. The sender shall not be held liable for any damage caused by this message.

maxcoder1

unread,

Jan 8, 2025, 8:33:55 AMJan 8

to ntsys...@googlegroups.com

Get-DHCPServerv4Failover

Name : dhcp01.contoso.local-dhcp02.contoso.local
PartnerServer : dhcp02.contoso.local
Mode : HotStandby
LoadBalancePercent :
ServerRole : Active
ReservePercent : 5
MaxClientLeadTime : 01:00:00
StateSwitchInterval :
State : Normal
ScopeId : {192.168.40.0, 192.168.41.0, 192.168.50.0, 192.168.51.0...}
AutoStateTransition : False
EnableAuth : False

I have multiple scopes.

My workflow :

1 - Firstly , Remove scopes first, remove the relationship

I will use "Deconfigure failover" option in GUI on dhcp01 machine (active). Correct?

then , right click on IPv4 - go to failover tab - remove failover relationship on dhcp01 machine (active)

Also , I have two question too.

1- I need open TCP port 647 to listen for failover messages between two failover partner servers. bidirectional right?

2 - What port does IP-Helper use for relaying DHCP requests? Do you need to open UDP ports 67 and 68 between dhcp server and dhcp client?

3 - I have 5% addresses reserved for the standby server. What does 5% mean here? I mean, are there things to be considered during the transition?I mean , If I remove the failover partnership between DHCP01 and DHCP02, will there be any interruption due to the 5% addresses reserved setting? dhcp stats are 20% in use and 80% available

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/DBBP189MB13403F9BED1A76EDBF4E4F7DE9122%40DBBP189MB1340.EURP189.PROD.OUTLOOK.COM.

Reply all

Reply to author

Forward