Windows DHCP Redundancy

iaind · 9 Mar 2010 at 09:23

Hi All,

We're running Windows (soon to be 2008) AD/DNS/DHCP servers, but the DHCP side of things is proving to be a weak link.

I've read conflicting opinions of how best to implement redundant DHCP servers, but nothing definitive...so what's best practice?

We've got 2 scopes, although only one needs to be redundant - the other is for phones on a different VLAN and an IP helper is used, so it would be overly complicated to make this work, and not really necessary as phones never get rebooted normally. The scope is 172.16.1.1 - 172.16.1.149 with 1.1 and 1.100 to 1.120 excluded from distribution (no idea why).

Should I just create a scope on another server of 1.150-1.254? Or should I set the scope on both servers to 1.1 - 1.254 and set opposing exclusions for half the subnet?

iaind · 9 Mar 2010 at 13:48

bigredshark said:
My favorite method would be clustering, my second a VM with a copy that can be started on a different host (automatically or manually).

I'm not much a fan of the methods discussed as it's a bit of a bodge really and it gets worse when machines require reservations too...

Its currently a VM with HA enabled, but it's not the host that's failing. Last night it ran out of nonpaged memory, think due to our AV software. The machine was responding to pings and was technically up, just useless!

iaind · 9 Mar 2010 at 13:50

While I'm here, the other weak link is with our Wyse thin clients - they download a config file by FTP from that Dc, so when it fails, they cant get a config.

I was going to set up an FTP server on a second host and use NLB to ensure one of them is available - can I create an NLB cluster with one 2008 machine and one 2003 machine?

The intention is to move the 2003 DC to 2008, and ultimately replicate the FTProot with DFS-R, but one step at a time!

iaind · 11 Mar 2010 at 20:13

I went with splitting the scope in the end.

At the end of the day, we're a relatively small business (100 users) with a specific problem to solve and this was the obvious solution. I know it's not technically the best, but it was a quick and effective solution to the problem, which is what my manager was jumping on me for - after the second time Sophos killed the DC on a tuesday morning, he wanted a solution fast. Obviously I'm talking to sophos about it too, but regardless of the cause, that DC was an obvious weak point.

I daren't mention which firewall I ended up buying in case BRS shouts at me

iaind · 11 Mar 2010 at 20:37

It is indeed, exceptions set up as per MS guidelines.

For the past 2 weeks, at about 5:30 on a tuesday morning, it has run out of nonpaged memory - I suspect it's something to do with the update process