Automatic syncing of configuration changes between 2 DHCP failover servers

DHCP Failover is a new feature in Windows Server 2012 which provides for high availability of DHCP service. The PowerShell tool provided here allows an admin to setup automatic synchronization of configuration changes between 2 DHCP servers which have been configured for failover

 
 
 
 
 
4.5 Star
(17)
16,383 times
Add to favorites
Networking
2/19/2014
E-mail Twitter del.icio.us Digg Facebook
  • DhcpAutoSyncLogfile not getting created
    1 Posts | Last post November 07, 2019
  • After running this script we are seeing lot DHCP event id 73/74.
    1 Posts | Last post November 05, 2019
    • After running this script we are seeing a lot of DHCP event id 73/74. Scope deactivate and activate. our Server DHCP failover state is a load-balanced mode. How to fix this issue?
  • Working for 2019
    1 Posts | Last post August 02, 2019
    • This appears to be working successfully for us on Server 2019.  I followed all instructions exactly EXCEPT I did not add our DHCP service account to the "WinRMRemoteWMIUsers" group because it doesn't exist anymore (and also DCs don't have local groups).  Our 2x DHCP servers are running on our DCs.  I also returned the PS execution policy back to default and verified syncing still worked after stopping and starting the script.
      
      It's a shame that MS has not added this feature to their latest server offerings by now.
  • Help with replication
    1 Posts | Last post May 25, 2019
    • Hi! could you help me with this case? :
      
      https://social.technet.microsoft.com/Forums/en-US/d9828626-55f7-430c-b36c-b1e423404138/dhcp-replication-using-powershell-avoiding-to-loose-last-changes?forum=winserveripamdhcpdns
      
      Thank you :) !!!
  • Relication triggered more than 10 times per second
    8 Posts | Last post December 07, 2018
    • When I run the task with an account member of the "administrators" group on both server, no problem, the behavior is as expected.
      
      But when I run the task with an account that is member of "DHCP administrators" on both server, that has the "log on as batch job" on the source server and that has NTFS modify privileges on the script's folder, I have the following message more than 10 times a second in the log and CPU usage is getting above 90%
      "Will automatically sync again when new configuration changes are made."
      
      Am I missing any privilege?
      
      For information the target server is in core mode and the "DHCP Administrators" and "DHCP Users" were missing, I created them following "http://technet.microsoft.com/en-us/library/ee941205(v=ws.10).aspx" and restarted the DHCP service.
    • Hi,
      
      Thanks for reporting the issue. We are investigating this and will get back to you soon. 
      Meanwhile we recommend that you use the tool with an account which has local admin privileges  on the primary server (apart from being a member of DHCP Administrators on both servers). We also suggest that you avoid running the tool with an account different than the one you use to operate/manage the primary server for now.
    • I know this is an old thread but a search engine brought me here and I have the same problem as SupportS2L that I've found resolution to so I thought I'd mention my fix anyway.
      
      I had to grant the account running DFACS permissions to modify this registry path : HKLM\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\DHCPAutoSync
      
      FYI : In addition to SupportS2L's steps, I had to add the account to WinRMRemoteWMIUsers__.
    • Thanks a lot jrh for sharing your finding. We will add this to the tool document shortly and publish the revision. 
    • jrh, we have updated the document with the guidance on permissions to the registry path and WinRMRemoteWMIUsers
    • I had the same problem, but tweaking group membership or permissions didn't fix it. I ended up redirecting error output to a file in the scheduled task so I could see what was going wrong - it turns out that it was failing to build the C# code into an in-memory assembly, complaining that it couldn't find the temporary .cs file.
      
      I ended up working around this by updating my installer to build the C# code to an assembly DLL, i.e.
      
      $OutputAssembly = Join-Path $pwd "PSDHCPAutoSyncEventSubscription.dll"
      $EventSubscriptionCode = @"
      <code from DhcpFailoverAutoConfigSyncTool.ps1>
      "@
      
      # Adding C# code to PowerShell script and creating new object of this type.
      Add-Type -TypeDefinition $EventSubscriptionCode -Language CSharp -OutputAssembly $OutputAssembly -OutputType Library
      
      Then updating DhcpFailoverAutoConfigSyncTool.ps1 to remove the C# block and instead load the assembly DLL, i.e.
      
      # Load the .NET Assembly
      $AssemblyDLL = Join-Path $pwd "PSDHCPAutoSyncEventSubscription.dll"
      [System.Reflection.Assembly]::LoadFile($AssemblyDLL)
      
      This resolved my problem, allowing me to run the tasks as a group managed service account without admin permissions.
    • I had a similar issue as seanblee.  I'm using a gmsa on the scheduled task that isn't a local administrator, and I have UAC enabled.  I had to modify the permissions on c:\windows\temp to allow the service account full access.  That solved my issue.
    • Thanks for the help everyone!  Providing access to C:\Windows\temp was the silver bullet in my case.
      
      For reference, I did also provide access to the registry key mentioned in the doc and I did give the user the "Log in as batch job" right but I did NOT add the user to the WinRMRemoteWMIUsers_ group.
      
  • Simpler version
    1 Posts | Last post October 31, 2018
    • My simple version is:
      
      Invoke-DhcpServerv4FailoverReplication -Force
      Exit-PSSession
      
      works fine
  • Periodic Sync Timeout Happened
    2 Posts | Last post April 10, 2018
    • What does this message mean in the logs?  I can't seem to explain it, however it is repeated often.
    • Exactly the same. Initial run is OK & syncs, each next interval gives
      
      Periodic Sync TimeOut Happened:
      Syncing Relation:server1.local-server2.local
      Sync process complete at 03/19/2018 14:26:57.
  • Execution Policy
    1 Posts | Last post February 14, 2018
    • After I install, can I change the execution policy or do I have to leave it unrestricted?
  • High usage memory
    1 Posts | Last post September 05, 2017
    • After install this script on our DC server 2012 R2. everything is very slow is there any option to fix this issue?
  • Permission Issues
    1 Posts | Last post August 01, 2017
    • Hi - I can't seem to work out the permissions for this service account. 
      I have a domain account, member of the WinRMRemoteWMIUsers__ AD Group, DHCP Administrators AD Group and member of Run As Batch Job on both servers. 
      
      I am able to start the Task and the log just grows rapidly with the message 
      "Sync process complete at 01/08/2017 00:00:30."
      "Will automatically sync again when new configuration changes are made."
      
      I don't see any errors, but the fact that this repeats every second and no settings are replicated makes me think I am missing permissions. 
      To test, I have tried running this as the Domain Admin and it works perfectly.
      
      Do you know what other permissions I might be missing or where to look? 
      Does it matter that these DHCP Servers are also DCs? 
      
      Thanks
1 - 10 of 27 Items