RE: DHCP - I'm at a loss
Yes Identical in every way, except for 003 router of course. I created the pre-defined options and then selected them at the scope level. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 27, 2012 11:07 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
So, what happens when you remove them, and set them globally, rather than per scope? On Tue, Feb 28, 2012 at 05:14, N Parr npar...@mortonind.com wrote: Yes Identical in every way, except for 003 router of course. I created the pre-defined options and then selected them at the scope level. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 27, 2012 11:07 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP - I'm at a loss
It works, care to tell me why? $@%^$%^ -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, February 28, 2012 8:48 AM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss So, what happens when you remove them, and set them globally, rather than per scope? On Tue, Feb 28, 2012 at 05:14, N Parr npar...@mortonind.com wrote: Yes Identical in every way, except for 003 router of course. I created the pre-defined options and then selected them at the scope level. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 27, 2012 11:07 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
If I knew, I *would* tell you, but those were just my first set of steps in the troubleshooting chain, gathering information. However, since that solved the problem, I'd tend to leave it be. OTOH, if you're looking for adventure (cold, wet nasty things that make you late for breakfast) you can try undoing the global settings and once more recreating them on the individual scopes. If you do that, I'd start with setting up the scope that didn't work in the first instance, and see if that works, then try the other. Kurt On Tue, Feb 28, 2012 at 07:31, N Parr npar...@mortonind.com wrote: It works, care to tell me why? $@%^$%^ -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, February 28, 2012 8:48 AM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss So, what happens when you remove them, and set them globally, rather than per scope? On Tue, Feb 28, 2012 at 05:14, N Parr npar...@mortonind.com wrote: Yes Identical in every way, except for 003 router of course. I created the pre-defined options and then selected them at the scope level. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 27, 2012 11:07 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T
RE: DHCP - I'm at a loss
Unfortunately I'm running in if it isn't on fire, don't call me, I'll get to it eventually mode at the moment. Only good thing about that is my users are starting to realize they had better have tried a reboot before they even think about calling me. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, February 28, 2012 3:22 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss If I knew, I *would* tell you, but those were just my first set of steps in the troubleshooting chain, gathering information. However, since that solved the problem, I'd tend to leave it be. OTOH, if you're looking for adventure (cold, wet nasty things that make you late for breakfast) you can try undoing the global settings and once more recreating them on the individual scopes. If you do that, I'd start with setting up the scope that didn't work in the first instance, and see if that works, then try the other. Kurt On Tue, Feb 28, 2012 at 07:31, N Parr npar...@mortonind.com wrote: It works, care to tell me why? $@%^$%^ -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Tuesday, February 28, 2012 8:48 AM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss So, what happens when you remove them, and set them globally, rather than per scope? On Tue, Feb 28, 2012 at 05:14, N Parr npar...@mortonind.com wrote: Yes Identical in every way, except for 003 router of course. I created the pre-defined options and then selected them at the scope level. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, February 27, 2012 11:07 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: DHCP - I'm at a loss
On Tue, Feb 28, 2012 at 5:12 PM, N Parr npar...@mortonind.com wrote: Unfortunately I'm running in if it isn't on fire, don't call me, I'll get to it eventually mode at the moment. Here where I work, the entire company operates in that mode. :-/ -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP - I'm at a loss
There are companies that don't? -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, February 28, 2012 3:27 PM To: NT System Admin Issues Subject: Re: DHCP - I'm at a loss On Tue, Feb 28, 2012 at 5:12 PM, N Parr npar...@mortonind.com wrote: Unfortunately I'm running in if it isn't on fire, don't call me, I'll get to it eventually mode at the moment. Here where I work, the entire company operates in that mode. :-/ -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
On Mon, Feb 27, 2012 at 6:10 PM, N Parr npar...@mortonind.com wrote: On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I'd start by putting a packet sniffer between the wireless access point and the DHCP server. See what's actually being offered in the DHCP traffic. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP - I'm at a loss
OK. When you look at the scope options for each scope, are they exactly the same for both scopes, modulo option 003 Router? If they are, what happens if you remove all of the options (except 003 Router) and set them globally? Kurt On Mon, Feb 27, 2012 at 17:49, N Parr npar...@mortonind.com wrote: They are set per scope. -Original message- From: Kurt Buff kurt.b...@gmail.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Mon, Feb 27, 2012 18:10:13 CST Subject: Re: DHCP - I'm at a loss On Mon, Feb 27, 2012 at 15:10, N Parr npar...@mortonind.com wrote: I'm not very hopeful that anyone will have an answer for me about this but I've seen stranger things solved. I have two of my scopes set up identically. I'm handing out extra options for tftp and vendor specific SVP server IP for my spectralink/polycom wireless IP phones. New Aruba wireless system, for what it matters. On one VLAN the phones get the server info they need from DHCP and work perfectly fine. If I switch the VLAN for the SSID to the other VLAN the phone doesn't get the extra options it needs. It gets an IP from the DHCP server but not the SVP address it would seem. I spent 2 hours on the phone with Aruba this morning ruling out anything wrong on that side. All the DHCP helpers are there, I can ping the SVP server from a PC attached to the SSID I'm messing with from both VLANs. I've reset the DHCP service. No event log error's on the DHCP. We even set up a new test SSID with no security with the same results. Works from one VLAN, not from the other. Thanks Niles Are the scope options set globally or per scope? Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP Not Scavenging PTR Records
Thank you, Guido! From: HELP_PC [mailto:g...@enter.it] Sent: Friday, October 07, 2011 7:57 AM To: NT System Admin Issues Subject: R: DHCP Not Scavenging PTR Records Also have a look to this: http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx Guido Elia HELPPC Da: Phil Hershey [mailto:phers...@agia.com] Inviato: venerdì 7 ottobre 2011 16.45 A: NT System Admin Issues Oggetto: DHCP Not Scavenging PTR Records Seemingly odd problem here. Just discovered that our DHCP servers are not scavenging obsolete PTR records when an address is reassigned. Haven't found any info googling this so far, so any ideas? Thanks. Phil Hershey ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
One thing I did long ago is to put up a VLAN and a layer2 switch (which I called a 'transit' switch - I don't know if that's a correct term, but it seemed descriptive to me, and still does) between the firewall and the core switch. When it came time to put up our Barracuda web filter, I in-lined the Barracuda between switch for that subnet and the core switch. The in-line configuration was required because the new manager wanted to require zero configuration for clients. It got complicated because the firewall is actually two units in Active/Passive HA configuration, and there were multiple VLANs running through that physical subnet by that time, and the Barracuda required some special configuration, but that arrangement has served me very well. But, when I put up a guest network, I just had to put in one more L2 VLAN on the core switch, the WAPs and their associated PoE switches, and the transit switch (and a small FreeBSD box on the guest network with a DHCP server) and that was it. I'm sure someone with more/better knowledge could come up with a better arrangement, but this does work... Kurt On Fri, Aug 12, 2011 at 16:01, Matthew W. Ross mr...@ephrataschools.org wrote: Or do you mean that you have other routing issues? I have other routing issues. More detail for the interested: I have a ProCurve 5308xl standing as the core swtich in our district. All of the schools connect to it over gigabit fiber, save one 100mbit school. I am trying to get a guest vlan working so I can put visitors and non-work related wifi devices on a separate network, but I want them to be forced to use our content filter. Our content filter can't support multiple networks/vlans, but it can support multiple routed subnets. (Note I've complained to the manufacturer about this, but I don't seem to be getting anywhere on this front.) So, I need to route all of this Guest network through our normal network, while applying an ACL that prevents any traffic to/from this network except to/from our gateway/content filter. I've got it working... sorta. I can get on the network, I get an IP from our DHCP server (Thanks guys!) and I can ping the other subnet and even the gateway. I just can't ping past the gateway. I have a few theories I'm working through: Is my gateway/content filter somehow blocking the traffic? (Possibly) Is the gateway/content filter not setup to route traffic that originates in a subnet? (Also possibly) The only odd thing I can see is that I can ping another subnet's interface on the 5308xl... and my route should not allow that. Thus, I'm looking at that as well... Does the default route take over even if I specify a route for a VLAN? --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:53:01 -0700 Subject: Re: DHCP Server and multiple subnets Are you meaning that you need to forward a DHCP request over more than 1 router? That is, requestor is on subnet1, makes a request, router2 forwards it over subnet2 to router2, which then forwards it to the DHCP server on subnet3. I haven't done that, nor heard of anyone who does, but it might be possible. That would be interesting. If that's the situation, however, I'd use it to make a case to collapse those two routers into one, if circumstances permitted. Or do you mean that you have other routing issues? Kurt On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross mr...@ephrataschools.org wrote: Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr
RE: DHCP Server and multiple subnets
That's a fine mechanism. I use it quite a bit myself. Based on my (admittedly weak) memory, depending on the rest of your entire infrastructure, Cisco would refer to that as an edge switch or distribution switch. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, August 15, 2011 7:49 PM To: NT System Admin Issues Subject: Re: DHCP Server and multiple subnets One thing I did long ago is to put up a VLAN and a layer2 switch (which I called a 'transit' switch - I don't know if that's a correct term, but it seemed descriptive to me, and still does) between the firewall and the core switch. When it came time to put up our Barracuda web filter, I in-lined the Barracuda between switch for that subnet and the core switch. The in-line configuration was required because the new manager wanted to require zero configuration for clients. It got complicated because the firewall is actually two units in Active/Passive HA configuration, and there were multiple VLANs running through that physical subnet by that time, and the Barracuda required some special configuration, but that arrangement has served me very well. But, when I put up a guest network, I just had to put in one more L2 VLAN on the core switch, the WAPs and their associated PoE switches, and the transit switch (and a small FreeBSD box on the guest network with a DHCP server) and that was it. I'm sure someone with more/better knowledge could come up with a better arrangement, but this does work... Kurt On Fri, Aug 12, 2011 at 16:01, Matthew W. Ross mr...@ephrataschools.org wrote: Or do you mean that you have other routing issues? I have other routing issues. More detail for the interested: I have a ProCurve 5308xl standing as the core swtich in our district. All of the schools connect to it over gigabit fiber, save one 100mbit school. I am trying to get a guest vlan working so I can put visitors and non-work related wifi devices on a separate network, but I want them to be forced to use our content filter. Our content filter can't support multiple networks/vlans, but it can support multiple routed subnets. (Note I've complained to the manufacturer about this, but I don't seem to be getting anywhere on this front.) So, I need to route all of this Guest network through our normal network, while applying an ACL that prevents any traffic to/from this network except to/from our gateway/content filter. I've got it working... sorta. I can get on the network, I get an IP from our DHCP server (Thanks guys!) and I can ping the other subnet and even the gateway. I just can't ping past the gateway. I have a few theories I'm working through: Is my gateway/content filter somehow blocking the traffic? (Possibly) Is the gateway/content filter not setup to route traffic that originates in a subnet? (Also possibly) The only odd thing I can see is that I can ping another subnet's interface on the 5308xl... and my route should not allow that. Thus, I'm looking at that as well... Does the default route take over even if I specify a route for a VLAN? --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:53:01 -0700 Subject: Re: DHCP Server and multiple subnets Are you meaning that you need to forward a DHCP request over more than 1 router? That is, requestor is on subnet1, makes a request, router2 forwards it over subnet2 to router2, which then forwards it to the DHCP server on subnet3. I haven't done that, nor heard of anyone who does, but it might be possible. That would be interesting. If that's the situation, however, I'd use it to make a case to collapse those two routers into one, if circumstances permitted. Or do you mean that you have other routing issues? Kurt On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross mr...@ephrataschools.org wrote: Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows
RE: DHCP Server and multiple subnets
Yes, it can do multiple subnets. It can automagically figure out which scope the client belongs in. You will likely have to have the router between subnets set to forward the DHCP packets (Cisco calls this an iphelper) DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, August 12, 2011 11:44 AM To: NT System Admin Issues Subject: DHCP Server and multiple subnets Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP Server and multiple subnets
I'm no expert, but we did that at a previous job, and I think the secret was the gateway it was coming from. I didn't actually set it up, but that's what I recall being the key. -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, August 12, 2011 11:44 AM To: NT System Admin Issues Subject: DHCP Server and multiple subnets Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP Server and multiple subnets
http://technet.microsoft.com/en-us/library/cc758865(WS.10).aspx if we're talking W2K3 John W. Cook System Administrator Partnership For Strong Families 5950 NW 1st Place Gainesville, Fl 32607 Office (352) 244-1610 Cell (352) 215-6944 MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4 -Original Message- From: Damien Solodow [mailto:damien.solo...@harrison.edu] Sent: Friday, August 12, 2011 11:46 AM To: NT System Admin Issues Subject: RE: DHCP Server and multiple subnets Yes, it can do multiple subnets. It can automagically figure out which scope the client belongs in. You will likely have to have the router between subnets set to forward the DHCP packets (Cisco calls this an iphelper) DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, August 12, 2011 11:44 AM To: NT System Admin Issues Subject: DHCP Server and multiple subnets Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr...@ephrataschools.org wrote: Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr...@ephrataschools.org wrote: Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
Are you meaning that you need to forward a DHCP request over more than 1 router? That is, requestor is on subnet1, makes a request, router2 forwards it over subnet2 to router2, which then forwards it to the DHCP server on subnet3. I haven't done that, nor heard of anyone who does, but it might be possible. That would be interesting. If that's the situation, however, I'd use it to make a case to collapse those two routers into one, if circumstances permitted. Or do you mean that you have other routing issues? Kurt On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross mr...@ephrataschools.org wrote: Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr...@ephrataschools.org wrote: Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
I think i remember reading a while back that cisco had a function like dhcp-helper on their routers to traverse multiple hops from one remote DHCP server. I could be making that up entirely since it's Friday and all i can think about is the upcoming wknd. =) On Fri, Aug 12, 2011 at 2:53 PM, Kurt Buff kurt.b...@gmail.com wrote: Are you meaning that you need to forward a DHCP request over more than 1 router? That is, requestor is on subnet1, makes a request, router2 forwards it over subnet2 to router2, which then forwards it to the DHCP server on subnet3. I haven't done that, nor heard of anyone who does, but it might be possible. That would be interesting. If that's the situation, however, I'd use it to make a case to collapse those two routers into one, if circumstances permitted. Or do you mean that you have other routing issues? Kurt On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross mr...@ephrataschools.org wrote: Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr...@ephrataschools.org wrote: Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server and multiple subnets
Or do you mean that you have other routing issues? I have other routing issues. More detail for the interested: I have a ProCurve 5308xl standing as the core swtich in our district. All of the schools connect to it over gigabit fiber, save one 100mbit school. I am trying to get a guest vlan working so I can put visitors and non-work related wifi devices on a separate network, but I want them to be forced to use our content filter. Our content filter can't support multiple networks/vlans, but it can support multiple routed subnets. (Note I've complained to the manufacturer about this, but I don't seem to be getting anywhere on this front.) So, I need to route all of this Guest network through our normal network, while applying an ACL that prevents any traffic to/from this network except to/from our gateway/content filter. I've got it working... sorta. I can get on the network, I get an IP from our DHCP server (Thanks guys!) and I can ping the other subnet and even the gateway. I just can't ping past the gateway. I have a few theories I'm working through: Is my gateway/content filter somehow blocking the traffic? (Possibly) Is the gateway/content filter not setup to route traffic that originates in a subnet? (Also possibly) The only odd thing I can see is that I can ping another subnet's interface on the 5308xl... and my route should not allow that. Thus, I'm looking at that as well... Does the default route take over even if I specify a route for a VLAN? --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:53:01 -0700 Subject: Re: DHCP Server and multiple subnets Are you meaning that you need to forward a DHCP request over more than 1 router? That is, requestor is on subnet1, makes a request, router2 forwards it over subnet2 to router2, which then forwards it to the DHCP server on subnet3. I haven't done that, nor heard of anyone who does, but it might be possible. That would be interesting. If that's the situation, however, I'd use it to make a case to collapse those two routers into one, if circumstances permitted. Or do you mean that you have other routing issues? Kurt On Fri, Aug 12, 2011 at 11:38, Matthew W. Ross mr...@ephrataschools.org wrote: Thanks all. I tried it, and it worked perfectly... except I can't get it to route beyond the first router. But to my original question, DHCP passes along as prescribed and I can ping between subnets. Thanks for the help. --Matt Ross Ephrata School District - Original Message - From: Kurt Buff [mailto:kurt.b...@gmail.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Fri, 12 Aug 2011 11:28:50 -0700 Subject: Re: DHCP Server and multiple subnets Not trickery. Assuming that there's a router in your environment, you need to put a helper address on the router for each subnet for which the DHCP server will be serving addresses. (You can run multiple subnets without a router, but it's really a bad idea.) For instance, on my HP 3400cl core switch, two of my vlans are set up as follows: vlan 111 name VLAN111 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit vlan 112 name VLAN112 ip address 192.168.xx.xx 255.255.255.0 ip helper-address 192.168.xx.xx tagged 25-47 exit It'll be very similar syntax on a Cisco switch for the helper address. The router then forwards the broadcast packet with to the DHCP server. Kurt On Fri, Aug 12, 2011 at 08:44, Matthew W. Ross mr...@ephrataschools.org wrote: Hey list, quick question for ya as my googlefu is not coming up with concrete answers: Can a single DHCP server serve up two separate subnets? How does the DHCP server decide which subnet to place the client (besides reservations)? Does it just auto-magically figure it out based on where the broadcast is coming from, or is there other trickery involved? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http
Re: DHCP Media Sense
On Wed, Apr 13, 2011 at 5:40 AM, James Rankin kz2...@googlemail.com wrote: On my terminal servers I have noticed that the DHCP Media Sense function has been disabled. IIRC this function is the one that pops up the network cable unplugged notification when an adapter is in a down state, and then it unbinds all the protocols from it as well. As my servers will pretty much drop all their connections if they lose network connectivity, am I getting any performance benefit from having this function disabled (it was set up prior to my arrival on this job)? I don't really know, but theorizing (i.e., talking out of my a**): If it does unbind all protocols, a momentary network glitch or false positive would cause everyone to loose their session connection. By not doing that, users would just have a momentary stall. So I can see why disabling it might be a good idea, on a Term Server. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Media Sense
I can see the point, however wondering how having this disabled would interact with things such as Citrix Session Reliability which (in my not-so-vast experience) is also used to maintain network connectivity to a session in the event of a momentary loss? On 13 April 2011 12:41, Ben Scott mailvor...@gmail.com wrote: On Wed, Apr 13, 2011 at 5:40 AM, James Rankin kz2...@googlemail.com wrote: On my terminal servers I have noticed that the DHCP Media Sense function has been disabled. IIRC this function is the one that pops up the network cable unplugged notification when an adapter is in a down state, and then it unbinds all the protocols from it as well. As my servers will pretty much drop all their connections if they lose network connectivity, am I getting any performance benefit from having this function disabled (it was set up prior to my arrival on this job)? I don't really know, but theorizing (i.e., talking out of my a**): If it does unbind all protocols, a momentary network glitch or false positive would cause everyone to loose their session connection. By not doing that, users would just have a momentary stall. So I can see why disabling it might be a good idea, on a Term Server. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
Just ran in to that with Cisco last week when I migrated my DHCP from 03 to 08r2. Only Vlan that could see the server was the one the server was on. Int vlan xx Ip helper-address 192.168.1.x From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 23, 2011 4:36 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... There is a feature on Cisco switches at least that will inspect and block DHCP server packets on switch ports not trusted for DHCP. My higher education customers who run residential networks tend to deploy this given the propensity for students to plug their Best Buy special Linksys in backwards (e.g. LAN port into the resnet). Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, January 19, 2011 8:29 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Granted, I've seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue... choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Me http://about.me/Andrew.S.Baker/bio ) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body
RE: DHCP reservations explained...
I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. Bill Mayo From: N Parr [mailto:npar...@mortonind.com] Sent: Monday, January 24, 2011 8:24 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... Just ran in to that with Cisco last week when I migrated my DHCP from 03 to 08r2. Only Vlan that could see the server was the one the server was on. Int vlan xx Ip helper-address 192.168.1.x From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 23, 2011 4:36 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... There is a feature on Cisco switches at least that will inspect and block DHCP server packets on switch ports not trusted for DHCP. My higher education customers who run residential networks tend to deploy this given the propensity for students to plug their Best Buy special Linksys in backwards (e.g. LAN port into the resnet). Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, January 19, 2011 8:29 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Granted, I've seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue... choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Me http://about.me/Andrew.S.Baker/bio ) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION
Re: RE: DHCP reservations explained...
+1, Bill is correct. On Jan 24, 2011 8:46 AM, Mayo, Bill bem...@pittcountync.gov wrote: I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. Bill Mayo From: N Parr [mailto:npar...@mortonind.com] Sent: Monday, January 24, 2011 8:24 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... Just ran in to that with Cisco last week when I migrated my DHCP from 03 to 08r2. Only Vlan that could see the server was the one the server was on. Int vlan xx Ip helper-address 192.168.1.x From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 23, 2011 4:36 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... There is a feature on Cisco switches at least that will inspect and block DHCP server packets on switch ports not trusted for DHCP. My higher education customers who run residential networks tend to deploy this given the propensity for students to plug their Best Buy special Linksys in backwards (e.g. LAN port into the resnet). Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, January 19, 2011 8:29 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Granted, I've seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue... choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Me http://about.me/Andrew.S.Baker/bio ) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here
Re: DHCP reservations explained...
I have one addition to this: The helper-address command tells the L3 device to forward ALL UDP broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute these commands to exclude everything that's not DHCP: no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs That is not an exhaustive list. PC-based routers (Windows, Linux, *BSD, etc) include what's called a DHCP relay agent that will truly listen for DHCP requests and forward them on. On 1/24/2011 7:45 AM, Mayo, Bill wrote: I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
Yes I understand, not relevant to this thread I guess. But good information to have when you change servers and your DHCP dies. From: Mayo, Bill [mailto:bem...@pittcountync.gov] Sent: Monday, January 24, 2011 7:45 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. Bill Mayo From: N Parr [mailto:npar...@mortonind.com] Sent: Monday, January 24, 2011 8:24 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... Just ran in to that with Cisco last week when I migrated my DHCP from 03 to 08r2. Only Vlan that could see the server was the one the server was on. Int vlan xx Ip helper-address 192.168.1.x From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Sunday, January 23, 2011 4:36 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... There is a feature on Cisco switches at least that will inspect and block DHCP server packets on switch ports not trusted for DHCP. My higher education customers who run residential networks tend to deploy this given the propensity for students to plug their Best Buy special Linksys in backwards (e.g. LAN port into the resnet). Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, January 19, 2011 8:29 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Granted, I've seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue... choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Me http://about.me/Andrew.S.Baker/bio ) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable
RE: DHCP reservations explained...
If your clients are Windows clients can't you set the firewall to only listed to DHCP requests from a given IP? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Monday, January 24, 2011 7:00 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I have one addition to this: The helper-address command tells the L3 device to forward ALL UDP broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute these commands to exclude everything that's not DHCP: no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs That is not an exhaustive list. PC-based routers (Windows, Linux, *BSD, etc) include what's called a DHCP relay agent that will truly listen for DHCP requests and forward them on. On 1/24/2011 7:45 AM, Mayo, Bill wrote: I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: RE: DHCP reservations explained...
Don't you mean broadcasts, rather than requests? Jonathan On Jan 24, 2011 10:05 AM, David Lum david@nwea.org wrote: If your clients are Windows clients can't you set the firewall to only listed to DHCP requests from a given IP? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.com] Sent: Monday, January 24, 2011 7:00 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I have one addition to this: The helper-address command tells the L3 device to forward ALL UDP broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute these commands to exclude everything that's not DHCP: no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs That is not an exhaustive list. PC-based routers (Windows, Linux, *BSD, etc) include what's called a DHCP relay agent that will truly listen for DHCP requests and forward them on. On 1/24/2011 7:45 AM, Mayo, Bill wrote: I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RE: DHCP reservations explained...
Probably :) From: Jonathan [mailto:ncm...@gmail.com] Sent: Monday, January 24, 2011 7:08 AM To: NT System Admin Issues Subject: Re: RE: DHCP reservations explained... Don't you mean broadcasts, rather than requests? Jonathan On Jan 24, 2011 10:05 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: If your clients are Windows clients can't you set the firewall to only listed to DHCP requests from a given IP? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 -Original Message- From: Phil Brutsche [mailto:p...@optimumdata.commailto:p...@optimumdata.com] Sent: Monday, January 24, 2011 7:00 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I have one addition to this: The helper-address command tells the L3 device to forward ALL UDP broadcasts - DHCP, TFTP, NetBIOS, etc. You would also need to execute these commands to exclude everything that's not DHCP: no ip forward-protocol udp domain no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs That is not an exhaustive list. PC-based routers (Windows, Linux, *BSD, etc) include what's called a DHCP relay agent that will truly listen for DHCP requests and forward them on. On 1/24/2011 7:45 AM, Mayo, Bill wrote: I believe what Brian was referring to was the dhcp snooping command, which is designed to prevent undesired DHCP servers. What you ran into is related to the fact that DHCP stops at the network boundary (router/VLAN) because it is a broadcast. The helper-address command is used to listen and forward requests on a VLAN to a designated DHCP server, thereby preventing you from having to have a DHCP server on every VLAN. That command will not stop any rogue DHCP servers. -- Phil Brutsche p...@optimumdata.commailto:p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I use static addresses for my servers. I also have my pool start at say x.x.x.100, so I know the address won't be assigned elsewhere. On Tue, Jan 18, 2011 at 2:14 PM, Jonathan ncm...@gmail.com wrote: Hmmm... interesting concept. I personally prefer static addressing assigned on each individual server. Though I could see the appeal of using DHCP, I don't have enough confidence in DHCP to use it for server addressing. Just my $0.02 On Jan 18, 2011 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
+1 We had different groups depending on the device. Server, switch, router, sniffer etc. On Mon, Jan 24, 2011 at 5:40 PM, Candee can...@gmail.com wrote: I use static addresses for my servers. I also have my pool start at say x.x.x.100, so I know the address won't be assigned elsewhere. On Tue, Jan 18, 2011 at 2:14 PM, Jonathan ncm...@gmail.com wrote: Hmmm... interesting concept. I personally prefer static addressing assigned on each individual server. Though I could see the appeal of using DHCP, I don't have enough confidence in DHCP to use it for server addressing. Just my $0.02 On Jan 18, 2011 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
We always prefer static addresses for servers. One less variable when we're troubleshooting later. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Candee [mailto:can...@gmail.com] Sent: Monday, January 24, 2011 09:40 To: NT System Admin Issues Subject: Re: DHCP reservations explained... I use static addresses for my servers. I also have my pool start at say x.x.x.100, so I know the address won't be assigned elsewhere. On Tue, Jan 18, 2011 at 2:14 PM, Jonathan ncm...@gmail.com wrote: Hmmm... interesting concept. I personally prefer static addressing assigned on each individual server. Though I could see the appeal of using DHCP, I don't have enough confidence in DHCP to use it for server addressing. Just my $0.02 On Jan 18, 2011 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
I've done both... Assigned a reservation via DHCP, and assigned the address on the server statically. Several benefits to this approach: 1. If you have to reset the machine in some way, it can pick up its' address dynamically. Also allow the server to be PXE booted if you have WDS or some other network boot solution that depends on DHCP. 2. It stops you from reserving the address for something else accidentally. Windows DHCP will bark if the address is already reserved. If you only set the address statically, the DHCP server would be happy to reserve that IP for something else. 3. Performing a reservation and a static does not harm to the network. --Matt Ross Ephrata School District - Original Message - From: Ben Schorr [mailto:b...@rolandschorr.com] To: NT System Admin Issues [mailto:ntsysadmin@lyris.sunbelt-software.com] Sent: Mon, 24 Jan 2011 13:33:54 -0800 Subject: RE: DHCP reservations explained... We always prefer static addresses for servers. One less variable when we're troubleshooting later. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Candee [mailto:can...@gmail.com] Sent: Monday, January 24, 2011 09:40 To: NT System Admin Issues Subject: Re: DHCP reservations explained... I use static addresses for my servers. I also have my pool start at say x.x.x.100, so I know the address won't be assigned elsewhere. On Tue, Jan 18, 2011 at 2:14 PM, Jonathan ncm...@gmail.com wrote: Hmmm... interesting concept. I personally prefer static addressing assigned on each individual server. Though I could see the appeal of using DHCP, I don't have enough confidence in DHCP to use it for server addressing. Just my $0.02 On Jan 18, 2011 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
There is a feature on Cisco switches at least that will inspect and block DHCP server packets on switch ports not trusted for DHCP. My higher education customers who run residential networks tend to deploy this given the propensity for students to plug their Best Buy special Linksys in backwards (e.g. LAN port into the resnet). Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, January 19, 2011 8:29 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Granted, I've seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue... choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.commailto:egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: DHCP reservations explained...
“I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc)“ Granted, I’ve seen that too, once or twice. Rogue DHCP can be a threat regardless, because if name resolution is working, and servers are statically assigned, but workstations get rogue assignments, productivity is still impacted ( although less systemically ) Kind of a pick your poison issue… choose based on your own comfort level with the associated risks and then deal with it. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:50 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. ASB (My Bio via About.Me http://about.me/Andrew.S.Baker/bio ) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RE: DHCP reservations explained...
Then go with Bluecat Devices... if you want the HA with your DHCP.. We are doing that here with 2 Bluecat Appliances. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jonathan [mailto:ncm...@gmail.com] Sent: Tuesday, January 18, 2011 2:38 PM To: NT System Admin Issues Subject: Re: RE: DHCP reservations explained... Right @ 100 servers. Haven't been burned, but I'm not thrilled about lack of true failover/redundancy in DHCP in W2k3. 80/20 doesn't cut it, IMHO. On Jan 18, 2011 2:34 PM, David Lum david@nwea.org wrote: +1. For same reasons. Jonathan I'm guessing you've been burned by DHCP issues in the past, or have few enough servers it's not too inconvenient? Dave From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 11:16 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmanager@lyris.sunbeltso ftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmanager@lyris.sunbeltso ftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: RE: DHCP reservations explained...
FWIW- If you consider that route, there are a number of players in the DNS/DHCP/IPAM appliance space, for example, multiple infoblox devices can be deployed in a HA grid that spans numerous locations. That's not an indictment of Bluecat or an endorsement of infoblox, just an observation that there are a number of options. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, January 19, 2011 6:10 AM To: NT System Admin Issues Subject: RE: RE: DHCP reservations explained... Then go with Bluecat Devices... if you want the HA with your DHCP.. We are doing that here with 2 Bluecat Appliances. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Jonathan [mailto:ncm...@gmail.com] Sent: Tuesday, January 18, 2011 2:38 PM To: NT System Admin Issues Subject: Re: RE: DHCP reservations explained... Right @ 100 servers. Haven't been burned, but I'm not thrilled about lack of true failover/redundancy in DHCP in W2k3. 80/20 doesn't cut it, IMHO. On Jan 18, 2011 2:34 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: +1. For same reasons. Jonathan I'm guessing you've been burned by DHCP issues in the past, or have few enough servers it's not too inconvenient? Dave From: Erik Goldoff [mailto:egold...@gmail.commailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 11:16 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto:david@nwea.orgmailto:david@nwea.orgmailto:david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
Re: RE: DHCP reservations explained...
I'm testing our Netscalers for load balancing our AD DNS. So far they're working pretty well. - Sean On Wed, Jan 19, 2011 at 7:18 AM, Free, Bob r...@pge.com wrote: FWIW- If you consider that route, there are a number of players in the DNS/DHCP/IPAM appliance space, for example, multiple infoblox devices can be deployed in a HA “grid” that spans numerous locations. That’s not an indictment of Bluecat or an endorsement of infoblox, just an observation that there are a number of options. *From:* Ziots, Edward [mailto:ezi...@lifespan.org] *Sent:* Wednesday, January 19, 2011 6:10 AM *To:* NT System Admin Issues *Subject:* RE: RE: DHCP reservations explained... Then go with Bluecat Devices… if you want the HA with your DHCP.. We are doing that here with 2 Bluecat Appliances. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:ezi...@lifespan.org email%3aezi...@lifespan.org Cell:401-639-3505 *From:* Jonathan [mailto:ncm...@gmail.com] *Sent:* Tuesday, January 18, 2011 2:38 PM *To:* NT System Admin Issues *Subject:* Re: RE: DHCP reservations explained... Right @ 100 servers. Haven't been burned, but I'm not thrilled about lack of true failover/redundancy in DHCP in W2k3. 80/20 doesn't cut it, IMHO. On Jan 18, 2011 2:34 PM, David Lum david@nwea.org wrote: +1. For same reasons. Jonathan I'm guessing you've been burned by DHCP issues in the past, or have few enough servers it's not too inconvenient? Dave From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 11:16 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto: david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
Is that so they can continue to monitor servers during a DNS outage? The only thing I have to use IP address for is WebSense and that's just because it won't accept a hostname. Even my ESX servers do most everything by FQDN. Depends a lot on the apps you have around though, I guess. Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: David Lum david@nwea.org Date: Tue, 18 Jan 2011 11:06:13 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
Hmmm... interesting concept. I personally prefer static addressing assigned on each individual server. Though I could see the appeal of using DHCP, I don't have enough confidence in DHCP to use it for server addressing. Just my $0.02 On Jan 18, 2011 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
+1. For same reasons. Jonathan I'm guessing you've been burned by DHCP issues in the past, or have few enough servers it's not too inconvenient? Dave From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 11:16 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto:david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: RE: DHCP reservations explained...
Right @ 100 servers. Haven't been burned, but I'm not thrilled about lack of true failover/redundancy in DHCP in W2k3. 80/20 doesn't cut it, IMHO. On Jan 18, 2011 2:34 PM, David Lum david@nwea.org wrote: +1. For same reasons. Jonathan I'm guessing you've been burned by DHCP issues in the past, or have few enough servers it's not too inconvenient? Dave From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 11:16 AM To: NT System Admin Issues Subject: Re: DHCP reservations explained... I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.orgmailto: david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto: listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
If DNS stops responding, what's working? Having said that, I see your point. We (%dayjob%) have 3 DNS servers and I suppose you're right, a perfect storm of all 3 being offline would prevent other systems from being monitored. At %I.T.GarageClient% if DNS is down then I'm already working one of the two or three servers that matter already and my clients aren't getting any work done anyway. Along these lines, what's the worst chain of issues you've seen? During our move we had three simultaneous SAN issues - fibre channel controller was dead, two drives (in different containers thankfully) died, and a redundant power supply in the SAN went out. What relies on this SAN? Our file shares, Exchange, 80% of our SQL DB's At the same time we have new audio-video and that the vendor neglected to mention they have some multicast(?) turned on that flooded our switches, making the servers that could run really spotty to hit from a PC. SAN guy not happy, network guy not happy, but my DC's were fine, lol. Dave From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 11:37 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
I *would* recommend having a proper host file available but not in production. Personally I’d use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the ‘master’ current version increases. {don’t ask how I know} Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 2:37 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
Automate, automate, automate. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 4:03 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I *would* recommend having a proper host file available but not in production. Personally I'd use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the 'master' current version increases. {don't ask how I know} Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 2:37 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I have a hostfile I keep in a central location. There's a scheduled task on each server that copies it daily. The only risk is that if I stand up a new server, I might forget to create the task, but it's on my checklist, so not too likely. Of course, I only have 10 servers... On Tue, Jan 18, 2011 at 4:05 PM, Michael B. Smith mich...@smithcons.comwrote: Automate, automate, automate. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Tuesday, January 18, 2011 4:03 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I **would** recommend having a proper host file available but not in production. Personally I’d use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the ‘master’ current version increases. {don’t ask how I know} *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Tuesday, January 18, 2011 2:37 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 2:06 PM *To:* NT System Admin Issues *Subject:* DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
I don’t disagree with your assessment, just that my choice would still be DHCP reservations given the low incidence of name resolution problems I’ve seen. YMMV, and thanks for the alternative. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 4:06 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... Automate, automate, automate. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, January 18, 2011 4:03 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I *would* recommend having a proper host file available but not in production. Personally I’d use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the ‘master’ current version increases. {don’t ask how I know} Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 2:37 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I use group policy preferences to keep files of this ilk updated on servers. Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Jonathan Link jonathan.l...@gmail.com Date: Tue, 18 Jan 2011 16:09:24 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: Re: DHCP reservations explained... I have a hostfile I keep in a central location. There's a scheduled task on each server that copies it daily. The only risk is that if I stand up a new server, I might forget to create the task, but it's on my checklist, so not too likely. Of course, I only have 10 servers... On Tue, Jan 18, 2011 at 4:05 PM, Michael B. Smith mich...@smithcons.comwrote: Automate, automate, automate. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Tuesday, January 18, 2011 4:03 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I **would** recommend having a proper host file available but not in production. Personally I’d use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the ‘master’ current version increases. {don’t ask how I know} *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Tuesday, January 18, 2011 2:37 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 2:06 PM *To:* NT System Admin Issues *Subject:* DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: DHCP reservations explained...
That's one thing I do need to brush up on. My playing with GPP has been haphazard, with similar results. On Tue, Jan 18, 2011 at 4:14 PM, Rankin, James R kz2...@googlemail.comwrote: I use group policy preferences to keep files of this ilk updated on servers. Typed frustratingly slowly on my BlackBerry® wireless device -- *From: *Jonathan Link jonathan.l...@gmail.com *Date: *Tue, 18 Jan 2011 16:09:24 -0500 *To: *NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com *ReplyTo: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *Re: DHCP reservations explained... I have a hostfile I keep in a central location. There's a scheduled task on each server that copies it daily. The only risk is that if I stand up a new server, I might forget to create the task, but it's on my checklist, so not too likely. Of course, I only have 10 servers... On Tue, Jan 18, 2011 at 4:05 PM, Michael B. Smith mich...@smithcons.comwrote: Automate, automate, automate. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Tuesday, January 18, 2011 4:03 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I **would** recommend having a proper host file available but not in production. Personally I’d use it only if name resolution dies, but if I had a host file on every computer then the chance of some system somewhere not having the most current increases, and the chance of lesser trained staff copying an older version to a new box instead of the ‘master’ current version increases. {don’t ask how I know} *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Tuesday, January 18, 2011 2:37 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com http://theessentialexchange.com/ *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 2:06 PM *To:* NT System Admin Issues *Subject:* DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email
Re: DHCP reservations explained...
I think this depends on one's environment. If you only have a handful of servers, manual configuration is fine, even preferred. If you've got 100 servers, manual configuration is unwieldy at best, and if you ever have to renumber your network, you're in for a lot of work. We manually config our servers, but DHCP our printers. I always go for static IP addresses for servers, printers, and the like. Only regular PCs are in the dynamic address pool. hosts files I don't use. If DNS is down, nothing's working anyway, and DNS will be my first priority. But we're a small shop (2 person IT department). In a large shop, you might have enough people that you'd want them working other issues even if DNS was out. So monitoring by IP address, or with a hosts file, might make sense. Maybe. I don't think I'd ever want to get in to copying hosts files around to *all* servers, though. I can't see that ever being worth the potential troubles. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
If DNS stops monitoring, I'd like my monitoring server to notice that too. The likelihood is that the apps I am running will rely on DNS, so other things will break beyond the monitoring. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Tue, Jan 18, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.comwrote: I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 2:06 PM *To:* NT System Admin Issues *Subject:* DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
Of course. I always monitor TCP and UDP ports 53 on my DNS servers. Along with the DNS Server service (if Windows DNS). Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Tuesday, January 18, 2011 4:45 PM To: NT System Admin Issues Subject: Re: DHCP reservations explained... If DNS stops monitoring, I'd like my monitoring server to notice that too. The likelihood is that the apps I am running will rely on DNS, so other things will break beyond the monitoring. ASB (My Bio via About.Mehttp://about.me/Andrew.S.Baker/bio) Exploiting Technology for Business Advantage... On Tue, Jan 18, 2011 at 2:37 PM, Michael B. Smith mich...@smithcons.commailto:mich...@smithcons.com wrote: I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.orgmailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
I was leery about DHCP for servers (especially as I did it dynamically) but it worked surprisingly issue-free. Totally depends on your environment though. We had total control of what went on to the network, and IP changes were almost non-existent. The only issues we ever had were with vmware templates trying to grab in-use addresses. YMM (vastly) V Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Andrew S. Baker asbz...@gmail.com Date: Tue, 18 Jan 2011 16:49:47 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Re: DHCP reservations explained... I am not fond of DHCP for server management, even though I will admit that it is a viable possibility. I prefer the flexibility of configuration that is possible when you have statically mapped IPs, and I've done this with hundreds of servers in various environments. In my experience, I've seen more things go wrong (particularly in smaller networks) with DHCP than with DNS. (Admin deploys new networking device with DHCP server functionality turned out, etc) Sure, DHCP maintenance of IP addresses means that you can change them quickly, etc, but I can script that if necessary, and I've probably performed major IP address changes a half dozen times in the past decade and a half (including consulting clients and my home network). But, it's just me. I'm not going to get too religious about it either way. *ASB *(My Bio via About.Me http://about.me/Andrew.S.Baker/bio) *Exploiting Technology for Business Advantage...* * * On Tue, Jan 18, 2011 at 2:16 PM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP reservations explained...
I've seen four full cabinets (over 120 servers) in a data-center go offline because of a power short that caused first caused one UPS to go offline and then two more UPS' to go offline because of overload. That was not a good night. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 3:06 PM To: NT System Admin Issues Subject: RE: DHCP reservations explained... If DNS stops responding, what's working? Having said that, I see your point. We (%dayjob%) have 3 DNS servers and I suppose you're right, a perfect storm of all 3 being offline would prevent other systems from being monitored. At %I.T.GarageClient% if DNS is down then I'm already working one of the two or three servers that matter already and my clients aren't getting any work done anyway. Along these lines, what's the worst chain of issues you've seen? During our move we had three simultaneous SAN issues - fibre channel controller was dead, two drives (in different containers thankfully) died, and a redundant power supply in the SAN went out. What relies on this SAN? Our file shares, Exchange, 80% of our SQL DB's At the same time we have new audio-video and that the vendor neglected to mention they have some multicast(?) turned on that flooded our switches, making the servers that could run really spotty to hit from a PC. SAN guy not happy, network guy not happy, but my DC's were fine, lol. Dave From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 18, 2011 11:37 AM To: NT System Admin Issues Subject: RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Tuesday, January 18, 2011 2:06 PM To: NT System Admin Issues Subject: DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It's not how I set *MY* monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP reservations explained...
Entire Data-center go offline because something went wrong servicing the UPS in 'routine' maintenance. Several hundred physical, virtual, mainframe, etc that was also not a good night, last month :) There's a big 'portal UPS in a trailer with cables going into the building right now and some poor security guard that gets to stand near it until a replacement goes in. Steven Peck http://www.blkmtn.org On Tue, Jan 18, 2011 at 3:51 PM, Michael B. Smith mich...@smithcons.comwrote: I’ve seen four full cabinets (over 120 servers) in a data-center go offline because of a power short that caused first caused one UPS to go offline and then two more UPS’ to go offline because of overload. That was not a good night. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 3:06 PM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... If DNS stops responding, what’s working? Having said that, I see your point. We (%dayjob%) have 3 DNS servers and I suppose you’re right, a perfect storm of all 3 being offline would prevent other systems from being monitored. At %I.T.GarageClient% if DNS is down then I’m already working one of the two or three servers that matter already and my clients aren’t getting any work done anyway. Along these lines, what’s the worst chain of issues you’ve seen? During our move we had three simultaneous SAN issues – fibre channel controller was dead, two drives (in different containers thankfully) died, and a redundant power supply in the SAN went out. What relies on this SAN? Our file shares, Exchange, 80% of our SQL DB’s…. At the same time we have new audio-video and that the vendor neglected to mention they have some multicast(?) turned on that flooded our switches, making the servers that could run really spotty to hit from a PC. SAN guy not happy, network guy not happy, but my DC’s were fine, lol. Dave *From:* Michael B. Smith [mailto:mich...@smithcons.com] *Sent:* Tuesday, January 18, 2011 11:37 AM *To:* NT System Admin Issues *Subject:* RE: DHCP reservations explained... I will always do one of two things: [1] use an IP address, or [2] have a rather complex hosts file on the server(s) running the monitoring software. After all, if DNS stops responding, are you going to stop monitoring? Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com *From:* David Lum [mailto:david@nwea.org] *Sent:* Tuesday, January 18, 2011 2:06 PM *To:* NT System Admin Issues *Subject:* DHCP reservations explained... The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
Re: DHCP reservations explained...
+1 -- ME2 On Tue, Jan 18, 2011 at 11:16 AM, Erik Goldoff egold...@gmail.com wrote: I've always liked DHCP reservations over static IP addresses for servers where possible for ease of management Single view of most servers from DHCP client list simple to change parameters globally ( default gateway, primary DNS, secondary DNS, etc ) without having to visit each server less likely to experience IP in use conflict from out of date tracking spreadsheets when adding new devices to the network etc, etc, etc but if your clients/applications use hostnames, then that's what I'd monitor for most checks, keeping a single/simple check using the IP address to cross verify against name resolution. On Tue, Jan 18, 2011 at 2:06 PM, David Lum david@nwea.org wrote: The other day someone commented that it seemed like a bit much that 50% of my 100-ish servers have DHCP reservations - driving home yesterday I realized another reason why I have it that way (because yes, I chew on these questions and constantly evaluate why I do some process or another) - because my fellow SE's have their server monitoring set up to look at specific IP's instead of hostnames and I am unable to convince them otherwise. If the server IP changes it hoses their tests and the dependencies. It’s not how I set **MY** monitoring up for servers I maintain, but I have posted that question here in fact and have seen differing opinions on weather hostname or IP is preferred. *David Lum** **// *SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 503.548.5229 *// *(Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server woes
I have two scopes. Both are private address ranges, one of 10.0.0.0/8 and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server woes
That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8 and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server woes
What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8 and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server woes
You don't happen to have a reservation for 10.0.0.0 under your superscope do you? - Sean On Fri, Nov 19, 2010 at 8:06 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBakerhttp://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBakerhttp://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: DHCP Server woes
I just checked... and yes I do. Odd, that's not right. I just deleted the 10.0.0.0 record... why would that be there? --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:13:41 -0800 Subject: Re: DHCP Server woes You don't happen to have a reservation for 10.0.0.0 under your superscope do you? - Sean On Fri, Nov 19, 2010 at 8:06 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBakerhttp://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBakerhttp://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage
Re: DHCP Server woes
No idea. Just saw some chatter on the internets about a similar issue. Deleting that record should resolve your issue. - Sean On Fri, Nov 19, 2010 at 8:32 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I just checked... and yes I do. Odd, that's not right. I just deleted the 10.0.0.0 record... why would that be there? --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:13:41 -0800 Subject: Re: DHCP Server woes You don't happen to have a reservation for 10.0.0.0 under your superscope do you? - Sean On Fri, Nov 19, 2010 at 8:06 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security
Re: DHCP Server woes
Well, I'm still not able to recreate the reservation... We'll see if the reboot issue is fixed. Also, maybe now I'll have some events in the logs... --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:54:41 -0800 Subject: Re: DHCP Server woes No idea. Just saw some chatter on the internets about a similar issue. Deleting that record should resolve your issue. - Sean On Fri, Nov 19, 2010 at 8:32 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I just checked... and yes I do. Odd, that's not right. I just deleted the 10.0.0.0 record... why would that be there? --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:13:41 -0800 Subject: Re: DHCP Server woes You don't happen to have a reservation for 10.0.0.0 under your superscope do you? - Sean On Fri, Nov 19, 2010 at 8:06 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server
Re: DHCP Server woes
Yeah sorry, that fix was meant to resolve the issue with your DNS option dissappearing. - Sean On Fri, Nov 19, 2010 at 10:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: Well, I'm still not able to recreate the reservation... We'll see if the reboot issue is fixed. Also, maybe now I'll have some events in the logs... --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:54:41 -0800 Subject: Re: DHCP Server woes No idea. Just saw some chatter on the internets about a similar issue. Deleting that record should resolve your issue. - Sean On Fri, Nov 19, 2010 at 8:32 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I just checked... and yes I do. Odd, that's not right. I just deleted the 10.0.0.0 record... why would that be there? --Matt Ross Ephrata School District - Original Message - From: Sean Martin [mailto:seanmarti...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 09:13:41 -0800 Subject: Re: DHCP Server woes You don't happen to have a reservation for 10.0.0.0 under your superscope do you? - Sean On Fri, Nov 19, 2010 at 8:06 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: What is lost on a reboot (or restart of the DHCP service) is the 10.0.0.0 network's DNS (006) option. It becomes unchecked, and I have to re-check it and enter the DNS servers again. [Start Sarcasm] Without DNS, the users kindly inform me that they cannot access the internet. [End Sarcasm] Hehe. These were clean installs of servers, but the DHCP database has been exported/imported between the iterations of the DHCP servers. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 19 Nov 2010 08:47:59 -0800 Subject: Re: DHCP Server woes That doesn't seem too complex... So, rebooting the server causes the reservations to be lost? Or the exclusions? Were these clean server builds or upgrades? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Nov 19, 2010 at 11:09 AM, Matthew W. Ross mr...@ephrataschools.orgwrote: I have two scopes. Both are private address ranges, one of 10.0.0.0/8and the other 172.16.0.0/16. The 10.0.0.0 scope has all the possible addresses available _and_ excluded from distribution, so that only reserved machines get an 10.x.x.x address. All non-reserved machines fall in the 172.16.0.0 scope. --Matt Ross Ephrata School District - Original Message - From: Andrew S. Baker [mailto:asbz...@gmail.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Thu, 18 Nov 2010 21:18:48 -0800 Subject: Re: DHCP Server woes Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker http://xeesm.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease
Re: DHCP Server woes
Without divulging too much data, what scopes are you actually using? *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Nov 18, 2010 at 6:37 PM, Matthew W. Ross mr...@ephrataschools.orgwrote: Hello again, list. I have a DHCP server running on Windows 2008 R2. I have an old problem and a new. Old Problem: Whenever I try to restart the DHCP service, it forgets the DNS entries on my superscope. This problem has followed my server from Windows 2000 - 2003 R2 - 2008 R2. I have no idea why it's doing this, and there is no helpful information in the event viewer. New problem: I have a DHCP reservation I cannot re-enter. I have a laptop who's reservation no longer works, so I tried to delete and re-create the reservation. No matter what I try, recreating the reservation fails because the address is already in use. I can see the lease, and I have tried to delete said lease. But the reservation does not show up in the list. I then tried to reconcile the superscope. Luckially, it sees the problem IP address, but i get the error An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. Unfortunetly, I don't see any corresponding error under the DHCP server log or under the System/Security/Application event logs. Help? Anybody seen either of these? --Matt Ross Ephrata School District ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: DHCP and DNS Anomoly
It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior Yes, they both registered their DNS with the DNS server...the low use PC did it a month ago, it was shut off and its lease expired and that address was given to a new PC. The fix is to set up savaging to lower levels on your DNS server. http://technet.microsoft.com/en-us/library/cc759204%28WS.10%29.aspx From: Bob Hartung [mailto:bhart...@wiscoind.com] Sent: Wednesday, August 25, 2010 9:37 AM To: NT System Admin Issues Subject: DHCP and DNS Anomoly I've got an odd situation with DHCP and DNS creating a confusing situation. I use SmartCode VNC Manager for remote support. Every hour it queries all our network PCs to see if they are active or not. It uses the PC's name to resolve the IP address. I happened to notice that a very low use PC showed active when I was pretty confident it wasn't turned on. When I remoted into it, it turned out to be a different PC. Hmmm... I went to the command prompt and tried pinging both the low use PC as well as the PC I wound up connecting to and they both resolved to the same IP address. I tried ipconfig /flushdns to see if I had an error in the DNS cache but that made no difference. Next stop was the DHCP server. We have a MS Window 2003 SP2 PDC that hosts both DNS and DHCP. The low use PC had been off long enough that there wasn't even an entry for it in the IP address leases. There was an entry for the PC I wound up connecting to. I tried the same ping testing on the PDC as I had on my PC and got the same results. Next stop was the DNS server. Ah ha! There were 2 entries in the Forward Lookup Zones for that IP address for each of the PCs I was pinging. Oddly, in the Reverse Lookup Zones, there was only one entry and it was for the low use PC. It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior? Since these pointer records are automatically created by an interaction between the DHCP and DNS servers, shouldn't there also be a process that would delete DNS pointers based on expired DHCP leases, particularly since the IP address had been handed out to a different PC? I know I could resolve this issue by either turning on the low use PC and getting a new IP address lease or by simply deleting the expired DNS pointer but I'd like to understand why this can happen and if there's a way to configure things so it doesn't continue to happen. Thanks. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP and DNS Anomoly
And some DHCP options that might help... http://support.microsoft.com/kb/932464 From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, August 25, 2010 9:44 AM To: NT System Admin Issues Subject: RE: DHCP and DNS Anomoly It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior Yes, they both registered their DNS with the DNS server...the low use PC did it a month ago, it was shut off and its lease expired and that address was given to a new PC. The fix is to set up savaging to lower levels on your DNS server. http://technet.microsoft.com/en-us/library/cc759204%28WS.10%29.aspx From: Bob Hartung [mailto:bhart...@wiscoind.com] Sent: Wednesday, August 25, 2010 9:37 AM To: NT System Admin Issues Subject: DHCP and DNS Anomoly I've got an odd situation with DHCP and DNS creating a confusing situation. I use SmartCode VNC Manager for remote support. Every hour it queries all our network PCs to see if they are active or not. It uses the PC's name to resolve the IP address. I happened to notice that a very low use PC showed active when I was pretty confident it wasn't turned on. When I remoted into it, it turned out to be a different PC. Hmmm... I went to the command prompt and tried pinging both the low use PC as well as the PC I wound up connecting to and they both resolved to the same IP address. I tried ipconfig /flushdns to see if I had an error in the DNS cache but that made no difference. Next stop was the DHCP server. We have a MS Window 2003 SP2 PDC that hosts both DNS and DHCP. The low use PC had been off long enough that there wasn't even an entry for it in the IP address leases. There was an entry for the PC I wound up connecting to. I tried the same ping testing on the PDC as I had on my PC and got the same results. Next stop was the DNS server. Ah ha! There were 2 entries in the Forward Lookup Zones for that IP address for each of the PCs I was pinging. Oddly, in the Reverse Lookup Zones, there was only one entry and it was for the low use PC. It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior? Since these pointer records are automatically created by an interaction between the DHCP and DNS servers, shouldn't there also be a process that would delete DNS pointers based on expired DHCP leases, particularly since the IP address had been handed out to a different PC? I know I could resolve this issue by either turning on the low use PC and getting a new IP address lease or by simply deleting the expired DNS pointer but I'd like to understand why this can happen and if there's a way to configure things so it doesn't continue to happen. Thanks. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP and DNS Anomoly
JK, Might want to get some more coffee there. :-) PS Thanks for the chuckle. I needed it this morning. On Wed, Aug 25, 2010 at 9:43 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: “It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior” Yes, they both registered their DNS with the DNS server…the low use PC did it a month ago, it was shut off and its lease expired and that address was given to a new PC. The fix is to set up savaging to lower levels on your DNS server. http://technet.microsoft.com/en-us/library/cc759204%28WS.10%29.aspx *From:* Bob Hartung [mailto:bhart...@wiscoind.com] *Sent:* Wednesday, August 25, 2010 9:37 AM *To:* NT System Admin Issues *Subject:* DHCP and DNS Anomoly I've got an odd situation with DHCP and DNS creating a confusing situation. I use SmartCode VNC Manager for remote support. Every hour it queries all our network PCs to see if they are active or not. It uses the PC's name to resolve the IP address. I happened to notice that a very low use PC showed active when I was pretty confident it wasn't turned on. When I remoted into it, it turned out to be a different PC. Hmmm... I went to the command prompt and tried pinging both the low use PC as well as the PC I wound up connecting to and they both resolved to the same IP address. I tried ipconfig /flushdns to see if I had an error in the DNS cache but that made no difference. Next stop was the DHCP server. We have a MS Window 2003 SP2 PDC that hosts both DNS and DHCP. The low use PC had been off long enough that there wasn't even an entry for it in the IP address leases. There was an entry for the PC I wound up connecting to. I tried the same ping testing on the PDC as I had on my PC and got the same results. Next stop was the DNS server. Ah ha! There were 2 entries in the Forward Lookup Zones for that IP address for each of the PCs I was pinging. Oddly, in the Reverse Lookup Zones, there was only one entry and it was for the low use PC. It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior? Since these pointer records are automatically created by an interaction between the DHCP and DNS servers, shouldn't there also be a process that would delete DNS pointers based on expired DHCP leases, particularly since the IP address had been handed out to a different PC? I know I could resolve this issue by either turning on the low use PC and getting a new IP address lease or by simply deleting the expired DNS pointer but I'd like to understand why this can happen and if there's a way to configure things so it doesn't continue to happen. Thanks. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP and DNS Anomoly
On Wed, Aug 25, 2010 at 9:36 AM, Bob Hartung bhart...@wiscoind.com wrote: It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior? In DNS, forward and reverse queries are completely independent of each other. (A forward query uses a name to find things like an IP address; a reverse query uses an IP address to find a name.) PTR records (pointer, used for reverse queries) use the IP address as the key, so when one DNS Update message comes in saying PTR record for 192.0.2.42 should be foo.example.com, that overwrites any previous PTR record at that IP address. In contrast, A records (address; Microsoft calls this Host) use the name as the key. So when a DNS Update message comes in saying foo.example.com should have A record 192.0.2.42, that doesn't involve any other names that might reference that same IP address. Even if bar.example.com also had an A record referencing 192.0.2.42, that's not prohibited by the DNS spec. Since these pointer records are automatically created by an interaction between the DHCP and DNS servers, shouldn't there also be a process that would delete DNS pointers based on expired DHCP leases, particularly since the IP address had been handed out to a different PC? That would be possible, in theory, but there's no standard protocol for it. Microsoft would have to invent something that integrates their DNS server with their DHCP server. *Possibly* might be a good idea, but it doesn't currently exist. Microsoft's solution for this problem is to run scavenging on the DNS server. This configures the DNS server to periodically looks for dynamically-updated records which haven't been refreshed in a while, and delete them. Read the manual and search the web first; from what I understand misconfigured scavenging can end up eating *all* your records if you're not careful. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP and DNS Anomoly
Isn't there also a setting in the DHCP scope that let's it update the DNS ? This article may help... http://support.microsoft.com/kb/816592 From: tony patton tony.pat...@quinn-insurance.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wed, August 25, 2010 8:50:03 AM Subject: Re: DHCP and DNS Anomoly Yep, thats a common problem we have, it's due to DNS scavenging not being configured, can't get them to change it either. 2 1/2 weeks and it ain't my problem anymore :) Regards Tony Patton Desktop Support Analyst - Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: Bob Hartung bhart...@wiscoind.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 25/08/2010 14:37 Subject: DHCP and DNS Anomoly I've got an odd situation with DHCP and DNS creating a confusing situation. I use SmartCode VNC Manager for remote support. Every hour it queries all our network PCs to see if they are active or not. It uses the PC's name to resolve the IP address. I happened to notice that a very low use PC showed active when I was pretty confident it wasn't turned on. When I remoted into it, it turned out to be a different PC. Hmmm... I went to the command prompt and tried pinging both the low use PC as well as the PC I wound up connecting to and they both resolved to the same IP address. I tried ipconfig /flushdns to see if I had an error in the DNS cache but that made no difference. Next stop was the DHCP server. We have a MS Window 2003 SP2 PDC that hosts both DNS and DHCP. The low use PC had been off long enough that there wasn't even an entry for it in the IP address leases. There was an entry for the PC I wound up connecting to. I tried the same ping testing on the PDC as I had on my PC and got the same results. Next stop was the DNS server. Ah ha! There were 2 entries in the Forward Lookup Zones for that IP address for each of the PCs I was pinging. Oddly, in the Reverse Lookup Zones, there was only one entry and it was for the low use PC. It's strikes me odd that DNS would allow multiple entries for the same IP address. Is that normal behavior? Since these pointer records are automatically created by an interaction between the DHCP and DNS servers, shouldn't there also be a process that would delete DNS pointers based on expired DHCP leases, particularly since the IP address had been handed out to a different PC? I know I could resolve this issue by either turning on the low use PC and getting a new IP address lease or by simply deleting the expired DNS pointer but I'd like to understand why this can happen and if there's a way to configure things so it doesn't continue to happen. Thanks. -- Bob Hartung Wisco Industries, Inc. 736 Janesville St. Oregon, WI 53575 Tel: (608) 835-3106 x215 Fax: (608) 835-7399 e-mail: bhartung(at)wiscoind.com This e-mail is intended only for the addressee named above. The contents should not be copied nor disclosed to any other person. Any views or opinions expressed are solely those of the sender and do not necessarily represent those of QUINN-Insurance Limited (Under Administration), unless otherwise specifically stated . As internet communications are not secure, QUINN-Insurance Limited (Under Administration) is not responsible for the contents of this message nor responsible for any change made to this message after it was sent by the original sender. Although virus scanning is used on all inbound and outbound e-mail, we advise you to carry out your own virus check before opening any attachment. We cannot accept liability for any damage sustained as a result of any software viruses. QUINN-Insurance Limited (Under Administration) is regulated by the Financial Regulator and regulated by the Financial Services Authority for the conduct of UK business. QUINN-Insurance Limited (Under Administration) is registered in Ireland, registration number 240768 and is a private company limited by shares. Its head office is at Dublin Road, Cavan, Co. Cavan. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP Scope Option
I just tried switching it to that and it fixed the problem. All my other scopes were domain.local. Guess I've just been lucky that nothing to this point has cared in the past 7 years. -Original Message- From: HELP_PC [mailto:g...@enter.it] Sent: Thursday, August 19, 2010 12:28 PM To: NT System Admin Issues Subject: R: DHCP Scope Option Option 15 in DHCP should be domain.local GuidoElia HELPPC -Messaggio originale- Da: N Parr [mailto:npar...@mortonind.com] Inviato: giovedì 19 agosto 2010 19.15 A: NT System Admin Issues Oggetto: DHCP Scope Option 15 DNS Domain Name Should it be just domain or domain.local? Or does it not matter? My win clients don't have any issues but I have a terminal client that can ping it's management server by the FQDN but not by machine name alone. And of course it won't work unless it can find it's management server by the machine name. All my win clients can do either. Just trying to figure out anything that would solve this because the vendor has never had this problem before. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP Renewal Process for Reserved Address
On Mon, Jun 7, 2010 at 6:53 PM, Sean Martin seanmarti...@gmail.com wrote: Do clients with a DHCP reservation go through the same renewal process (check once at 50%, try again at 87.5%, etc.)? I believe a DHCP reservation is simply a server configuration artifact, not something in the actual DHCP wire protocol. So, that would really depend on the implementation, of both server and client. First, it will depend on what the server gives for a lease time on reservation. I imagine a server could just use the same lease time it does for dynamic IP addresses in the scope, or it could issue an infinite lease time. Then it depends on the client. A client with an infinite lease time may decide it should check in periodically anyway, or restart its DHCP cycle for other reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP Renewal Process for Reserved Address
Thanks Ben. I've been trying to find documentation that speaks to the lease duration interval in regards to reservations. I haven't come up with much so far. I'd like to assume that if the scope has an X day lease duration, reservations would follow the same renewal process. None of our scopes are configured with an unlimited lease duration. I guess I may just have to pick a scope, make some changes, and test with some clients. - Sean On Mon, Jun 7, 2010 at 3:08 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Jun 7, 2010 at 6:53 PM, Sean Martin seanmarti...@gmail.com wrote: Do clients with a DHCP reservation go through the same renewal process (check once at 50%, try again at 87.5%, etc.)? I believe a DHCP reservation is simply a server configuration artifact, not something in the actual DHCP wire protocol. So, that would really depend on the implementation, of both server and client. First, it will depend on what the server gives for a lease time on reservation. I imagine a server could just use the same lease time it does for dynamic IP addresses in the scope, or it could issue an infinite lease time. Then it depends on the client. A client with an infinite lease time may decide it should check in periodically anyway, or restart its DHCP cycle for other reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP Renewal Process for Reserved Address
Eh? I came in late. DHCP reservations are dependent on the lifetime of the scope lease that is set. If no lifetime is set at the scope level, then it defaults to the server lifetime. A reservation (or an address award) checks at 50% and 25% and 0% of the lease lifetime. If the lease isn't renewed during those checks, then at 0%, the computer will go APIPA. There is an RFC that defines this behavior. During any check cycle, a computer with a lease (or a reservation) can receive an option update. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Sean Martin [mailto:seanmarti...@gmail.com] Sent: Monday, June 07, 2010 7:24 PM To: NT System Admin Issues Subject: Re: DHCP Renewal Process for Reserved Address Thanks Ben. I've been trying to find documentation that speaks to the lease duration interval in regards to reservations. I haven't come up with much so far. I'd like to assume that if the scope has an X day lease duration, reservations would follow the same renewal process. None of our scopes are configured with an unlimited lease duration. I guess I may just have to pick a scope, make some changes, and test with some clients. - Sean On Mon, Jun 7, 2010 at 3:08 PM, Ben Scott mailvor...@gmail.commailto:mailvor...@gmail.com wrote: On Mon, Jun 7, 2010 at 6:53 PM, Sean Martin seanmarti...@gmail.commailto:seanmarti...@gmail.com wrote: Do clients with a DHCP reservation go through the same renewal process (check once at 50%, try again at 87.5%, etc.)? I believe a DHCP reservation is simply a server configuration artifact, not something in the actual DHCP wire protocol. So, that would really depend on the implementation, of both server and client. First, it will depend on what the server gives for a lease time on reservation. I imagine a server could just use the same lease time it does for dynamic IP addresses in the scope, or it could issue an infinite lease time. Then it depends on the client. A client with an infinite lease time may decide it should check in periodically anyway, or restart its DHCP cycle for other reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP Renewal Process for Reserved Address
When making significant changes to a DHCP scope, I always start way ahead of time and gradually reduce the lease time to something ridiculously (but appropriately) short - even on the order of 5 or 10 minutes in some cases. When the time to flip the big switch rolls around I can be well assured that all the clients are updated within the lease period after I make the drastic change. It takes a small amount of planning, but this approach hasn't failed me yet. All that said, I pretty much agree with Ben's response. A DHCP client, is a DHCP client, is a DHCP client. Whatever implementation of the protocol that client uses shouldn't change whether its leased IP is either a reservation or truly dynamic. After all, how would it know? What I hadn't considered is the notion that a DHCP server might dole out longer lease times to clients with reservations than to dynamic clients within the same scope. I guess it's possible, but it pretty much flies in the face of the rationale for having a DHCP reservation vs a true static IP. I'm pretty sure the MS DHCP role doesn't do this, but I'm happy to be corrected if wrong. On Mon, Jun 7, 2010 at 7:08 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Jun 7, 2010 at 6:53 PM, Sean Martin seanmarti...@gmail.com wrote: Do clients with a DHCP reservation go through the same renewal process (check once at 50%, try again at 87.5%, etc.)? I believe a DHCP reservation is simply a server configuration artifact, not something in the actual DHCP wire protocol. So, that would really depend on the implementation, of both server and client. First, it will depend on what the server gives for a lease time on reservation. I imagine a server could just use the same lease time it does for dynamic IP addresses in the scope, or it could issue an infinite lease time. Then it depends on the client. A client with an infinite lease time may decide it should check in periodically anyway, or restart its DHCP cycle for other reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP Renewal Process for Reserved Address
Sorry I didn't speficy in the beginning. We are talking about Microsoft DHCP using Windows 2003. I think Michael and Richard pretty much summed it up for me. During the course of my research, I also identified that most of our scopes are setup with a ridiculously short lease duration (3 days), given the fact we have a highly segmented network and use reservations for the vast majority of devices relying on DHCP. Fortunately, the short lease duration will work to my advantage as I start rolling out some options changes. Thanks to everyone for the responses. - Sean On Mon, Jun 7, 2010 at 3:33 PM, Richard Stovall rich...@gmail.com wrote: When making significant changes to a DHCP scope, I always start way ahead of time and gradually reduce the lease time to something ridiculously (but appropriately) short - even on the order of 5 or 10 minutes in some cases. When the time to flip the big switch rolls around I can be well assured that all the clients are updated within the lease period after I make the drastic change. It takes a small amount of planning, but this approach hasn't failed me yet. All that said, I pretty much agree with Ben's response. A DHCP client, is a DHCP client, is a DHCP client. Whatever implementation of the protocol that client uses shouldn't change whether its leased IP is either a reservation or truly dynamic. After all, how would it know? What I hadn't considered is the notion that a DHCP server might dole out longer lease times to clients with reservations than to dynamic clients within the same scope. I guess it's possible, but it pretty much flies in the face of the rationale for having a DHCP reservation vs a true static IP. I'm pretty sure the MS DHCP role doesn't do this, but I'm happy to be corrected if wrong. On Mon, Jun 7, 2010 at 7:08 PM, Ben Scott mailvor...@gmail.com wrote: On Mon, Jun 7, 2010 at 6:53 PM, Sean Martin seanmarti...@gmail.com wrote: Do clients with a DHCP reservation go through the same renewal process (check once at 50%, try again at 87.5%, etc.)? I believe a DHCP reservation is simply a server configuration artifact, not something in the actual DHCP wire protocol. So, that would really depend on the implementation, of both server and client. First, it will depend on what the server gives for a lease time on reservation. I imagine a server could just use the same lease time it does for dynamic IP addresses in the scope, or it could issue an infinite lease time. Then it depends on the client. A client with an infinite lease time may decide it should check in periodically anyway, or restart its DHCP cycle for other reasons. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP Renewal Process for Reserved Address
On Mon, Jun 7, 2010 at 7:23 PM, Sean Martin seanmarti...@gmail.com wrote: None of our scopes are configured with an unlimited lease duration. I guess I may just have to pick a scope, make some changes, and test with some clients. IPCONFIG /ALL will tell you when a client thinks its lease will expire. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP in Win2k3 R2 domain
Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet. Cheers Matt -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com . Thank You. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
Nobody from IT has been to this overseas office in my 8 years at this company. We've shipped servers and this admin has set them in the rack and hooked them up. By now, the political situation has gotten to be such that it would be thoroughly resented if I went to correct things, such as locking away the servers - even if it were just the DC and Exchange server. It's extremely unlikely that we'd get a second DC in the overseas offices, and one should be sufficient, because if they lost both the DC and the WAN or VPN at the same time, they'd likely have bigger problems. On Sun, Feb 21, 2010 at 11:43, Davies,Matt mdav...@generalatlantic.com wrote: Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet. Cheers Matt -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com . Thank You. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
Do you really want someone to control what and where the clients look to for information? Do you trust this person to keep their hands off of the network? If you say yes leave them be if you don't or if this person just is one to the type that all things Linux is good and all things Microsoft is bad then I would use the hammer and make sure you document the reason why you are doing it. I suspect this person since they have(by our own statement) shut down the DC because things were not right is going to cause you issues more so down the road with retaining control of DHCP. All clients know to look for the DHCP server for a lot of information including IP address for the DNS and AD servers. Jon On Sun, Feb 21, 2010 at 2:51 PM, Kurt Buff kurt.b...@gmail.com wrote: Nobody from IT has been to this overseas office in my 8 years at this company. We've shipped servers and this admin has set them in the rack and hooked them up. By now, the political situation has gotten to be such that it would be thoroughly resented if I went to correct things, such as locking away the servers - even if it were just the DC and Exchange server. It's extremely unlikely that we'd get a second DC in the overseas offices, and one should be sufficient, because if they lost both the DC and the WAN or VPN at the same time, they'd likely have bigger problems. On Sun, Feb 21, 2010 at 11:43, Davies,Matt mdav...@generalatlantic.com wrote: Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet. Cheers Matt -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com . Thank You. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP in Win2k3 R2 domain
There is no intrinsic reason for DHCP to be based on Windows. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 1:34 PM To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
+1. Kind of makes me sad the guy thinks he admining DHCP. I mean really, how often do you touch it? I would just say that if you have a corp standard, follow it. Be it Windows or any other flavor. Pick one and standardize (which you have done). That's a hard argument for someone when 90% of the company is already following it. On 2/21/10, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 1:34 PM To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
He didn't reboot the DC, he rebooted the firewall - in spite of the fact that I asked him to call our on-call extension here in the States, which generates a page to the on-call cell phone. I'm not sure of his stance on MSFT vs. Linux, except that he definitely prefers the latter. Still, you haven't brought up any technical reasons why not. There may be further issues, and I'll keep looking around for a day or two. Kurt On Sun, Feb 21, 2010 at 12:59, Jon Harris jk.har...@gmail.com wrote: Do you really want someone to control what and where the clients look to for information? Do you trust this person to keep their hands off of the network? If you say yes leave them be if you don't or if this person just is one to the type that all things Linux is good and all things Microsoft is bad then I would use the hammer and make sure you document the reason why you are doing it. I suspect this person since they have(by our own statement) shut down the DC because things were not right is going to cause you issues more so down the road with retaining control of DHCP. All clients know to look for the DHCP server for a lot of information including IP address for the DNS and AD servers. Jon On Sun, Feb 21, 2010 at 2:51 PM, Kurt Buff kurt.b...@gmail.com wrote: Nobody from IT has been to this overseas office in my 8 years at this company. We've shipped servers and this admin has set them in the rack and hooked them up. By now, the political situation has gotten to be such that it would be thoroughly resented if I went to correct things, such as locking away the servers - even if it were just the DC and Exchange server. It's extremely unlikely that we'd get a second DC in the overseas offices, and one should be sufficient, because if they lost both the DC and the WAN or VPN at the same time, they'd likely have bigger problems. On Sun, Feb 21, 2010 at 11:43, Davies,Matt mdav...@generalatlantic.com wrote: Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet. Cheers Matt -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at h...@generalatlantic.com . Thank You. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~
Re: DHCP in Win2k3 R2 domain
On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
There really aren't any technical reasons not to. And he has physical access anyway. As you said, not enough reason to be draconian. Yet. :) -ASB: http://xeesm.com/AndrewBaker Sent from my Verizon Smartphone -Original Message- From: Kurt Buff kurt.b...@gmail.com Date: Sun, 21 Feb 2010 13:48:05 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Subject: Re: DHCP in Win2k3 R2 domain He didn't reboot the DC, he rebooted the firewall - in spite of the fact that I asked him to call our on-call extension here in the States, which generates a page to the on-call cell phone. I'm not sure of his stance on MSFT vs. Linux, except that he definitely prefers the latter. Still, you haven't brought up any technical reasons why not. There may be further issues, and I'll keep looking around for a day or two. Kurt On Sun, Feb 21, 2010 at 12:59, Jon Harris jk.har...@gmail.com wrote: Do you really want someone to control what and where the clients look to for information? Do you trust this person to keep their hands off of the network? If you say yes leave them be if you don't or if this person just is one to the type that all things Linux is good and all things Microsoft is bad then I would use the hammer and make sure you document the reason why you are doing it. I suspect this person since they have(by our own statement) shut down the DC because things were not right is going to cause you issues more so down the road with retaining control of DHCP. All clients know to look for the DHCP server for a lot of information including IP address for the DNS and AD servers. Jon On Sun, Feb 21, 2010 at 2:51 PM, Kurt Buff kurt.b...@gmail.com wrote: Nobody from IT has been to this overseas office in my 8 years at this company. We've shipped servers and this admin has set them in the rack and hooked them up. By now, the political situation has gotten to be such that it would be thoroughly resented if I went to correct things, such as locking away the servers - even if it were just the DC and Exchange server. It's extremely unlikely that we'd get a second DC in the overseas offices, and one should be sufficient, because if they lost both the DC and the WAN or VPN at the same time, they'd likely have bigger problems. On Sun, Feb 21, 2010 at 11:43, Davies,Matt mdav...@generalatlantic.com wrote: Kurt, For remote offices, we have always made sure that we have 2 DC's both with DHCP, although only if they are in a secure location with restricted physical access, we have done this mainly for redundancy, we have looked at running DHCP from a centralised location, but even in this day and age, wan links or VPNs can sometimes be unreliable. This way if the WAN or VPN is down then the users can still logon and still browse the internet. Cheers Matt -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: 21 February 2010 18:34 To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ _ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you
RE: DHCP in Win2k3 R2 domain
Is this office an exception? Or do you have other offices that also have linux dhcp servers? Are there other techs that may need to remotely manage this site? Do they have the access/skills/knowledge to work with a linux dhcp server? Do they know to even look for it or are they expecting windows dhcp? To me there are a two main issues here:- Possible lack of standardisation An Admin that wants to control something for no real reason. There is smoke here in my opinion. What's he hiding? Technical solutions(which may or not be possible) is to take control at the network level. Block dhcp broadcasts on the switch for the relevant ports (67,68 from memory) for the linux dhcp server. If there are other subnets involved set your ip helper configuration to forward requests to the windows dhcp server. But really this guy needs to understand the benefits of standardisation. Unless he can provide an outstanding benefit of running the dhcp server on linux then it makes no sense to have an exception from the norm. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, 22 February 2010 4:34 AM To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP in Win2k3 R2 domain
With regards to the clients updating DNS, yes they are normally set to do that. However you can configure the dhcp server to do it. This can be beneficial in environments where you have clients that are unable to update dns with their new IP information. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, 22 February 2010 7:57 AM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP in Win2k3 R2 domain
The converse to the DHCP detection stuff is that if any Windows box comes up in the domain with DHCP installed, DHCP won't actually start until someone with (by default) Enterprise Admin privs authorizes it. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 3:57 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
On Sun, Feb 21, 2010 at 13:22, Martin Blackstone mblackst...@gmail.com wrote: +1. Kind of makes me sad the guy thinks he admining DHCP. I mean really, how often do you touch it? I would just say that if you have a corp standard, follow it. Be it Windows or any other flavor. Pick one and standardize (which you have done). That's a hard argument for someone when 90% of the company is already following it. Understood and agreed. He's fighting the loss of control, I suspect, more than anything. Standardization is a good thing, though, and it may come down to that. I think I'll ask him to quantify the amount of change he's seeing in his environment, and why setting up a pool of leases won't suffice, along with a helpdesk ticket to set up reservations if he needs them. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
We have two overseas offices. The one under discussion is an exception. I was wondering what was being hidden as well, but at this point there's not enough smoke. He's fought me on a lot of issues. I'm gradually winning. :) On Sun, Feb 21, 2010 at 14:20, James Hill james.h...@superamart.com.au wrote: Is this office an exception? Or do you have other offices that also have linux dhcp servers? Are there other techs that may need to remotely manage this site? Do they have the access/skills/knowledge to work with a linux dhcp server? Do they know to even look for it or are they expecting windows dhcp? To me there are a two main issues here:- Possible lack of standardisation An Admin that wants to control something for no real reason. There is smoke here in my opinion. What's he hiding? Technical solutions(which may or not be possible) is to take control at the network level. Block dhcp broadcasts on the switch for the relevant ports (67,68 from memory) for the linux dhcp server. If there are other subnets involved set your ip helper configuration to forward requests to the windows dhcp server. But really this guy needs to understand the benefits of standardisation. Unless he can provide an outstanding benefit of running the dhcp server on linux then it makes no sense to have an exception from the norm. -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Monday, 22 February 2010 4:34 AM To: NT System Admin Issues Subject: DHCP in Win2k3 R2 domain All, Actually, the issue isn't really that, it's the part time admin in one of our overseas offices. He's running DHCP on a linux box, and handing out DNS/WINS entries pointing to the AD servers. I've got DHCP set up on the DC in their office, but haven't turned it on yet. He's balking because he want to control the handing out of addresses in his environment. Yes, I've taken away a large portion of his former set of control, but he can set up new users (including their mailboxes, etc.) and workstations, and he is an admin on the file server and the ERP box in their office, but little else - he doesn't have access to the DC with WINS/DNS, nor the firewall (though he has pulled the plug on it when it wasn't working right, without calling me, which really pissed me off.) I could just turn on DHCP on the DC, and let those two machines fight it out, with the resulting chaos that would ensue, but I don't think that's terribly smart. I could just use the management hammer and tell him to turn the linux service off because I said so but that seems less than optimal as well. The servers are set up with static addresses, so that bit is not an issue. Can anyone point me to KB articles or other documentation on running DHCP that bolsters the case for centralizing it with AD? OTOH, if there's no compelling reason for doing so, I'd like to hear that as well, though I think that having network infrastructure services served out of the same platform, and manageable by the HQ would be a good thing. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
Yes, but it seems a bit shortsighted in the face I what I've had to deal with - on at least two occasions I've had people drag personal (linksys, dlink) firewalls/routers into work because they needed them, and really screwed with one of my subnets. This was back when we were on NT4, and it was not on the subnet with the servers, so it didn't DoS the entire office, just that subnet, but still... Kurt On Sun, Feb 21, 2010 at 14:31, Brian Desmond br...@briandesmond.com wrote: The converse to the DHCP detection stuff is that if any Windows box comes up in the domain with DHCP installed, DHCP won't actually start until someone with (by default) Enterprise Admin privs authorizes it. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 3:57 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: DHCP in Win2k3 R2 domain
Yep. Do your switches support DHCP Snooping? You can pretty much kill the problem if they have such a feature. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 5:11 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain Yes, but it seems a bit shortsighted in the face I what I've had to deal with - on at least two occasions I've had people drag personal (linksys, dlink) firewalls/routers into work because they needed them, and really screwed with one of my subnets. This was back when we were on NT4, and it was not on the subnet with the servers, so it didn't DoS the entire office, just that subnet, but still... Kurt On Sun, Feb 21, 2010 at 14:31, Brian Desmond br...@briandesmond.com wrote: The converse to the DHCP detection stuff is that if any Windows box comes up in the domain with DHCP installed, DHCP won't actually start until someone with (by default) Enterprise Admin privs authorizes it. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 3:57 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: DHCP in Win2k3 R2 domain
Unknown. Possibly. I have a bunch of HP 2510-48s, and an HP 2400cl for my backbone. I'll have to check that out. I don't know what I have in my overseas offices. Kurt On Sun, Feb 21, 2010 at 15:37, Brian Desmond br...@briandesmond.com wrote: Yep. Do your switches support DHCP Snooping? You can pretty much kill the problem if they have such a feature. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 5:11 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain Yes, but it seems a bit shortsighted in the face I what I've had to deal with - on at least two occasions I've had people drag personal (linksys, dlink) firewalls/routers into work because they needed them, and really screwed with one of my subnets. This was back when we were on NT4, and it was not on the subnet with the servers, so it didn't DoS the entire office, just that subnet, but still... Kurt On Sun, Feb 21, 2010 at 14:31, Brian Desmond br...@briandesmond.com wrote: The converse to the DHCP detection stuff is that if any Windows box comes up in the domain with DHCP installed, DHCP won't actually start until someone with (by default) Enterprise Admin privs authorizes it. Thanks, Brian Desmond br...@briandesmond.com c – 312.731.3132 -Original Message- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Sunday, February 21, 2010 3:57 PM To: NT System Admin Issues Subject: Re: DHCP in Win2k3 R2 domain On Sun, Feb 21, 2010 at 13:11, Michael B. Smith mich...@smithcons.com wrote: There is no intrinsic reason for DHCP to be based on Windows. No technical reason then. As I suspected. There are some easy of admin features that I think are nice - such as when you build the subnet the wizard prompts you for the site-aware DNS and WINS server and the automatic DNS and rDNS registrations. Explain that a bit more? Doesn't the setting in WinXP (which is what we're on) also handle that if set manually during OS installation? But any modern (i.e., the last 15 years) DHCP server knows about WINS and NBNS node types, etc. etc. Right. If DHCP on Windows detects another DHCP server, it'll automatically shut itself down to avoid fighting for control. That I didn't know. I'm not sure I like that. I prefer running DHCP on Windows - especially in branch offices, I can go one place and control everything and see everything. And it makes monitoring easier, too. From a security standpoint, this is a win - knowing if new MAC addresses are picking up IP addresses out of the pool is a good thing, and while it's possible to do this with the Linux DHCP server (even easy, if your scripting skills are good) it's just one more place to look. This is something to consider. Thanks, Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: dhcp reservations
So you are running a 2003 or 2008 domain with the win7 mgmt tools and you are able to right click on a current dhcp item and move it into reserved? I have a win7 machine on site as a beta test I suppose I could load up the tools if that works and try it. -Original Message- From: Brian Hintz [mailto:bhi...@gmail.com] Sent: Wednesday, October 14, 2009 8:56 PM To: NT System Admin Issues Subject: Re: dhcp reservations I was hoping I could just right click on the current dhcp lease and convert it to a reservation but no such luck :0 FYI - I am now able to do exactly this with Win 7 and the MS Remote Server Management tools. On Wed, Oct 14, 2009 at 5:54 PM, Kurt Buff kurt.b...@gmail.com wrote: Nice link. Thanks for that. I use netsh in a batch file scheduled to run every night that dumps the database and compares it with the previous day's database dump, then mails me the diff with blat. This gives me good insight into what changes on my subnets. Kurt On Wed, Oct 14, 2009 at 14:32, Ken Cornetet ken.corne...@kimball.com wrote: http://technet.microsoft.com/en-us/library/cc787375(WS.10).aspx#BKMK_addresd ip From: Benjamin Zachary - Lists [mailto:li...@levelfive.us] Sent: Wednesday, October 14, 2009 5:23 PM To: NT System Admin Issues Subject: RE: dhcp reservations Im aware of that and was thinking of unlimited, however whast happening is we have a network with multiple buildings and multiple lans. The network is pretty active in movement and equipment. The problem is that people are bringing devices in. we thought about managing it at the procurve switch but its just too much. We had all the reservations there but had to recently redo the scope when we added 150 computers to the network. Right now we have about 50 procurve switches and the help desk staff is not capable of managing them when they move departments around. What we were doing before was activating the scope, and forcing all macs into reservation so when we deployed new pcs we would put the reservation in there in advance and then the workstation/device was ready to go. I see I can export the current list with mac address and can massage that pretty quick, but didnt see a decent way to import using netsh commands. Thanks I will poke around on the netsh From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, October 14, 2009 3:47 PM To: NT System Admin Issues Subject: Re: dhcp reservations Typically, Microsoft clients do not change their DHCP address unless the address they had before is no longer available. They request the address they had previously. ASB (My XeeSM Profile) Providing Competitive Advantage through Effective IT Leadership On Wed, Oct 14, 2009 at 3:02 PM, Benjamin Zachary - Lists li...@levelfive.us wrote: Anyone know of an easy way to convert dhcp to dhcp w/reservations? We have a 450 user network with all dhcp but need them to not change for some new software. I was hoping I could just right click on the current dhcp lease and convert it to a reservation but no such luck :0 Id rather not have to input 450 mac addresses. Im tinkering with netsh dhcp server to see if anything looks possible but so far nothing good. Thanks ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~