dhcp service pog

DHCP Service Product Operations Guide

Managing the Windows Server Platform

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), but only for the purposes provided in the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.

2003 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Visual Basic, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

DHCP Service Product Operations Guide iii

ContentsIntroduction to Product Operations Guide.......................................................................................1

Document Purpose.....................................................................................................................1Intended Audience...................................................................................................................... 1How to Use This Guide...............................................................................................................1Background................................................................................................................................. 2

High-Level Tasks for Maintaining Windows Server 2003 DHCP Services.....................................5Overview..................................................................................................................................... 5Technology Required.................................................................................................................. 6Maintenance Processes Checklist..............................................................................................9

Operating Quadrant.................................................................................................................9Supporting Quadrant.............................................................................................................11Optimizing Quadrant..............................................................................................................13Changing Quadrant...............................................................................................................14

Detailed Maintenance Actions......................................................................................................17Overview................................................................................................................................... 17Process: Data backup, restore, and recovery operations..........................................................18

Task: Pull configuration, transaction logs, and database to external storage........................18Task: Verify previous day's backup job..................................................................................22Task: Verify restore................................................................................................................24

Process: Storage resource management..................................................................................25Task: Monitor disk space for DHCP logs and database.........................................................25

Process: Perform monitoring.....................................................................................................28Task: Capture service performance statistics........................................................................28Task: Capture DHCP services scope usage statistics...........................................................32Task: Capture DHCP server system load and utilization statistics........................................33

Process: Managing resources and service performance...........................................................41Task: Create service performance and utilization report........................................................41

Process: Proactive analysis and review....................................................................................42Task: Capture DHCP client-lease information logs................................................................42Task: Monitor and resolve alerts indicating DHCP conflict (rogue detection and IP in use)........................................................................................................................................ 43Task: Monitor key DHCP dependencies (Active Directory and network)...............................43Task: Monitor log for critical DHCP events............................................................................44Task: Service check—check DHCP authorization status.......................................................45Task: Service check—resolve alerts indicating DHCP server service is down......................46Task: Service check—verify that all DHCP relay agents are functioning normally................47Task: Service check—verify that the DHCP server is running automated daily database backup................................................................................................................... 48Task: Service check—verify receipt of accurate DHCP configuration from the correct DHCP server......................................................................................................................... 49

Process: Classification and initial support.................................................................................51Task: Service desk steps to eliminate the DHCP server/service as causing the issue..........51

Process: Investigation and diagnosis........................................................................................54Task: Respond to daily service request.................................................................................54Task: Create weekly service activity report............................................................................55

Process: Review configuration items.........................................................................................57Task: Compliance check—modifying the DHCP lease duration............................................57Task: Compliance check—conflict detection on DHCP servers (rogue detection and IP in use)............................................................................................................................... 59Task: Compliance check—maintain dynamic update configuration.......................................60

Process: Change classification.................................................................................................62Task: Review emergency change request.............................................................................62

Processes by MOF Role Clusters.................................................................................................65

iv Managing the Windows Server Platform

Operations Role Cluster........................................................................................................65Support Role Cluster.............................................................................................................66Release Role Cluster.............................................................................................................66Infrastructure Role Cluster.....................................................................................................67Security Role Cluster.............................................................................................................67Partner Role Cluster..............................................................................................................68

Troubleshooting............................................................................................................................ 69Overview................................................................................................................................... 69

Problem #1: No IP Address...................................................................................................69Problem #2: Incorrect IP Address..........................................................................................70Problem #3: Missing Configuration Details............................................................................70Problem #4: Incorrect or Incomplete Options........................................................................71Problem #5: Unable to Obtain IP Addresses.........................................................................71Problem #6: No Relay Services.............................................................................................73

Appendix....................................................................................................................................... 75DHCP Log Events—Fields........................................................................................................75DHCP Log Events—ID Codes...................................................................................................76DHCP System Monitors............................................................................................................77

DHCP Service Product Operations Guide v

Contributors

Program ManagerJeff Yuhas, Microsoft Corporation

Lead WritersMichael Sarabosing, Covestic Inc.

Akil Washington, Covestic Inc.

Test ManagerGreg Gicewicz, Microsoft Corporation

QA ManagerJim Ptaszynski, Microsoft Corporation

Lead Technical WriterJerry Dyer, Microsoft Corporation

Lead Technical EditorLaurie Dunham, Microsoft Corporation

Technical EditorsFrank Manning, Volt Technical Services

Patricia Rytkonen, Volt Technical Services

Production EditorKevin Klein, Volt Technical Services

1Introduction to Product Operations Guide

Document PurposeThis guide describes processes and procedures for improving the management of Microsoft® Windows Server™ 2003 Dynamic Host Configuration Protocol (DHCP) service in an information technology (IT) infrastructure.

Intended AudienceThis material should be useful for anyone planning to deploy this product into an existing IT infrastructure, especially one based on the IT Infrastructure Library (ITIL)—a comprehensive set of best practices for IT service management—and Microsoft Operations Framework (MOF). It is aimed primarily at two main groups: IT managers and IT support staff (including analysts and service-desk specialists).

How to Use This GuideThis guide is divided into six chapters. The first chapter provides basic background information. The second chapter provides a high-level checklist of the tasks required for maintaining this product. The third chapter takes a more detailed look at the tasks described in the maintenance chapter. The fourth chapter organizes tasks by the MOF role cluster responsible for each task. The fifth chapter provides information about common troubleshooting techniques for the Windows Server 2003 DHCP service. The sixth chapter contains an appendix with information about DHCP log events and system monitoring.

The guide may be read as a single volume, including the detailed maintenance and troubleshooting sections. Reading the document this way will provide the necessary context so that later material can be understood more readily. However, some people will prefer to use the document as a reference, only looking up information as they need it.

BackgroundThis guide is based on Microsoft Solutions for Management (MSM). MSM provides a combination of best practices, best-practice implementation services, and best-practice automation, all of which help customers achieve operational excellence as demonstrated by high quality of service, industry reliability, availability, and security, and low total cost of ownership (TCO).

These MSM best practices are based on MOF, a structured, yet flexible approach based on ITIL. MOF includes guidelines on how to plan, deploy, and maintain IT operational processes in support of mission-critical service solutions.

Central to MOF—and to understanding the structure of this guide—are the MOF Process and Team models. The Process Model and its underlying service management functions (SMFs) are the foundation for the process-based approach that this guide recommends for maintaining a product. The Team Model and its role clusters offer guidance for ensuring the proper people are assigned to operational roles.

Figure 1 shows the MOF Process Model combined with the SMFs that make up each quadrant of the Process Model.

Figure 1MOF Process Model and SMFs

DHCP Service Product Operations Guide 3

Figure 2 shows the MOF Team Model, along with some of the many functional roles or function teams that might exist in service management organizations. These roles and function teams are shown mapped to the MOF role cluster to which they would likely belong.

Figure 2MOF Team Model and examples of functional roles or teams

Security

Release

Infrastructure

Support

Operations

Partner

Change management Release/systems engineering Configuration control/asset

management Software distribution/licensing Quality assurance

Messaging operations Database operations Network administration Monitoring/metrics Availability management

Intellectual property protection Network and system security Intrusion detection Virus protection Audit and compliance admin Contingency planning

Maintenance vendors Environment support Managed services, outsourcers,

trading partners Software/hardware suppliers

Enterprise architecture Infrastructure engineering Capacity management Cost/IT budget management Resource and long-range

planning

Service desk/help desk Production/production support Problem management Service level management

4 Managing the Windows Server Platform

The MOF Team Model is built on six quality goals, which are described and matched with the applicable team role cluster in Table 1.

Table 1. MOF Team Model Quality Goals and Role Clusters

Quality goal Team role cluster

Effective release and change management. Accurate inventory tracking of all IT services and systems.

Release

Management of physical environments and infrastructure tools.

Infrastructure

Quality customer support and a service culture.

Support

Predictable, repeatable, and automated system management.

Operations

Mutually beneficial relationships with service and supply partners.

Partner

Protected corporate assets, controlled authorization, and proactive security planning.

Security

Further information about MSM and MOF is available at http://www.microsoft.com/msm, or search for the topic on TechNet at http://www.microsoft.com/technet/default.asp. You can also contact your local Microsoft or partner representative.

http://www.microsoft.com/technet/default.asp

http://www.microsoft.com/msm

2High-Level Tasks for Maintaining Windows Server 2003 DHCP Services

OverviewEvery company consists of employees (people), activities that those employees perform (processes), and tools that help them perform those activities (technology). No matter what the business, it most likely consists of people, processes, and technology working together to achieve a common goal. The following table illustrates this point.

Table 2. Examples of People, Process, and Technology Working Together

Area People Process Technology

Auto repair industry

Mechanic Repair manual Socket set

Software development industry

Programmer Project plan Compiler; debugger

IT operations IT technician Microsoft Operations Framework

Windows Server 2003 DHCP Service

Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard that reduces the complexity and administrative overhead of managing network client IP address configuration. Microsoft Windows 2003 Server provides the DHCP service, which enables a computer to function as a DHCP server and configure DHCP-enabled client computers on your network. DHCP runs on a server computer, enabling the automatic, centralized management of IP addresses and other TCP/IP configuration settings for your network’s client computers. The Microsoft DHCP service also provides integration with the Microsoft Active Directory® directory service and Domain Name System (DNS) service, enhanced monitoring and statistical reporting for DHCP servers, vendor-specific options and

user-class support, multicast address allocation, and rogue DHCP server detection.

DHCP simplifies the administrative management of IP address configuration by automating address configuration for network clients. The DHCP standard provides for the use of DHCP servers, which are defined as any computer running the DHCP service. The DHCP server automatically allocates IP addresses and related TCP/IP configuration settings to DHCP-enabled clients on the network.

Technology RequiredThe following table lists the tools or technologies used in the procedures described in this guide. All tools should be accessed from a Windows Server 2003 server console, except in those cases where a link is provided.

Table 3. DHCP Service Tools or Technologies

Required technology

Description Location

Disk Defragmenter

Tool used to analyze volumes for fragmentation and perform defragmentation.

Start>All Programs>Accessories>System Tools>Disk Defragmenter

Backup Tool used to perform backup and restore operations.

Start>All Programs>Accessories>System Tools>Backup

Srvinfo.exe Tool used to gather system information from servers.

Windows Server 2003 Resource Kit

Windows® Management Instrumentation (WMI)

Provides for management capabilities. In this POG, specifically, it is used within Microsoft Visual Basic® Scripting Edition (VBScript).

DHCP Manager

Centralized management and monitoring tools used for modifying DHCP parameters. This can be found either in Administrative Tools after initial install of the DHCP service or via Adminpak.msi.

%systemroot%system32\ dhcpmgmt.msc


Required technology


Event Viewer Provides logs for transactional reactive review of system and service events. This technology is automatically installed with Windows Server 2003.

Start>Control Panel> Administrative Tools>Event Viewer

Or to open Event Viewer using the command line:

Start>Run. In the Open box, type eventvwr.msc, and then click OK.

System Monitor (formerly called Performance Monitor)

Provides detailed performance information on key metrics used to troubleshoot bottlenecks and degradation. It is automatically installed with Windows Server 2003.

Start>Control Panel> Administrative Tools> Performance

Or to open System Monitor using the command line:

Start>Run. In the Open box, type perfmon, and then click OK.

Task Manager Offers an immediate view of system activity and performance. This technology is automatically installed with Windows Server 2003.

Right-click an empty space on the taskbar, and then click Task Manager.

Service Control (SC.exe)

Allows for general management of Windows services, including startup, shutdown, and status.

%systemroot%\system32\ sc.exe

Netsh

(Netsh.exe)

Manages network services and configuration objects.

%systemroot%\system32\netsh.exe

Or to open Netsh using the command line:

Start>Run. In the Open box, type netsh, and then click OK.


Required technology


Windows Server 2003 Resource Kit Tools

Provides operations tools, scripts, and shortcuts to add and automate administrative functionality for Windows Server 2003. This kit is a separate installable package.

http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en, or search for “Windows Server 2003 Resource Kit Tools” at http://www.microsoft.com.

Microsoft Word, Excel, and Access XP

Full-featured Microsoft Office desktop applications that can be used to create the reports and manage the data sets listed in this product operations guide.

Microsoft Word, Excel, and Access can be found either as stand-alone products or as parts of Microsoft Office XP.

Microsoft SQL Server™ (optional)

Can be used to manage enterprise-level volumes of management log, performance, and configuration data.

http://www.microsoft.com/sql/



http://www.microsoft.com/

http://www.microsoft.com/

http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en




Maintenance Processes ChecklistThe following checklists provide a quick reference for those product maintenance processes that need to be performed on a regular basis. These process lists are a summary of the processes described in subsequent sections of this guide. They are limited to those processes required for maintaining the product.

Operating QuadrantThe processes for this section are based on the service management function (SMF) guides that make up the MOF Operating Quadrant. For more information on the MOF Process Model and the SMFs, see http://www.microsoft.com/msm and http://www.microsoft.com/mof.

Storage Management SMF

Daily Processes

Process Name Related SMFs MOF Role Cluster

Data backup, restore, and recovery operations

Operations

Weekly Processes


Storage resource management

Infrastructure

Monthly Processes


There are no monthly processes for this SMF.

As-Needed Processes


Data backup, restore, and recovery operations

Support

http://www.microsoft.com/mof



Service Monitoring and Control SMF

Daily Processes


Perform monitoring Infrastructure

Weekly Processes


There are no weekly processes for this SMF.

Monthly Processes



As-Needed Processes


There are no as-needed processes for this SMF.


Supporting QuadrantThe processes for this section are based on the SMF guides that make up the MOF Supporting Quadrant.

Incident Management SMF

Daily Processes


Classification and initial support

Support

Investigation and diagnosis

Support

Weekly Processes


Investigation and diagnosis

Support

Monthly Processes



As-Needed Processes




Problem Management SMF

Daily Processes


Proactive analysis and review

Operations

Weekly Processes



Monthly Processes



As-Needed Processes




Optimizing QuadrantThe tasks for this section are based on the SMF guides that make up the MOF Optimizing Quadrant.

Capacity Management SMF

Daily Processes


There are no daily processes for this SMF.

Weekly Processes



Monthly Processes


Managing resource and service performance

Infrastructure

As-Needed Processes




Changing QuadrantThe processes for this section are based on the SMF guides that make up the MOF Changing Quadrant.

Change Management SMF

Daily Processes


Change classification Infrastructure

Weekly Processes



Monthly Processes



As-Needed Processes




Configuration Management SMF

Daily Processes

Process Name Related SMF MOF Role Cluster

There are no daily processes for this SMF.

Weekly Processes



Monthly Processes


Review configuration items

Infrastructure

As-Needed Processes



3Detailed Maintenance Actions

OverviewThis chapter provides detailed information about the processes that must be performed in order to maintain Windows Server 2003 DHCP services. These processes are arranged according to the MOF quadrant to which they belong and, within each quadrant, by the MOF SMF guides that make up that quadrant.

Those quadrants are:

● Operating

● Supporting

● Optimizing

● Changing

For more information about the MOF Process Model and the MOF SMF guides that make up each quadrant of the model, see http://www.microsoft.com/msm. For more information about the MOF Team Model and team role clusters, see http://www.microsoft.com/mof.

http://www.microsoft.com/mof


Operating Quadrant


Operations Role Cluster

As Needed

Process: Data backup, restore, and recovery operations

Description

Storing, restoring, and recovering data are key storage management activities for maintaining company data. Data should be classified by type, and a strategy should be developed to ensure that operations fulfill business requirements and service level objectives.

Task: Pull configuration, transaction logs, and database to external storagePurpose

The intent of these backups is to provide an externally stored restore source that can be readily accessed in the event of local database corruption.

By default, Windows Server 2003 creates a backup of the DHCP database and transaction logs every 60 minutes, and a “backup on shutdown” option may also be enabled on all DHCP servers. These two features create a backup copy of the Dhcp.mdb database, the transaction J*.log files, and the registry configuration in DhcpCfg.

In the event of a failure, the order of restore from backup should be the latest 60-minute backup, then the daily backup on external storage, and—worst case—the weekly full system. The backups created by each option cannot simply be restored on any host; they require a machine with an identical configuration to the backup source.

The following are three options to achieve this intent.


Procedure Option 1: Manual backup to tape or external locally-attached storage (ShadowCopy) using NTBackup1. From a Windows Server 2003 with access to a tape device, on the

Start menu, click Run, type ntbackup.exe and click OK.

2. If Backup or Restore Wizard window is shown, click Advanced Mode.

3. Click Backup Wizard (for advanced).

4. Select Back up selected files, drives, or network data and click Next.

5. Choose the DHCP backup directory, such as the default “C:%systemroot%\System32\dhcp\backup” if local, or “\\hostname\ADMIN$\System32\dhcp\backup” if remote (appropriate administrative rights are required), and click Next.

6. Select an appropriate backup destination, such as a storage area network (SAN) connected tape drive, or choose a directory by clicking Browse. Selecting a directory will enable a ShadowCopy backup of the directory into a file.

7. Type in a name for the backup and click Next.

8. Make sure the appropriate media is loaded or the target directory is accessible, and click Finish.

Procedure Option 2: Scriptable manual copy to remote server directory

Make sure a share with restricted access has been created for the DHCP server’s backup directory. To create a share with restricted access to the DHCP backup directory on the Windows Server 2003 DHCP server, follow these steps:

Using Server Management:

1. Click Start, then All Programs, then Administrative Tools, and click Server Management.

2. Connect to the specific remote Windows Server 2003 DHCP server and create a new share specifying the DHCP backup directory, such as the default “C:\Windows\System32\dhcp\backup.” Make sure the share is read-only, and customize permissions to only the group or user responsible for backup and maintenance of the DHCP server.


Using Command Line:

1. On the Start menu, click All Programs, then click Accessories, then click Communications, and then click Remote Desktop Connection.

2. Connect to the specific remote Windows Server 2003 DHCP server. On the remote system Start menu, click Run, and type cmd

3. Run the command on the Windows Server 2003 DHCP server: net share dhcpbackup=%systemroot%\system32\dhcp\backup /grant:username,read /users:1 /cache:none

4. Execute the following command lines on an administrative client with access to the DHCP server and repository:

net use \\DHCP_Server_hostname\dhcpbackup

net use \\Repository_hostname\sharename

xcopy \\DHCP_Server_hostname\dhcpbackup

\\Repository_hostname\sharename /I /V /E /H /K /X /Y

net use \\DHCP_Server_hostname\dhcpbackup /delete

net use \\Repository_hostname\sharename /delete

Procedure Option 3: Create an up-to-the-minute manual backup of the DHCP database on the local system1. On the Start menu, click Run and type:

%SystemRoot%\system32\dhcpmgmt.msc /s

2. In the console tree, click the applicable DHCP server.

3. On the Action menu, click Backup.

4. In the Browse for Folder dialog box, choose a local drive for the DHCP database backup folder.

5. Verify that the backup location is on a different volume or drive than DHCP’s automated backup set. (This defaults to C:\windows\system32\dhcp\backup.)

6. Click OK.


Procedure Option 4: Create an up-to-the-minute manual extract of the DHCP server’s DHCP service configuration 1. On the Start menu, click Run. Type cmd and click OK.

2. Type the netsh command:Netsh DHCP Server \\<servername> > dhcpsvr-MMDDYYYY.dump

3. Replace MM with the month, DD with the date, and YYYY with the year.

4. Store this dump file remotely, in a similar fashion to the command line section of the previously listed procedure option 2. Additionally, this dump file can also be used to build and deploy DHCP servers.

Dependencies

None

Technology Required

Base DHCP Windows Server 2003

Netch.exe


Task: Verify previous day's backup jobPurpose

The purpose of this process is to give guidance on how to verify the integrity of the daily scheduled backup job. Regardless of the utility used to provide backup service to the DHCP server, the operations team should verify each backup job after its completion. This verification allows the operations team to resolve issues with backups that may put the organization at risk of data loss.

Procedure 1: Verify the backup job is completed

You can use Event Viewer to verify whether a backup job started or completed, and if there were errors encountered during the backup operation.

1. Start Event Viewer.

2. Right-click Application Log, select Properties, highlight View, and select Filter.

3. In Event Source, click the drop-down menu, select NTBackup, and click OK.

5. Search for the following events:

● Event 8000: This event signals the start of a backup on a volume. You should receive this event for each volume in the backup job.

● Event 8001: This event signals the end of a backup on a volume. You should receive n - 1 of this event for a backup job, where n is equal to the number of volumes in the backup job. When a volume has backed up successfully, Event 8001 will be logged as an informational event. When errors are encountered backing up a volume, the 8001 event will be logged as an error event.

● Event 8019: This event signals the end of the backup operation. You should receive one 8019 event per backup job.


Procedure 2: Review the backup log

Backup logs can be vital to troubleshooting and recording status of the backup operation. The default setting in Windows Server 2003 is for backup logs to contain summary information—for example, loading a tape, starting the backup, files backed up, bytes backed up, or failing to open a file. Some operations environments require more detailed information, such as which files are being backed up for a particular backup job.

For more detailed logging in the backup logs

1. Start the Backup utility.

2. On the Tools menu, click Options.

3. In the Options window, click the Backup Log tab, select Detailed, and click OK. Backup logs will now contain detailed information regarding the backup operations.

To review the backup log

1. Start the Backup utility.

2. On the Tools menu, click Reports.

3. In the Backup Report dialog box, select the previous night’s backup report, and click View.

Procedure 3: Report problems in backup to incident management

Use the incident management process to record one of the following conditions in your environment. This procedure gives guidance on some of the steps that should be followed when filling out the incident management report.

● Event 8000 is not logged in the application log. When this occurs, the DHCP server is at risk of data loss. Verify the backup job has not been deleted. Review the start time for the job to verify it has not been modified.

● Event 8000 is not logged for all volumes on the server. When this occurs, a volume is at risk of data loss. Review the backup configuration for the backup job to see if the volume has been removed from the backup job. Check the change management database to see if the volume has been removed from the backup job.

● Event 8001 is logged as a warning event in the application log. Review the backup log by searching for the “Warning:” string in the body of the log. Record what the warning is and the reason for the warning.

● Event 8019 is not logged in the application log. This means the backup job is still running. Review the application log and record the last volume to trigger a successful 8001 informational event. Record the last volume to trigger an 8000 event.


Dependencies

● Backup jobs are logged to disk.

● Incident management process.

Technology Required

● Backup utility

● Third-party backup software

Task: Verify restorePurpose

When restoring the DHCP server, it is important to verify the successful completion of the restoration task. If the restoration is not verified before users are directed to the restored location, users might question the integrity of the backup/restore process.

Procedure 1: Verify restore configuration tasks1. Start the Backup utility.

2. On the Tools menu, select Reports.

3. In the Backup Reports window, select the report that contains the Restore Job, and click View.

4. Search the log for the “Operation: Restore” string.

5. Verify that the restore location and restore files are in the location specified in the initial restore request.

6. Use Windows Explorer to navigate to the location of the restore and verify that the data exists.

Dependencies

Scheduled backups are being performed.

Technology Required

Backup utility


Operating Quadrant



Weekly

Process: Storage resource managementDescription

Storage resource management (SRM) is a key storage management activity focused on ensuring that important storage devices, such as disks, are formatted and installed with appropriate DHCP systems. In addition, SRM includes using management technologies to monitor storage resources to ensure that they meet availability, capacity, and performance requirements.

Task: Monitor disk space for DHCP logs and database

Purpose

This task ensures that the DHCP logging facility will have sufficient space to create new log entries and that the DHCP database can grow as appropriate.

Procedure 1: Monitor disk usage and availability via GUI

Windows Server 2003 DHCP server performs disk checks at regular intervals to ensure the ongoing availability of server disk space and to ensure that the current audit log file does not become too large or that log file growth is not occurring too rapidly.

The DHCP server performs a full disk check whenever either of the following conditions occurs:

● A set number of events are logged.

● The date changes on the server computer.

Each time a disk check is completed, the DHCP service checks to see if the server disk space is full. If the disk is full, the DHCP server closes the current file and ignores further requests to log audit events either until midnight or until disk status is improved and the disk is no longer full.

Regularly review the available space on the system partition of the DHCP server. If disk space is less than 20 MB, the DHCP server will log an entry and then close the audit log until disk space is made.

1. On the Start menu, click Run, and type explorer

2. In the left tree view, browse to the drive where the DHCP logs and databases are stored.

3. Right-click the drive, and select Properties.


Procedure 2: Monitor disk usage and availability via WMI script

The script below illustrates the displaying of resource information similar to Procedure 1 above. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise management package.

1. Copy and paste the script to Notepad.exe and save to a file such as “DhcpChkSpace.vbs.”

2. Run the script by typing the following command:cscript //nologo DHCPChkSpace.vbs

Script listing for multiple server checks:

rem – DHCP Check Disk Space for Log and DB Drive ---------------------

On Error Resume Next

rem ---------------------------------------------------------------------------------rem -- List all DHCP Servers in the strDHCPServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- strDHCPServer=array("dhcpsvr01","dchpsvr02","192.168.23.21")rem -- arrDHCPSvr = array( ".","dhcpsvr01")rem ---------------------------------------------------------------------------------

For Each strComputer in arrDHCPsvr

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalDisk",,48)For Each objItem in colItems Wscript.Echo "DeviceID: " & objItem.DeviceID Wscript.Echo "FreeSpace: " & objItem.FreeSpace Wscript.Echo "VolumeName: " & objItem.VolumeNameNextNextrem – END OF SCRIPT --


Script listing for single server with specific drive check:

rem – DHCP Check Disk Space for Log and DB Drive ----------------


rem – Replace “.” with the DHCP server’s hostname or IP.strComputer="."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

rem – Replace ‘c:’ with the DHCP server’s appropriate log and db driverem --Set colItems = objWMIService.Get("Win32_LogicalDisk.DeviceID='c:'")

Wscript.Echo "DeviceID: " & colItems.DeviceID Wscript.Echo "FreeSpace: " & colItems.FreeSpace Wscript.Echo "VolumeName: " & colItems.VolumeNamerem – END OF SCRIPT --

Dependencies

None

Technology Required

● Base DHCP Windows Server 2003

● Windows Management Instrumentation (WMI) infrastructure

● Windows Script Host


Operating Quadrant

Service Monitoring and Control SMF

Infrastructure Role Cluster

Daily

Process: Perform monitoringDescription

The purpose of service monitoring and control is to observe the end-to-end health of IT services in order to detect and prevent service exceptions and to gather data used by other SMFs to optimize IT services. The perform monitoring process continuously monitors the IT infrastructure and components that deliver the end-to-end service.

The tasks included in this process use comma-delimited files for storing data as a base reference. For larger environments including 10 or more servers, administrators should use Microsoft SQL Server or Microsoft Operations Manager (MOM) as an effective centralized repository for events.

Task: Capture service performance statistics

Purpose

The following activity captures empirical data on DHCP service performance. This data, which is collected daily (or multiple times a day) will be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for service level agreement (SLA) compliance. Service performance statistics are different from system performance in that they measure the characteristics of the DHCP service, not the underlying infrastructure, such as disk, memory, or processor.


Procedure 1: Configure DHCP performance logging using performance logs and alerts console1. On the Start menu, click Run, and type perfmon.msc

2. In the left tree view, expand the Performance Logs and Alerts branch, and click Counter Logs. The right pane will display all log settings.

3. Right-click Counter Logs, and select New Log Settings.

4. Enter a name such as “DHCP Service Performance” and click OK.

5. Click the Add Objects button, which brings up the Add Objects dialog box.

6. Click the Select Counter objects from computer radio button, and select or enter the appropriate DHCP server in the pull-down box.

7. In the Performance objects: selector, click DHCP Server, click Add, and then click Close. A new counter should be added to the DHCP Service Performance window.

8. In the Sample data every: area, specify an appropriate interval, such as 10 minutes.

9. Select the Log Files tab on this window.

10.In Log file type: select Text File (Comma delimited), and click Configure.

11.Specify the appropriate location for the log file. Ideally, this should be a remote directory from a reliable file server with ample disk space to store three to five months' worth of DHCP service performance logs.

12.In the File name: enter an appropriate name, such as “DhcpSvcPerf” and verify that the log file size is set to Maximum limit. Click OK.

13.Enable End File names with: and select [yyyymmdd] in the pull-down selector.

14.Add an appropriate comment, such as “DHCP Service Perf Log v1.”

15.Click Apply, and then OK.

Procedure 2: Capture DHCP performance logging via custom WMI VBScript 1. Right-click the newly created counter log from Procedure 1, and

select Start.

2. Copy and paste the script below to Notepad.exe and save to a file such as “DhcpServicePerf.vbs.” The script illustrates the collection of performance information similar to Procedure 1 above. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack.

3. Run the script by typing the following command:cscript //nologo DHCPServicePerf.vbs


Script Listing:rem – DHCP Service Performance Basic Collector ---------------------


rem ---------------------------------------------------------------------------------rem -- List all DHCP Servers in the strDHCPServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- strDHCPServer=array("dhcpsvr01","dchpsvr02","192.168.23.21")rem --

arrDHCPSvr = array( ".","dhcpsvr01")

rem ---------------------------------------------------------------------------------

For Each strComputer in arrDHCPsvr

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_DHCPServer_DHCPServer",,48)For Each objItem in colItemsrem -- Timing Objects--------------------------------------------- Wscript.Echo "Name: " & objItem.Name Wscript.Echo "Timestamp_Object: " & objItem.Timestamp_Object Wscript.Echo "Timestamp_PerfTime: " & objItem.Timestamp_PerfTime Wscript.Echo "Timestamp_Sys100NS: " & objItem.Timestamp_Sys100NS

rem --Log Events Similar to What is Captured in Performance Logs and Alerts Console ------- Wscript.Echo "AcksPersec: " & objItem.AcksPersec Wscript.Echo "ActiveQueueLength: " & objItem.ActiveQueueLength Wscript.Echo "ConflictCheckQueueLength: " & objItem.ConflictCheckQueueLength Wscript.Echo "DeclinesPersec: " & objItem.DeclinesPersec Wscript.Echo "DiscoversPersec: " & objItem.DiscoversPersec Wscript.Echo "DuplicatesDroppedPersec: " & objItem.DuplicatesDroppedPersec Wscript.Echo "InformsPersec: " & objItem.InformsPersec Wscript.Echo "MillisecondsperpacketAvg: " & objItem.MillisecondsperpacketAvg Wscript.Echo "NacksPersec: " & objItem.NacksPersec Wscript.Echo "OffersPersec: " & objItem.OffersPersec Wscript.Echo "RequestsPersec: " & objItem.RequestsPersec

rem --Additional Events ------- Wscript.Echo "Frequency_Object: " & objItem.Frequency_Object Wscript.Echo "Frequency_PerfTime: " & objItem.Frequency_PerfTime Wscript.Echo "Frequency_Sys100NS: " & objItem.Frequency_Sys100NS Wscript.Echo "PacketsExpiredPersec: " & objItem.PacketsExpiredPersec Wscript.Echo "PacketsReceivedPersec: " & objItem.PacketsReceivedPersec Wscript.Echo "ReleasesPersec: " & objItem.ReleasesPersec

Next

Nextrem – END OF SCRIPT --


4. To format the script similar to the PerfMon format:

a. At the top of the script add the following lines:m=Month(Now)d=Day(Now)s=Second(Now)If (m<10) Then m="0" & mEnd IfIf (d<10) Then d="0" & dEnd IfIf (s<10) Thens="0" & sEnd IfstrFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) & ":" & Minute(Now) & ":" & s & ".000" & chr(34)

b. After the line “For Each objItem in colItems” all the way to “Next” are the output commands to echo the results to screen. Select the objects you would like to log and replace the “Wscript.Echo …” lines with one concatenated and formatted output including formatting such as “ (quotes) represented by chr(34) and , (commas).

For example, to create a PerfMon-style output for DHCP Nacks/sec, Offers/sec, and Requests/sec, the result would be:…For Each objItem in colItemsWscript.Echo strFormattedDate & “,” & chr(34) & objItem.NacksPersec & chr(34) & “,” & chr(34) & objItem.OffersPersec & chr(34) & “,” & chr(34) & objItem.RequestsPersec & chr(34)Next…

Dependencies

None

Technology Required


● WMI infrastructure



Task: Capture DHCP services scope usage statisticsPurpose

The following activity captures empirical data on DHCP service utilization. This data, which is collected daily (or multiple times a day) should be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for SLA/OLA compliance. Service utilization statistics are different from system performance in that they measure the usage characteristics of the DHCP service, not the underlying infrastructure such as disk, memory, or processor.

Procedure Option 1: Capture DHCP services scope usage statistics using DHCP management console

This collection should be performed on a consistent schedule, during key times of the day such as 08:00, 12:00, and 17:00. The information should be recorded in a log file with the date appended to the name, such as “DHCPScopeStats_200305.csv” (indicates a comma-separated log for the month of May 2003).

1. Start the DHCP management console by clicking the Start menu, then click Run and type dhcpmgmt.msc. Click OK.

2. If the appropriate DHCP server is not listed on the tree view on the left:

a. Right-click DHCP (the first item), and select Add Server.

b. Enter the hostname for the appropriate DHCP server or select from the authorized list and click OK.

3. Double-click the appropriate DHCP server on the tree view in the left pane.

4. Click [+] to expand Superscopes (if any) and select the scope from which to collect statistics.

5. Right-click the scope, and select Display Statistics.

6. Open the month’s csv log using WordPad and manually record the data as follows:

“DATE TIME”,”DHCPServer Name”,”Scope IP”,”Total Addresses”,”IPs in Use”,“IPs Available”

For example:

05/24/2003 16:58:00.000,sea_dhcpsvr01,192.168.12.0,200,140,60

05/24/2003 16:59:00.000,sea_dhcpsvr02,192.168.13.0,200,10,190


Procedure Option 2: Capture DHCP services scope usage statistics using Netsh command line utility

This collection should be performed on a consistent schedule, during key times of the day, such as 08:00, 12:00, and 17:00. The information should be recorded in a log file with the date appended to the name, such as “DHCPScopeStats_200305.csv” (indicates a comma separated log for the month of May 2003). Enterprise environments with many DHCP servers can adopt this option into a parsing script feeding a SQL Server database.

1. Open a command shell by clicking the Start menu. Click Run, type cmd and click OK.

2. Type the netsh command:Netsh DHCP Server \\<servername> show mibinfo where you replace <servername> with the name of an authorized DHCP server.

3. Open the month’s csv log using WordPad and manually record the data as follows:

“DATE TIME”,”DHCPServer Name”,”Scope IP”,”Total Addresses”,”IPs in Use”, “IPs Available”

For example:

05/24/2003 16:58:00.000,sea_dhcpsvr01,192.168.12.0,200,140,60

05/24/2003 16:59:00.000,sea_dhcpsvr02,192.168.13.0,200,10,190

Dependencies

None

Technology Required


Task: Capture DHCP server system load and utilization statisticsPurpose

The following activity captures empirical data on the DHCP server. This data, which is collected daily (or multiple times a day) should be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for SLA/OLA compliance. Server utilization statistics are different from service metrics in that they measure the usage characteristics of the underlying infrastructure of the DHCP server system, such as disk, memory, or processor, and not necessarily the DHCP service itself.


Procedure 1: Configure DHCP server system load and utilization logging using performance logs and alerts console

This procedure configures the Windows Server 2003 logging facility to collect DHCP server system load and utilization information. Although listed as a daily schedule, this procedure needs to be executed only once, since the logging facility is automated and will continue to collect until stopped.

1. On the Start menu, click Run and type perfmon.msc

2. In the left tree view, expand the Performance Logs and Alerts branch, and click Counter Logs. The pane on the right will display all log settings.

3. Right-click Counter Logs, and select New Log Settings.

4. Enter a name, such as “DHCP Server Load and Util” and click OK.

5. Click the Add Counter button; this will bring up the Add Counter dialog box.

6. In the Select counters from computer: pull-down box, verify that the DHCP server is listed.

7. Verify that the Select counters from list: radio button is selected.

8. In the Performance Object pull-down menu, select Logical Disk.

9. Click Free Megabytes from the counters, and choose the appropriate drive where the DHCP database is housed. The default for DHCP is “C:”

10.Click Add.

11.Verify that the new counter was added to the logging.(The Add Counters window may be blocking the previous DHCP Server Load and Util window.)

12.In the Performance Object pull-down menu, select Logical Disk.

13.Click %Free Space from the counters, and choose the appropriate drive where the DHCP database is housed. Default for DHCP is “C:”

14.Click Add.


16.In the Performance Object pull-down menu, select Logical Disk.

17.Click %Disk Time from the counters, and choose the appropriate drive where the DHCP database is housed. The default for DHCP is “C:”

18.Click Add.


20.In the Performance Object pull-down menu, select Physical Disk.


21.Click Disk Reads/sec from the counters, and choose the appropriate drive where the DHCP database is housed. The default for DHCP is “C:”

22.Click Add.


24.In the Performance Object pull-down menu, select Physical Disk.

25.Click Disk Writes/sec from the counters, and choose the appropriate drive where the DHCP database is housed. The default for DHCP is “C:”

26.Click Add.


28.In the Performance Object pull-down menu, select Memory.

29.Click Available MBytes from the counters, and click Add.


40.In the Performance Object pull-down menu, select Memory.

41.Click Page Faults/sec from the counters, and click Add.


43.In the Performance Object pull-down menu, select Paging File.

44.Click %Usage from the counters, and choose _Total on Select instances from list.

45.Click Add.


47.In the Performance Object pull-down menu, select Processor.

48.Click %DPC Time from the counters, and choose _Total on Select instances from list.

49.Click Add.




52.Click %Processor Time from the counters, and choose _Total on Select instances from list.

53.Click Add.



56.Click Interrupts/sec from the counters, and choose _Total on Select instances from list.

57.Click Add.



60.Click Interrupts/sec from the counters, and choose _Total on Select instances from list.

61.Click Add.


63.In the Performance Object pull-down menu, select Server.

64.Click Bytes Total/sec from the counters, and click Add.


66.In the Performance Object pull-down menu, select Server.

67.Click Work Item Shortages from the counters, and click Add.


69.In the Performance Object pull-down menu, select System.

70.Click Context Switches/sec, and click Add.




73.Click Processor Queue Length, and click Add.



76.Click System Up Time, and click Add.


78.In the Sample data every: area, specify an appropriate interval, such as 10 minutes.

79.Select the Log Files tab on this window.

80.In Log file type: select Text File (Comma delimited), and click Configure.

81.Specify the appropriate location for the log file. Ideally, this should be a remote directory from a reliable file server with ample disk space to store three to five months' worth of DHCP server system load and utility logs.

82.In the File name: enter an appropriate name such as “DHCPSysUtil” and verify that the log file size is set to Maximum limit. Click OK.

83.Enable End File names with: and select [yyyymmdd] in the pull-down selector.

84.Add an appropriate comment, such as “DHCP System Perf and Util Log v1.”

85.Click Apply, and then click OK.

Procedure 2: Enable DHCP server system load and utilization logging using performance logs and alerts console 1. Right-click the newly created Counter Log from Procedure 1, and

select Start.

2. Copy and paste the script below to Notepad.exe and save to a file such as “DHCPSysUtil.vbs.” The script illustrates the collection of server system load and utilization information similar to Procedure 1 above. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack.


3. Run the script by typing the following command:cscript //nologo DHCPSysUtil.vbs

Script listing:rem – DHCP Server System Load and Utilization Basic Collector ---------------------


rem ---------------------------------------------------------------------------------rem -- List all DHCP Servers in the strDHCPServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- strDHCPServer=array("dhcpsvr01","dchpsvr02","192.168.23.21")rem --

arrDHCPSvr = array( ".","dhcpsvr01")

rem ---------------------------------------------------------------------------------For Each strComputer in arrDHCPsvr

Wscript.Echo “—“ & strComputer & “------------------------------“

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfDisk_LogicalDisk",,48)For Each objItem in colItemsWscript.Echo "CurrentDiskQueueLength: " & objItem.CurrentDiskQueueLengthWscript.Echo "DiskReadsPersec: " & objItem.DiskReadsPersecWscript.Echo "DiskWritesPersec: " & objItem.DiskWritesPersecWscript.Echo "FreeMegabytes: " & objItem.FreeMegabytesWscript.Echo "PercentDiskTime: " & objItem.PercentDiskTimeWscript.Echo "PercentFreeSpace: " & objItem.PercentFreeSpaceNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfOS_Memory",,48)For Each objItem in colItemsWscript.Echo "AvailableMBytes: " & objItem.AvailableMBytesWscript.Echo "PageFaultsPersec: " & objItem.PageFaultsPersecNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfOS_PagingFile",,48)For Each objItem in colItemsWscript.Echo "PercentUsage: " & objItem.PercentUsageNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfOS_Processor",,48)For Each objItem in colItemsWscript.Echo "InterruptsPersec: " & objItem.InterruptsPersecWscript.Echo "PercentDPCTime: " & objItem.PercentDPCTimeWscript.Echo "PercentProcessorTime: " & objItem.PercentProcessorTimeNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfNet_Server",,48)For Each objItem in colItemsWscript.Echo "BytesTotalPersec: " & objItem.BytesTotalPersecWscript.Echo "WorkItemShortages: " & objItem.WorkItemShortagesNext

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")


Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfNet_ServerWorkQueues",,48)For Each objItem in colItemsWscript.Echo "QueueLength: " & objItem.QueueLengthNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfRawData_PerfOS_System",,48)For Each objItem in colItemsWscript.Echo "ContextSwitchesPersec: " & objItem.ContextSwitchesPersecWscript.Echo "ProcessorQueueLength: " & objItem.ProcessorQueueLengthWscript.Echo "SystemUpTime: " & objItem.SystemUpTimeNextNextrem – END OF SCRIPT –

4. To format the script similar to the PerfMon format:

a. At the top of the script add the following lines:m=Month(Now)d=Day(Now)s=Second(Now)If (m<10) Then m="0" & mEnd IfIf (d<10) Then d="0" & dEnd IfIf (s<10) Thens="0" & sEnd IfstrFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) & ":" & Minute(Now) & ":" & s & ".000" & chr(34)

b. After the line “For Each objItem in colItems” all the way to “Next” are the output commands to echo the results to the screen. Select the objects you would like to log, and replace the “Wscript.Echo …” lines with one concatenated and formatted output including formatting such as “ (quotes) represented by chr(34) and , (commas).For example, to create a PerfMon-style output for DHCP Nacks/sec, Offers/sec, and Requests/sec, the result would be:…For Each objItem in colItemsWscript.Echo strFormattedDate & “,” & chr(34) & objItem.NacksPersec & chr(34) & “,” & chr(34) & objItem.OffersPersec & chr(34) & “,” & chr(34) & objItem.RequestsPersec & chr(34)Next…


c. Because multiple queries are required to fetch information from different criteria (such as Memory, Disk, Processor), this sample script shows multiple “For Each” loops. In order to capture all the various metrics into one PerfMon-style log line, the script may require additional tuning, such as assigning the result into a variable and printing the final line at the end. For example:

…For Each obj Item in colItems

valNetwk01= chr(34) & objItem.NacksPersec & chr(34)valNetwk02= chr(34) & objItem.OffersPersec & chr(34)

…Next

…For Each obj Item in colItems

valSvc01= chr(34) & RequestsPersec & chr(34)…

Next…

Wscript.Echo strFormattedDate & “,” & valNetwk01 & “,” & valNetwk02 & “,” & valSvc01

Dependencies

None

Technology Required

● WMI infrastructure




Optimizing Quadrant

Capacity Management SMF


Monthly

Process: Managing resources and service performance

Description

Capacity management is concerned with optimized utilization of IT resources in order to achieve the level of performance agreed to with the client. These resources are supplied by supporting organizations to ensure the requirements of the business are met. The process of capacity management can be either reactive or proactive. Iterative activities, such as monitoring, analyzing, tuning, and reporting, are also important in the process of managing resources and service performance. The type of data for each differs. For example, the level of utilization of individual components in the infrastructure is of interest to management of IT resources, while the transaction throughput rates and response time are of interest in managing service performance.

Task: Create service performance and utilization reportPurpose

Report the performance of the service into data that can be used to support decision making.

Procedure 1: Calculate daily statistics 1. Import performance logs into Microsoft Excel.

2. Calculate the daily average for each counter collected in the log.

3. In a new worksheet, record the daily average of the counters for each day of the month.

4. Use Excel’s graphing feature to create visuals that illustrate trends in performance.

For clarity, it may be easier to calculate the daily statistics on a per performance object basis. You should also consider that these reports will feed into measuring of SLAs, operating level agreements (OLAs), and underpinning contracts (UCs).

Procedure 2: Store data and reports1. Store each month’s data in a single workbook for future reference.

2. Save the workbook to a file share on a file server that is under regular backup maintenance.

Dependencies

Performance logs being captured on the service. (See Process: Perform Monitoring)

Technology Required

Microsoft Excel or third-party spreadsheet application


Supporting Quadrant

Problem Management SMF


Daily

Process: Proactive analysis and reviewDescription

Proactive analysis activities are concerned with identifying and resolving problems and known errors before incidents occur, thus minimizing the adverse impact on the service and business as a whole. Following a major incident or a major problem, a review should be conducted of the events and actions that took place. This review provides a means of gathering useful data for future analysis and ensures that all important lessons are identified and recorded.

Task: Capture DHCP client-lease information logsPurpose

Using DHCP, almost any host with physical access to the network will get an IP address and other host configuration. This task captures the minimum key information to identify a client’s advertised hostname, assigned hostIP, and MAC address at the time of DHCP request, release, and renewal.

Procedure 1: Pull data from DhcpSrvLog via scriptable manual method1. Make sure that a secure and remotely accessible share is available to

store a week’s length of logs.

2. Mount the file share and copy the content:net use \\Repository_hostname\sharenamenet use \\DHCP_Server_hostname\dhcpdir(For “dhcpdir”, Make sure that dhcpdir is either a remotely accessible share or replace this with the local directory path (the default is c:\windows\system32\dhcp)findstr “Rlease Update Assign” \\DHCP_Server_hostname\dhcpdir\DHCPSrvLog-WED.log >> \\Repository_hostname\sharename\DHCP-Client_May2003.log(Replace “WED” with the current day of the week and replace May 2003 to the current month and year.)net use \\Repository_hostname\sharename /deletenet use \\DHCP_Server_hostname\dhcpdir /delete

Dependencies

None

Technology Required



Task: Monitor and resolve alerts indicating DHCP conflict (rogue detection and IP in use)Purpose

Detect and protect against unauthorized and illegal DHCP servers.

Procedure 1: Detect and identify DHCP servers that are not part of a known list

To detect rogue DHCP servers on a local subnet

1. On a client or server other than the DHCP server, open a command shell by clicking Start, then Run, typing cmd and clicking OK.

2. Enter the Dhcploc.exe utility command:dhcploc -p -a:"dhcpadmin” -i:360 16.23.23.4 “23.1.2.44 23.1.2.45”This will run the Dhcploc utility on the local interface having the IP 16.23.23.4. The tool will send a discovery packet, and DHCP servers that respond but do not have the IP address of 23.1.2.44 or 23.1.2.45 will trigger an alarm to Dhcpadmin user every three minutes (-i:360).

3. When Dhcploc is running, type d to discover.

Dependencies

None

Technology Required

● Dhcploc from the Windows Server 2003 \Support\Tools directory on the Windows Server 2003 Install CD


Task: Monitor key DHCP dependencies (Active Directory and network)Purpose

This task monitors key DHCP dependencies, including Active Directory® and network services. If this infrastructure becomes unavailable, DHCP is also adversely impacted.

Procedure 1: Monitor Active Directory services

Active Directory service monitoring can be found in the Active Directory Service Product Operations Guide.


Procedure 2: Monitor network infrastructure

Network infrastructure is typically managed using tools compatible with the infrastructure vendor—for example, CiscoWorks for Cisco-brand network infrastructure. SNMP v1-3 protocols are commonly used to monitor and tune these devices.

The netsh and pathping commands can be used for a quick check of connectivity to local DHCP servers.

1. Open a command session or construct a batch file script.

2. Run the Netsh tool by typing:netsh diag ping dhcp

3. Verify that the desired DHCP server is in the list and accessible within appropriate performance levels.

4. Run Pathping by typing:pathping dhcpserver_hostname

5. Verify that the specified DHCP server is accessible within appropriate performance and reliability levels, especially packet loss.

Dependencies

None

Technology Required

● Netsh and Pathping are included with Windows Server 2003 and Windows XP


Task: Monitor log for critical DHCP eventsPurpose

This task reviews DHCP service logs and event logging facilities within Windows Server 2003 to identify and correct any escalating issues.

Procedure 1: Review DHCP service log1. Using Microsoft Excel, import the DHCP log (named by date) located

by default in C:\Windows\System32\DHCP.

2. See the appendix for event details of interest.


Procedure 2: Review event log1. On the Start menu, click Run, type eventvwr.msc and click OK.

2. Select the appropriate event collection for DHCP and review for errors.

3. See the appendix for event details of interest.

Dependencies

None

Technology Required


Task: Service check—check DHCP authorization statusPurpose

During service restart, reboot, system changes, errors, or recovery, the authorization status may be reset and the DHCP server may no longer be authorized to dispense information. This quick daily check ensures that appropriate servers have authorization within Active Directory.

Procedure 1: Check/set authorization via MMC

In order for DHCP services to run in a domain, they must be authorized. Accept default settings when no information is specified.

1. Start the DHCP Microsoft Management Console (MMC) snap-in on the DHCP server as a user with DHCP administrative authority.

2. Right-click DHCP and select Manage authorized servers.

3. In the Wizard Page, perform the following actions:

In Manage Authorized Servers:

● Click Authorize.

In Authorize DHCP server:

● In the name or IP address box, type the IP of the DHCP Server. Authorize the virtual server IP address for the cluster, and click OK.

In DHCP:

● Confirm information and click Yes if correct.

Dependencies

None

Technology Required



Task: Service check—resolve alerts indicating DHCP server service is downPurpose

Start the core component for the DHCP server.

Procedure 1: Verify DHCP service is running

If the DHCP service is not running, IP/configuration information cannot be dispensed.

To check for the status via GUI

1. On the Start menu, select Administrative Tools, and click Services.

2. Find DHCP Server and verify that the Status column indicates STARTED.

To check for the status via command line

1. Open a command shell by clicking Start, then Run, typing cmd and clicking OK.

2. Enter the service control command:sc.exe “\\<DHCPServerName>” query DHCPServer

3. Service Control should return a state indicate "4 Running."

Procedure 2: Start the DHCP service

If the DHCP service is not running, IP/configuration information cannot be dispensed. Investigate why the service is stopped and log a service ticket as appropriate.

To start the service via GUI

1. On the Start menu, select Administrative Tools, and then click Services.

2. Find DHCP Server, right-click the service, and click Start.

3. Verify that the status column has changed to “Started.”

To check for the status via command line


2. Enter the service control command replacing DHCPServerName with the name of the DHCP server:sc.exe “\\<DHCPServerName>” start DHCPServersc.exe “\\<DHCPServerName>” query DHCPServer

3. Service Control should return a state indicate "4 Running."

Dependencies

None

Technology Required



Task: Service check—verify that all DHCP relay agents are functioning normallyPurpose

Relay agents, whether Windows Server 2003 routing servers or network devices/routers, forward DHCP communications to a DHCP server in order to service hosts in different networks or subnets.

Procedure 1: Make sure Microsoft Windows Server 2003 DHCP relay service is running using command line1. Open a command shell by clicking Start, then Run, typing cmd and

clicking OK.

2. Enter the service control command:sc.exe “\\<DHCPRelayName>” query remoteaccess

3. Service control should respond with “State: 4 Running.”

4. If the service is not running, log a ticket and follow the appropriate process for incident and problem management.

5. To restart the service, enter the service control command:sc.exe “\\<DHCPRelayName>” start remoteaccess

Procedure 2: Check statistics of a scope that traverses a specific agent1. Start the DHCP management console by clicking Start, then Run,

typing dhcpmgmt.msc and clicking OK.

2. If the appropriate DHCP server is not listed in the tree view on the left, right-click DHCP (the first item), select Add Server, enter the hostname for the appropriate DHCP server or select from the authorized list, and click OK.


4. Click [+] to expand Superscopes (if any), and select the scope from which to collect statistics.

5. Right-click the scope, and select Display Statistics.

6. If the relay agent is functioning properly, the scope should have normal levels of in-use IP addresses.


Procedure 3: End-to-end check via client1. Access a control workstation that gets IP leases from a DHCP server

across a relay agent.


3. Enter the following commands:IPConfig /allIPConfig /ReleaseIPConfig /allIPConfig /RenewNetsh diag ping dhcp

The client should have released its current IP address or requested a renewal or new one, and the new lease should be active. The Netsh utility will then ping the DHCP server that issued the new lease.

If these steps succeed, the relay server is functioning normally for this network.

Dependencies

None

Technology Required


Task: Service check—verify that the DHCP server is running automated daily database backupPurpose

On installation, Windows Server 2003 creates a scheduled backup of the DHCP database and transaction logs every 60 minutes. A “backup on shutdown” option may also be enabled on all DHCP servers. These two features make a backup copy of the Dhcp.mdb database, the transaction J*.log files, and registry configuration in DhcpCfg.

In the event of a failure, the order of restore from backup should be the latest 60 minute backup, then the daily backup on external storage, and—worst case—the weekly full system.

The longer the interval between the last backup and a failure, the less likely a suitable restore can be done. This automated backup should be checked to ensure that a fresh copy is made on a regular basis.


Procedure 1: Using Netsh and command line 1. Open a command shell by clicking Start, then Run, typing cmd and

clicking OK.

2. Enter the Netsh command:netsh dhcp server \\<servername> show dbproperties

3. Check that the following results map to the intended configuration. For example:DatabaseBackupInterval defaults to 60DatabaseBackupPath defaults to C:\Windows\System32\dhcp\backup

4. Enter the dir command to see if it has a recent date stamp. Windows\System32\dhcp is the default directory for the DHCP service. Change this to the appropriate directory if the default is not followed:dir %systemroot%\System32\dhcp\backup dir %systemroot%\System32\dhcp\backup\new

Dependencies

None

Technology Required


Task: Service check—verify receipt of accurate DHCP configuration from the correct DHCP server Purpose

This task verifies that the correct DHCP server is providing accurate DHCP configuration information.

Procedure 1: Verify DHCP server is up and responding to requests 1. Access the DHCP client system.

2. Begin a command line by clicking Start, then Run, and entering cmd

3. At the prompt, type the commands:ipconfig /renew allnetsh diag show dhcp /v

4. Verify that the correct DHCP server responded with appropriate response times. Slow connections may cause timeouts and DHCP configuration may not be processed.


Procedure 2: Verify accuracy of dispensed configuration

To verify the accuracy of dispensed configuration via GUI

1. Access the client system either physically or via Terminal Services.

2. Open Control Panel by clicking Start, then Run, typing Control.exe and clicking OK.

3. Double-click Network Connections, select the appropriate network interface, and click Properties.

4. Double-click Internet Protocol (TCP/IP), which will open the Internet Protocol (TCP/IP) Properties window.

5. Verify the information shown in this Properties window, and click Advanced.

6. Verify the information shown in this Advanced TCP/IP Settings window: IP Settings, WINS, and Options tabs.

7. Click the DNS tab, verify the nameserver addresses, and verify that the entry for DNS suffix for this connection is correct.

To verify the accuracy of dispensed configuration via command line


2. Start a command line by clicking Start, then Run, typing cmd and clicking OK.

3. At the prompt, type the commands:ipconfig /allnetsh interface ip show config

4. These commands output the configuration of all the network devices, including DHCP-configured interfaces. Verify that the configuration is correct, including:

● IP address issued

● WINS server

● DNS server

● Default gateway

● Suffixes

● Options

Dependencies

None

Technology Required



Supporting Quadrant


Support Role Cluster

Daily

Process: Classification and initial supportDescription

Incidents must be classified so they can be handled as effectively as possible with the appropriate resolution taken. Classification is the process of categorizing and prioritizing a given incident. It is a very important first stage in incident management as it determines the subsequent action to be taken.

Task: Service desk steps to eliminate the DHCP server/service as causing the issue Purpose

The following procedures provide supplemental diagnostics to quickly eliminate the DHCP server as a cause for a given issue. Unlike troubleshooting guides, which help to solve specific DHCP problems, these steps assist service desk operators in focusing on the actual incident areas.

If the following procedures are run successfully, the DHCP server/service is not the likely cause of an issue.

Procedure 1: Verify if the client is configured for DHCP

To verify if the client is configured for DHCP via GUI


2. Open Control Panel by clicking Start, then Run, typing Control.exe and clicking OK.



5. Verify that Obtain an IP address automatically and Obtain DNS server address automatically are selected.

6. Click the DNS tab and verify the entry for DNS suffix for this connection is correct.


To verify if the client is configured for DHCP via command line



3. At the prompt, type the command:netsh interface ip show config

Procedure 2: Verify DHCP server is up and responding to requests 1. Access the DHCP client system.


3. At the prompt, type the commands:ipconfig/renew allnetsh diag show dhcp/v

4. Verify that the correct DHCP server responded with appropriate response times. Slow connections may cause timeouts and DHCP configuration may not be processed.

Procedure 3: Verify accuracy of dispensed configuration

To verify the accuracy of dispensed configuration via GUI


2. On the Start menu, click Run. Type Control.exe, and then click OK.



5. Verify the information shown in this Properties window, and click Advanced.

6. Verify the information shown in this Advanced TCP/IP Settings window: IP Settings, WINS, and Options tabs.

7. Click the DNS tab and verify the nameserver addresses, and that the entry for DNS suffix for this connection is correct.


To verify the accuracy of dispensed configuration using command line



3. At the prompt, type the commands:ipconfig /allnetsh interface ip show config

4. These commands output the configuration of the all network devices, including DHCP-configured interfaces. Verify that the configuration is correct, including:

● IP address issued

● WINS server

● DNS server

● Default gateway

● Suffixes

● Options

Dependencies

None

Technology Required



Supporting Quadrant


Support Role Cluster

Daily

Process: Investigation and diagnosisDescription

This process deals with the investigation of incidents and gathering of diagnostic data. The aim of the process is to identify how an incident can be resolved as quickly as possible.

Task: Respond to daily service requestPurpose

Make sure all incidents are answered and there is an incident owner responsible for the incident life cycle. This serves the organization in two ways:

● The customer understands that when an incident is reported, he or she will receive confirmation that someone from the incident management team has reviewed the request. This ensures that customers will continue to use the organization’s incident support channel.

● Each incident will have an owner responsible for collecting background information and doing preliminary troubleshooting. The owner is responsible for contacting other technical specialists to assist the customer in documenting the incident, resolving the incident, and making sure contributing technicians comment their information to the incident request. This ensures there is a single point of contact for the incident from the customer's and from the organization's perspective.

Procedure 1: Acknowledge receipt of service request1. Send customer e-mail confirming receipt of incident request.

2. Give the customer an incident case number prior to collecting data and troubleshooting the incident.

Procedure 2: Document incident

Document the problem, system affected, actions taken to troubleshoot, and plans to resolve the incident. The following are systems that may be affected in a DHCP server environment:

● DHCP server

● Scopes

● Permissions

● Reservations

● SuperScopes

● IP/Config/Options


Procedure 3: Update customer on status of incident

Send customer e-mail confirming the problems, system affected, actions taken to troubleshoot, and the current plan to resolve the incident. If another technician is involved in troubleshooting, make sure his or her notes are part of the case documentation.

Procedure 4: Close incident

If the incident is not resolved on the customer’s initial request for incident management, follow up with the customer and other technicians until the incident is resolved.

Dependencies

● Incident ticketing system.

● An SLA on how customers request incident management, that is, by e-mail or service phone number.

Technology Required

● There are third-party tools that provide incident management ticketing functionality.

● An Access or Microsoft SQL Server™ database may also be used to create incident tickets.

Task: Create weekly service activity reportPurpose

This task provides a high-level report on a service request from the perspective of when it was opened, when it was closed, and how long it took to resolve. The organization may have a service level agreement on the time it takes a customer to receive a response from the incident management team once an incident has been reported. Managers and leads can use such data to better balance the workload of the incident management team.

Management can also use the service activity report to measure the effectiveness and efficiency of the incident management staff itself. This information is important to the members of the incident management team because it shows how long cases have been open. This helps to determine which cases must be addressed next. The following is an example of some of the information that can be included in the activity report:

● Total number of cases opened.

● Total number of cases closed.

● Number of cases closed on first contact with the incident management team.

● Number of days a case has been open.

Procedure 1: Create report metrics

The method used to collect the data is dependent on features of an organization’s incident tracking solution. But however the organization collects the data, it should include the following information:


● Total number of cases opened. This metric is collected for individual members of the team as well as the whole team. It highlights the volume of incidents being opened regarding DHCP services. When this metric is compared against the other metrics being collected, it helps the team to assess its overall effectiveness.

● Total number of cases closed. This metric is collected for individual members of the team as well as the whole team. It highlights the volume of incidents being closed regarding DHCP services. This metric is critical when evaluating the progress of the incident management team. Open cases that must be carried over to another week require additional incident management from the case owner.

● Number of cases closed on first contact with incident management team. This metric is collected as the total for the team. It allows the incident management team to determine the effectiveness/efficiency of the incident management process; it can directly impact customer satisfaction. When cases are closed on the first call, it reduces the number of cases incident management team members have to manage.

● Number of days a case has been open. This metric is collected for individual members of the team as well as for the whole team. Cases that remain open for extended periods have a negative impact on customer satisfaction. The incident manager can use this metric to identify possible areas in which the incident management team may require training or education. In addition, cases that remain open for long periods may be better handled by the problem management team. It is important to identify these types of cases and to provide the incident owner with additional resources or to escalate the issue to the problem management team.

Dependencies

● Incident ticketing system

● Daily response to incidents

● An SLA on how an incident is handled and when it get escalated to the problem management team.

Technology Required

● There are third-party tools that provide incident management ticketing functionality.

● Reports may be built from an Access or SQL Server database.


Changing Quadrant Configuration Management SMF


Monthly

Process: Review configuration itemsPurpose

Because the accuracy of the information stored in the configuration management database (CMDB) is crucial to the success of change management, incident management, and other SMFs, a review process should be set up to ensure that the database accurately reflects the live IT environment.

Task: Compliance check—modifying the DHCP lease duration Purpose

This task audits the lease duration configuration to ensure that it matches the original architectural intent.

Procedure 1: Use the DHCP manager to review scope lease durations1. Click Start, then Run, and type:

%SystemRoot%\system32\dhcpmgmt.msc /s

2. Double-click the server that is being evaluated for this optimization. This should display the currently configured scopes for the server.

3. Right-click the specific scope to modify, and choose Properties.

4. Note the lease length/duration, and repeat for other servers/scopes.

5. Compare this current value from established architecture baselines.

6. If the scopes are noncompliant, submit a request for change (RFC) to give visibility to this configuration drift.

To correct the configuration, repeat steps 1-4, modifying the lease length value on step 4.

Procedure Option 2: Use the netsh.exe to review scope lease durations1. Access the DHCP administrative client either physically or via

Terminal Services.

2. On the Start menu, click Run. Type cmd.exe and click OK.

2. Type the netsh command:Netsh DHCP Server \\<servername> scope x.x.x.x show optionvalue

3. Replace <servername> with the hostname of the DHCP server. Replace x.x.x.x with the IP of the DHCP server.

4. Note the Option Element Value specified under an OptionId of 51. This value is the lease length in seconds. Repeat step 2 for each server name and scope.


5. Compare this current value from established architecture baselines.

6. If the scopes are noncompliant, submit a request for change (RFC) to give visibility to this configuration drift.

When a scope is created, the default lease duration is set to eight days, which works well in most cases. However, because lease renewal is an ongoing process that may affect the performance of DHCP clients and the network, it might be useful to review the lease duration and change it or reset it where appropriate. Use the following guidelines to decide how best to modify lease duration settings for improving DHCP performance on the network:

● If there are many IP addresses available and configurations that rarely change on the network, increase the lease duration to reduce the frequency of lease renewal queries between clients and the DHCP server. This reduces network traffic.

● If there are few IP addresses available and if client configurations change frequently or clients move often on the network, reduce the lease duration. This increases the rate at which addresses are returned to the available address pool for reassignment.

● Consider the ratio between connected computers and available IP addresses. For example, if there are 40 systems sharing a Class C address (with 254 available addresses), the demand for reusing addresses is low. A long lease time, such as two months, would be appropriate in such a situation. However, if 230 computers share the same address pool, demand for available addresses is greater, and a lease time of a few days or weeks is more appropriate.

● Use infinite lease durations with caution. Even in a relatively stable environment, there is a certain amount of turnover among clients. At a minimum, roving computers might be added and removed, desktop computers might be moved from one office to another, and network adapter cards might be replaced. If a client with an infinite lease is removed from the network, the DHCP server is not notified, and the IP address cannot be reused. A better option is a long lease duration, such as six months. This ensures that addresses are ultimately recovered.

One option for implementation is creating lease times based on scope availability. For example, if scope availability is less than 10 percent, reduce the lease time per the following guidelines:

6 days >4 days >2 days >1 day

Dependencies

None

Technology Required



Task: Compliance check—conflict detection on DHCP servers (rogue detection and IP in use)Purpose

This task reviews conflict detection settings to make sure that after a month of daily operations, the configuration still matches the original architectural intent given the configuration of the environment.

Procedure 1: Detect and identify IP address conflict via server-side checking

Windows 2000 and Windows XP DHCP client computers that obtain IP addresses via DHCP automatically use a gratuitous address resolution protocol (ARP) request for conflict detection on the client side. This is done prior to completing the configuration and use of the offered IP address. If a client running Windows 2000 or Windows XP is configured to use DHCP and detects a conflict, it sends a DHCPDecline message to the DHCP server.

If the network includes Windows 95-based DHCP clients, use server-side conflict detection provided by the DHCP service. To enable this mediated conflict detection, increase the number of ping attempts that the DHCP service performs for each address before leasing that address to a client.

Note For each additional conflict detection attempt the DHCP service performs, additional seconds are added to the time needed to negotiate leases for DHCP clients.

1. Click Start, then Run, and type:%SystemRoot%\system32\dhcpmgmt.msc /s

2. In the console tree, click the applicable DHCP server.

3. On the Action menu, click Properties, then the Advanced tab.

4. For conflict detection attempts, type a number greater than 0 (zero) and less than 6 (2 is recommended), and then click OK.

Procedure 2: Monitor logs for IP conflict1. View the current log for DHCP. These are sorted by days of the week

(default location in C:\windows\system32\dhcp).

2. Check for Event ID 13.

Event 13 indicates that “An IP address was found to be in use on the network.” This often happens when the IP was already dispensed by a rogue system.


Procedure 3: Rogue DHCP detection via Netsh

To use Terminal Services to connect to the host or subnet with an IP address conflict and find all responding DHCP servers

1. Click Start, then Run, and enter cmd

2. In the command window, type:netsh diag ping dhcp

3. Note all DHCP servers identified and pinged, and compare with known good DHCP servers for additional rogue detection.

Dependencies

None

Technology Required

● Netsh is included with Windows Server 2003


Task: Compliance check—maintain dynamic update configurationPurpose

This task reviews the DHCP dynamic domain name system (DDNS) dynamic update settings to make sure that after a month of daily operations, the configuration still matches the original architectural intent given the configuration of the environment.

Windows Server 2003 DHCP services perform dynamic updates for DHCP clients based on how clients request that updates be done. This setting provides the best use of the DHCP service to perform the following dynamic updates on behalf of its clients:

● Client computers running Windows 2000 explicitly request that the DHCP service only update pointer (PTR) resource records used in DNS for the reverse lookup and resolution of the client's IP address to its name. These clients update their address (A) resource records for themselves.

● Clients running earlier Windows versions cannot make explicit requests for dynamic update preference. For these clients, the DHCP service can be configured to update both the PTR and the A resource records for the client.


Procedure 1: Check current dynamic update configuration via GUI1. Start the DHCP management console by clicking Start, then Run,

entering dhcpmgmt.msc and clicking OK.

2. If the appropriate DHCP server is not listed in the tree view on the left:

a. Right-click DHCP (the first item), and select Add Server.

b. Enter the hostname for the appropriate DHCP server or select from the authorized list, and click OK.


4. Click [+] to expand Superscopes (if any) and select the scope to check Dynamic Update configuration.

5. Right-click the scope and select Properties.

6. Click the DNS tab and verify the configuration.

Procedure 2: Modify dynamic update configuration

If legacy DHCP clients no longer exist in the environment, the architecture may prescribe that the configuration revert back to the original defaults for the DHCP server:

To enable DNS dynamic updates

1. Dynamically update DNS A and PTR records only if requested by DHCP clients.

2. Discard A and PTR records when lease is deleted.

Conversely, if the architecture dictates specific name resolution requirements and Windows NT® Server 4.0 servers are introduced, there may be a need to enable “Dynamically update DNS A and PTR records for DHCP clients that do not request updates.” These changes must be initiated and approved through the appropriate change management process.

Dependencies

None

Technology Required



Changing Quadrant Change Management SMF


Daily Schedule

Process: Change classificationDescription

After an RFC has passed the initial screening, the change manager must classify and categorize the RFC. The priority level set for a particular RFC determines how quickly the change advisory board (CAB) will review the request for change.

Task: Review emergency change requestPurpose

This task provides guidance to the change advisory board emergency committee (CAB/EC) on processing an emergency request for change. The number of emergency change requests should be kept to a minimum because they typically involve high risk and require a great outlay of time and resources. An emergency RFC is different from a standard RFC because it goes through the deployment phase of Microsoft Solutions Framework (MSF).

Emergency changes to DHCP services can have a great impact on a large number of users or can affect business processes that depend on the DHCP server. For this reason, it is very import to create a change request process that emphasizes prioritizing and attending to urgent problems associated with DHCP services. The Infrastructure Role Cluster is responsible for this task, but the request for emergency change can be initiated by any of the MOF role clusters. An emergency change request could involve the release of updates to the operating system, third-party applications, or configuration changes.

Procedure 1: Contact CAB1. Make sure system has a server backup. Prior to contacting the

CAB members, confirm the server has a successful server backup.

2. Select emergency CAB members. This should include standing members of the change advisory board as well as those members who can give the greatest guidance to DHCP services.

3. Notify the CAB of the emergency RFC. Each member of the CAB who was identified in step 2 must be notified of the emergency RFC. It is important that every attempt be made to contact each member of the emergency CAB; this may include e-mail, mobile devices, and other communication methods available. The member should be given an expected time in which to respond to the emergency change request and general information about the change request.


4. Review the RFC. Collect all information pertaining to changes to the DHCP service, including asking additional question of the change initiator. The CAB should look at the impact the change has on DHCP services. Weigh the risk associated with making an emergency change to the DHCP system versus making a standard change. The type of change could include:

● Applying service packs or hotfixes.

● Adding a new DHCP server.

● Adding a new network subnet/route/path/costing values.

● Adjusting thresholds and scope settings above policy.

● Changing backup and restore procedures.

● Modifying and applying policies.

● Changing a process or script used to administer servers.

Along with change type, collect the configuration item that will be affected by the change. Configuration items are objects that are subject to change. Any item that has the possibility of changing falls under change management. For DHCP servers these items include:

● DHCP server hardware

● Active Directory/domain controller hardware

● Hardware vendor

● Server role (what is the server function)

● Windows Server 2003 software

● Service packs

● Hotfixes

● Antivirus software

● Monitoring software

● Backup software

● Processes and procedures

● Documentation

● RFCs

Dependencies

● A process to initiate an RFC in the operational environment.

● An identified CAB roster and individuals who are contacted for emergency changes as they relate to DHCP services.

● Operations team educated around MOF/ITIL.

Technology Required


4Processes by MOF Role Clusters

This chapter is designed for those who want to see all the processes for a single role cluster in one place. The information is the same as that in the previous two chapters. The only difference is that the processes are ordered by MOF role cluster.

Operations Role ClusterDaily Processes

Process 1: Data backup, restore, and recovery operations

Task 1: Backup—pull DHCP configuration, transaction logs, and database (DB) to external storage

Task 2: Verify previous day's backup

Process 2: Proactive analysis and review

Task 1: Monitor and resolve alerts indicating DHCP conflict (rogue detection and IP in use)

Task 2: Monitor key DHCP dependencies (Active Directory and network)

Task 3: Monitor log for DHCP events

Task 4: Service check—check DHCP authorization status

Task 5: Service check—resolve alerts indicating the following services are not running: Dhcpserver

Task 6: Service check—verify receipt of accurate DHCP configuration from the correct DHCP server

Task 7: Service check—verify that all DHCP relay agents are functioning normally

Task 8: Service check—verify that the DHCP server is backing up its DB automatically

Weekly Processes

Process 1: Storage resource management

Task 1: Monitor disk space for the DHCP logs and DB

Monthly Processes

There are no monthly processes for this role cluster.

As-Needed Processes

Process 1: Data backup, restore, and recovery operations

Task 1: Verify restore

Support Role ClusterDaily Processes

Process 1: Classification and initial support

Task 1: Service desk steps to eliminate the DHCP server as causing the issue

Process 2: Investigation and diagnosis

Task 1: Respond to daily service request

Weekly Processes

Process 1: Investigation and diagnosis

Task 1: Weekly service activity report

Monthly Processes


Release Role ClusterDaily Processes

There are no daily processes for this role cluster.

Weekly Processes

There no weekly processes for this role cluster.

Monthly Processes


As-Needed Processes

There are no as-needed processes for this role cluster.

Infrastructure Role ClusterDaily Processes


Process 1: Perform monitoring

Task 1: Capture service performance statistics

Task 2: Capture services scope usage statistics

Task 3: Capture system load and utilization statistics

Process 2: Change classification

Task 1: Review emergency change requests

Weekly Processes

There are no weekly processes for this role cluster.

Monthly Processes


As-Needed Processes


Security Role ClusterDaily Processes


Weekly Processes


Monthly Processes


As-Needed Processes



Partner Role ClusterDaily Processes


Weekly Processes


Monthly Processes


As-Needed Processes


5Troubleshooting

OverviewThe following table contains troubleshooting tips that should be useful in maintaining this product. The tips are based on known issues and follow the best practices for troubleshooting and problem management outlined by the Incident Management SMF and the Problem Management SMF, both found in the MOF Supporting Quadrant.

Problem #1: No IP AddressDescription of Problem

The DHCP client does not have an IP address configured or indicates that its IP address is 0.0.0.0.

Cause of Problem

The client was not able to contact a DHCP server and obtain an IP address lease, either because of a network hardware failure or because the DHCP server is unavailable.

Resolution of Problem

Verify that the client computer has a valid functioning network connection. First, check that related client hardware (cables and network adapters) are working properly at the client using basic network and hardware troubleshooting steps.

If the client hardware appears to be prepared and functioning properly, check that the DHCP server is available on the network by pinging it from another computer on the same network as the affected DHCP client.

Problem #2: Incorrect IP AddressDescription of Problem

The DHCP client appears to have automatically assigned itself an IP address that is incorrect for the current network.

Cause of Problem

The Windows XP, Windows Millennium Edition (ME), or Windows 98 DHCP client could not find a DHCP server and has used IP autoconfiguration to configure its IP address.

In some larger networks, disabling IP autoconfiguration might be desirable for network administration


First, use the ping command to test connectivity from the client to the server. Next, either verify or manually attempt to renew the client lease. Depending on the network requirements, it might be necessary to disable IP autoconfiguration at the client.

Problem #3: Missing Configuration DetailsDescription of Problem

The DHCP client appears to be missing some network configuration details or is unable to perform related tasks, such as resolving names.

Cause of Problem

The client might be missing DHCP options in its leased configuration, either because the DHCP server is not configured to distribute them or because the client does not support the options distributed by the server.


For Microsoft DHCP clients, verify that the most commonly used and supported options have been configured at the server, scope, client, or class level of options assignment.


Problem #4: Incorrect or Incomplete OptionsDescription of Problem

The DHCP client appears to have incorrect or incomplete options, such as an incorrect or missing router (default gateway) configured for the subnet on which it is located.

Cause of Problem

The client has the full and correct set of DHCP options assigned, but its network configuration does not appear to be working correctly.

If the DHCP server is configured with an incorrect DHCP router option (option code 3) for the default gateway address of the client, clients running Windows NT, Windows 2000, or Windows XP use the correct address. However, DHCP clients running Windows 95 use the incorrect address.


Change the IP address list for the router (default gateway) option at the applicable DHCP scope and server. In rare instances, configure the DHCP client to use a specialized list of routers different from other scope clients. In such cases, add a reservation and configure the router option list specifically for the reserved client.

Problem #5: Unable to Obtain IP AddressesDescription of Problem

Many DHCP clients are unable to get IP addresses from the DHCP server.

Possible Causes and Resolutions of Problem

Possible Cause of Problem (1)

The IP address of the DHCP server was changed, and now DHCP clients cannot get IP addresses.

Resolution of Problem (1)

A DHCP server can only service requests for a scope that has a network ID that is the same as the network ID of its IP address.

Ensure that the DHCP server’s IP address is configured correctly. Verify that all IP helpers on routers and DHCP relay agents accurately refer to this IP address.




The DHCP clients are located across a router or switch from the subnet where the DHCP server resides and are unable to receive an address from the server.


A DHCP server can provide IP addresses to client computers on remote multiple subnets only if the router or switch that separates them can act as a BOOTP Relay.

Completing the following steps might correct this problem:

1. Configure a BOOTP Relay on the client subnet (that is, the same physical network segment). Use the network vendor prescription for configuring the BOOTP Relay.

2. At the DHCP server, do the following:

a. Configure a scope to match the network address on the other side of the router or switch where the affected clients are located.

b. In the scope, make sure that the subnet mask is correct for the remote subnet.

c. Use a default gateway on the network connection of the DHCP server in such a way that it is not using the same IP address as the switch or router that supports the remote subnet where the clients are located.

d. Do not include this scope (that is, the one for the remote subnet) in superscopes configured for use on the same local subnet or segment where the DHCP server resides.

e. Make sure there is only one logical route between the DHCP server and the remote subnet clients.


Multiple DHCP servers exist on the same LAN.


Make sure that multiple DHCP servers on the same LAN are not configured with overlapping scopes.


Problem #6: No Relay Services Description of Problem

The DHCP Relay Agent is not providing relay services for DHCP clients on a network segment.



The interface on the server running routing and remote access that connects to the network segment where the DHCP clients are located is not added to the DHCP Relay Agent IP routing protocol.


Verify that the interface on the server running routing and remote access that connects to the network segment where the DHCP clients are located is added to the DHCP Relay Agent IP routing protocol to enable the DHCP Relay Agent on a router interface.


The Relay DHCP packets check box is not selected for the DHCP Relay Agent interface that is connected to the network segment where the DHCP clients are located.


Verify that the Relay DHCP packets check box is selected for the DHCP Relay Agent interface that is connected to the network segment where the DHCP clients are located.


The IP addresses of DHCP servers configured on the global properties of the DHCP Relay Agent are incorrect.


Verify that the IP addresses of DHCP servers configured on the global properties of the DHCP Relay Agent are the correct IP addresses for DHCP servers on your internetwork. To configure global DHCP Relay Agent properties see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/mpr_how_dhcprelay2.asp.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/mpr_how_dhcprelay2.asp







The correctly configured DHCP servers are not reachable.


From the router with the DHCP Relay Agent enabled, use the ping command to ping each of the DHCP servers that are configured in the global DHCP Relay Agent dialog box. If you cannot ping the DHCP servers from the DHCP Relay Agent router, troubleshoot the lack of connectivity between the DHCP Relay Agent router and the DHCP server or servers.


IP packet filtering is preventing the receiving (through input filters) or sending (through output filters) of DHCP traffic.


Verify that IP packet filtering on the router interfaces is not preventing the receiving (through input filters) or sending (through output filters) of DHCP traffic. DHCP traffic uses the User Datagram Protocol (UDP) ports of 67 and 68. Manage packet filters


TCP/IP filtering is preventing the receiving of DHCP traffic.


Verify that TCP/IP filtering on the router interfaces is not preventing the receiving of DHCP traffic. DHCP traffic uses the UDP ports of 67 and 68. To configure TCP/IP to use TCP/IP filtering, see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_TCPIP_pro_TCPIPfilter.asp.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_TCPIP_pro_TCPIPfilter.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_TCPIP_pro_TCPIPfilter.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/mpr_how_packetfilters.asp

6Appendix

DHCP Log Events—FieldsThe audit logging behavior discussed in this section applies only to the DHCP service provided with Windows Server 2003 and replaces the previous DHCP logging behavior used in earlier versions of Windows NT Server.

DHCP server logs are comma-delimited text files with each log entry representing a single line of text. The fields and the order in which they appear in the log file are:

Table 1. DHCP Server Logs—Fields

Field in sequence per line

Description

ID A DHCP server event ID code.

Date The date at which this entry was logged on the DHCP server.

Time The time at which this entry was logged on the DHCP server.

Description A description of this DHCP server event.

IP address The IP address of the DHCP client.

Computer name The computer name of the DHCP client.

MAC address The media access control address used by the client's network adapter hardware.

DHCP Log Events—ID CodesThe audit logging behavior discussed in this section applies only to the DHCP service provided with Windows Server 2003 and replaces the previous DHCP logging behavior used in earlier versions of Windows NT Server.

DHCP server logs use special event ID codes to indicate specific information that is being captured:

Table 2. DHCP Server Logs—Event IDs

Event ID Description

0 The log was started.

1 The log was stopped.

2 The log was temporarily paused due to low disk space.

10 A new IP address was leased to a client.

11 A lease was renewed by a client.

12 A lease was released by a client.

13 An IP address was found to be in use on the network.

14A lease request could not be satisfied because the scope's address pool was exhausted.

15 A lease was denied.

16 A lease was deleted.

17 A lease was expired.

20 A BOOTP address was leased to a client.

21 A dynamic BOOTP address was leased to a client.

22A BOOTP request could not be satisfied because the scope's address pool for BOOTP was exhausted.

23A BOOTP IP address was deleted after checking to see it was not in use.

24 IP address cleanup operation has begun.

25 IP address cleanup statistics.

30 DNS update request to the named DNS server.

31 DNS update failed.

32 DNS update successful.

50+Codes above 50 are used for Rogue Server Detection information.


DHCP System MonitorsDHCP servers are of critical importance in most environments. Monitoring the performance of servers can help when troubleshooting cases where server performance degradation occurs.

For Windows 2003 Server, the DHCP service includes a set of performance counters that can be used to monitor various types of server activity. By default, these counters are available after the DHCP service is installed. To access these counters, use System Monitor (formerly Performance Monitor). The DHCP server counters can monitor the following:

● All types of DHCP messages sent and received by the DHCP service.

● The average amount of processing time spent by the DHCP server per message packet sent and received.

● The number of message packets dropped because of internal delays on the DHCP server computer.

Table 3. DHCP Server Logs—Metrics

Metric Description

Active queue length

The current length of the internal message queue of the DHCP server. This number equals the number of unprocessed messages received by the server. A large number may indicate heavy server traffic.

Conflict check queue length

The current length of the conflict check queue for the DHCP server. This queue holds messages not responded to while the DHCP server performs address conflict detection. A large value here may indicate heavy lease traffic at the server or that Conflict Detection Attempts has been set too high.

Discovers/sec

The number of DHCPDiscover messages received per second by the server. A sudden or abnormal increase indicates that a large number of clients are probably attempting to initialize and obtain an IP address lease from the server, such as when a number of client computers are started at one time.

Duplicates dropped/sec

The number of duplicated packets per second dropped by the DHCP server. A large number indicates clients are probably timing out too fast or the server is not responding very fast.

Milliseconds per packet (Avg.)

The average time, in milliseconds, used by the DHCP server to process each packet it receives. This number can vary depending on the server hardware and its I/O subsystem. A sudden or unreasonable increase may indicate trouble, possibly with the I/O subsystem getting slower or because of some intrinsic processing overhead on the server computer.


Metric Description

Packets expired/sec

The number of packets per second that expire and are dropped by the DHCP server. Packets expire because they are in the server's internal message queue for too long. A large number here indicates either that the server is either taking too long to process some packets while other packets are queued or that traffic on the network is too high for the DHCP server to handle.

Packets received/sec

The number of message packets received per second by the DHCP server. A large number indicates heavy DHCP-related message traffic to the server.

Offers/sec The number of DHCPOffer messages sent per second by the DHCP server to clients. A sudden or abnormal increase in this number indicates heavy traffic on the server.

Requests/sec

The number of DHCPRequest messages received per second by the DHCP server from clients. A sudden or abnormal increase in this number indicates that a large number of clients are probably trying to renew their leases with the DHCP server. This may indicate scope lease times are too short.

Informs/sec The number of DHCPInform messages received per second by the DHCP server. DHCPInform messages are used when the DHCP server queries the directory service for the enterprise root and when dynamic updates are being done on behalf of clients by the DNS server.

Acks/sec The number of DHCP acknowledgement messages sent per second by the DHCP server to clients. A sudden or abnormal increase in this number indicates that a large number of clients are being renewed by the DHCP server. This may indicate scope lease times are too short.

Nacks/sec The number of DHCP negative acknowledgment messages sent per second by the DHCP server to clients. A very high value might indicate potential network trouble, either misconfiguration of clients or of the server. Where servers can be misconfigured, one possible cause is a deactivated scope. For clients, a very high value could be caused by computers (such as laptops or other mobile devices) moving between subnets.

Declines/sec

The number of DHCPDecline messages received per second by the DHCP server from clients. A high value indicates that several clients have found their address to be in conflict, possibly indicating network trouble. In this situation, it may help to enable conflict detection on the DHCP server. If used on the server, conflict detection should only be used temporarily. Once the situation returns to normal, it should be turned off.

dhcp service pog

Documents