Extended support for Windows 2008R2 will end on 14 January 2020. Now is a good time for me to migrate my DHCP server to Windows Server 2019.
This should be a fairly easy process
Old DHCP Server: 2008R2DHCP
New DHCP Servers: VM-DHCP1, VM-DHCP2
1. Create a new VM for the new DHCP server
I will be using this script to create a new Windows Server 2019 Core VM on VHOST01
I'm saving this script as VM-DHCP1.ps1 on the D:\Templates folder on VHOST01 machine.
# Set VM Name, Switch Name, and Installation Media Path.
$VMName = 'VM-DHCP1'
$Switch = 'externalSwitch'
$VMPath = 'D:\Hyper-V\'
$VHD = "$VMPath\$VMName\Virtual Hard Disks\$VMName.vhdx"
$Image = 'D:\Templates\2019-CORE.vhdx'
# Create directory to store the virtual hard disk
New-Item -Path "$VMPath\$VMName\Virtual Hard Disks" -ItemType "Directory"
#Copy the base image to the Hyper-V virtual hard drive location
Start-BitsTransfer -source $Image -destination $VHD
# Create New Virtual Machine
New-VM -Name $VMName -MemoryStartupBytes 4GB -Generation 2 -Path $VMPath -SwitchName $Switch
# Attach Base Image
Add-VMHardDiskDrive -VMName $VMName -Path $VHD
# Start the VM
Start-VM -VMName $VMName
2. Configure the new 2019 Core VM
Connect to the new VM via Hyper-V Manager, and open a PowerShell prompt
Assign static IP to the server
Get InterfaceIndex value
Get-NetAdapter -Name * | Format-Table –AutoSize
Configure static IP using the ifIndex value returned from the command above
New-NetIPAddress –InterfaceIndex 7 –IPAddress 192.168.1.6 -PrefixLength 24 -DefaultGateway 192.168.1.1
Configure DNS, using the same ifIndex value as above
Set-DnsClientServerAddress -InterfaceIndex 7 -ServerAddresses ("192.168.1.2","192.168.1.3")
Add server to the existing domain
Add-Computer -Credential Admin-Username -DomainName dccb.net -NewName VM-DHCP1; Restart-Computer -force
After the VM has been restarted. Log in with a domain admin credential and enable Ping for diagnostic
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request – ICMPv4-In)" -enabled True
3. Export my current DHCP database
On VM-DHCP1, run the following PowerShell command:
MkDir C:\Backup
Export-DhcpServer -File C:\Backup\DHCP\DHCPDB.xml -Leases -Force -ComputerName 2008R2DHCP –Verbose
It looks like the export was successful.
VERBOSE: Exporting configuration from server Nightwing to file P:\Chamber\Backup\DHCP\DHCPDB.xml.
VERBOSE: The configuration (and leases) on server Nightwing will be exported to the file D:\Backup\DHCP\DHCPDB.xml.
VERBOSE: Exporting classes from server...
VERBOSE: Exporting option definitions from server...
VERBOSE: Exporting server wide option values...
VERBOSE: Exporting Link Layer Filters...
VERBOSE: Exporting scope 192.168.1.0 from server 2008R2DHCP...
VERBOSE: Exporting exclusion ranges from scope 192.168.1.0...
VERBOSE: Exporting option values from scope 192.168.1.0...
VERBOSE: Exporting reservations from scope 192.168.1.0. This operation may take some time.
VERBOSE: Exporting leases from scope 192.168.1.0. This operation may take some time.
VERBOSE: Exporting classes from server...
VERBOSE: Exporting option definitions from server...
VERBOSE: Exporting server wide option values...
VERBOSE: Export operation on server 2008R2DHCP completed.
4. Install the DHCP server role and configure service
install-WindowsFeature -Name DHCP –IncludeManagementTools
add the DHCP Users and DHCP Administrators security groups to the DHCP server
Add-DHCPServerSecurityGroup -ComputerName VM-DHCP1
Set credentials that the DHCP server uses to register and deregister client records on a DNS server
Set-DHCPServerDNSCredential -ComputerName VM-DHCP1 -Credential dccb\DHCP-Service
Authorize the server in Active Directory
Add-DhcpServerInDC -DnsName "VM-DHCP1.dccb.net" -IPAddress 192.168.1.6
Get a list of all authorized DHCP Servers to check if the authorization was successful
Get-DhcpServerInDC
Deauthorize old Windows 2008 R2 DHCP server
Remove-DhcpServerInDC -DnsName "2008r2dhcp.dccb.net" -IPAddress 192.168.1.15
5: Configure DHCP Failover
Import the DHCP databse XML to Windows Server 2019
MkDir C:\DHCPDB
Import-DhcpServer -File C:\backup\DHCPDB.xml -BackupPath C:\DHCPDB\ -Leases -ScopeOverwrite -Force -ComputerName VM-DHCP1 –Verbose
Verify the new DHCP server is working.
On a Windows 10 machine, run:
ipconfig /release && ipconfig /renew
ipconfig /all
If the IP address of the DHCP server listed in the above command is 192.168.1.6, then it's working.
Spin up another DHCP Server and name this one VM-DHCP2
Repeat the commands in Step 4 for this new DHCP server
Configure DHCP Failover in Load Balancing mode
Add-DhcpServerv4Failover –ComputerName vm-dhcp1.dccb.net –PartnerServer vm-dhcp2.dccb.net –Name dhcp1-dhcp2 –ScopeID 192.168.1.0 –LoadBalancePercent 60 -Force
I'm getting an error message:
The time difference between this server and the partner server is greater than the permissible value of 60 seconds.
Please ensure that both servers are time synchronized before configuring failover.
You can configure the Windows Time Service on both servers to ensure time synchronization
I ran this command on primary domain controller
w32tm /query /source
I'm getting
VM IC Time Synchronization Provider
So, my virtualized domain controller is syncing time with its Hyper-V host. However, my Hyper-V host is a member of the domain and synchronizes time with the domain controller, but my domain controller is a virtual machine that synchronizes time with the host.
What a time loop.
On the Hyper-V host that has the guest domain controller named DC1, I ran this PowerShell command:
Get-VMIntegrationService -VMName DC1 -Name 'Time Synchronization'
Result
VMName Name Enabled PrimaryStatusDescription SecondaryStatusDescription
------ ---- ------- ------------------------ --------------------------
DC1 Time Synchronization True OK
I'm going to disable Time Synchronization now
Get-VMIntegrationService -VMName DC1 -Name 'Time Synchronization' | Disable-VMIntegrationService
Run it again to verify
Get-VMIntegrationService -VMName DC1 -Name 'Time Synchronization'
I'm getting
VMName Name Enabled PrimaryStatusDescription SecondaryStatusDescription
------ ---- ------- ------------------------ --------------------------
DC1 Time Synchronization False OK
I need to disable Time Synchronization for VM-DHCP1
Disable-VMIntegrationService –Name 'Time Synchronization' -VMName VM-DHCP1
Then log into HOST2 and disable Time Synchronization for VM-DHCP2
Disable-VMIntegrationService –Name 'Time Synchronization' -VMName VM-DHCP2
After that, reconfigure the guest VM's time configuration to sync from the domain hierarchy
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync /nowait
net stop w32time
net start w32time
Now, run the DHCP Failover setup again.
Add-DhcpServerv4Failover –ComputerName vm-dhcp1.dccb.net –PartnerServer vm-dhcp2.dccb.net –Name dhcp1-dhcp2 –ScopeID 192.168.1.0 –LoadBalancePercent 60 -Force
All done!