Why doesn't DHCP work correctly in load-balancing configuration in WS 2012 R2?

E

Evgeny Ferapontov2016-07-18 14:29:58

Computer networks

Evgeny Ferapontov, 2016-07-18 14:29:58

There are two DHCP servers running Windows Server 2012 R2. Failover relationship configured: shared key authentication, type: load balancing, Client Lead Time: 1 hour, 50/50 balancing.
There are 3 realms: 192.168.0.0/24, 192.168.1.0/24, 192.168.2.0/24. In each, unique options are configured (router, domain name, etc.), DNS server addresses are issued common to all areas (configured in the server options). Both DHCP synchronize the time with an external source, the clock matches up to a second.
The following problems occur:
1) Servers do not assign an address to a new client. It was not possible to trace any pattern, but this can be provoked by ipconfig / release & ipconfig / renew. In one case out of several, the client will not be assigned an address and will automatically fall out in APIPA. At the same time, there are no messages in the logs of the client system, nor in the logs of the server.
2) Servers do not assign DNS server addresses to the client. It has been noticed that it occurs mainly with clients connected via wi-fi, but several times it was also with those connected via a regular twisted pair cable. In this case, all other options are assigned correctly. The easiest way to reproduce the error is to connect the client via wi-fi (tablet / smartphone / laptop) to one network, and then transfer to another network. When connecting to a second network, the client will be assigned all addresses and options except DNS.
Also in the logs, messages like this regularly appear:

A BINDING-ACK message with transaction id: 3749 was sent for IP address: 192.168.0.139 with reject reason: (Outdated binding information) to partner server: dhcp2 for failover relationship: dhcp1-dhcp2.

(EventID 20291 & 20292)
All problems are treated by stopping the DHCP service on one of the servers. Previously, there were no such problems with a single DHCP server.
Searching through the message and error code resulted in an update from 2014 that fixed a similar bug: https://blogs.technet.microsoft.com/teamdhcp/2014/...
These DHCP servers are installed from a WS 2012 R2 with Update image ( MSDN image with integrated 2015 updates) that already has these updates installed.
UPD: The gateway for this entire network is the Cisco SG300. Both DHCPs are on a separate network. The relay settings are as follows:
ip dhcp relay address %dhcp1_ip%
ip dhcp relay address %dhcp2_ip%
ip dhcp relay enable
and in each vlan once again using ip dhcp relay enable
What should I do?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

Evgeny Ferapontov, 2016-07-18
@e1ferapontov

In short, the problem was resolved in an extremely obvious and non-obvious way at the same time.
Mirrored traffic from two DHCP servers. I noticed that one of them does not give out the DNS settings in the response. I checked the "problem clients" - they get the address just from it. He noted that he always stopped the DHCP service on it. I checked the server options - it's empty.
It turns out that when configuring a failover relationship, the server options are not replicated.
It turns out that if I had not been an idiot and immediately checked the correctness of the second DHCP settings, all this saga would not have happened. Another thing is that I still cannot understand the meaning of this behavior: why have two active-active DHCP servers with different settings?