Troubleshoot problems on the DHCP server5/26/20202 minutes to read
This article discusses how to troubleshoot problems that occur on theDHCP server.
Check the following settings:
The DHCP server service is started and running. To check this setting, run the net start command, and look for DHCP Server.
The DHCP server is authorized. See Windows DHCP Server Authorization in Domain Joined Scenario.
Verify that IP address leases are available in the DHCP server scope for the subnet the DHCP client is on. To do this, see the statistic for the appropriate scope in the DHCP server management console.
Check whether any BAD_ADDRESS listings can be found in Address Leases.
Check whether any devices on the network have static IP addresses that have not been excluded from the DHCP scope.
Verify that the IP address to which DHCP server is bound is within the subnet of the scopes from which IP addresses must be leased out. This is in case no relay agent is available. To do this, run the Get-DhcpServerv4Binding or Get-DhcpServerv6Binding cmdlet.
Verify that only the DHCP server is listening on UDP port 67 and 68. No other process or other services (such as WDS or PXE) should occupy these ports. To do this, run the netstat -anb command.
Verify that the DHCP server IPsec exemption is added if you are dealing with an IPsec-deployed environment.
Verify that the relay agent IP address can be pinged from the DHCP server.
Enumerate and check configured DHCP policies and filters.
Check the System and DHCP Server service event logs (Applications and Services Logs > Microsoft > Windows > DHCP-Server) for reported issues that are related to the observed problem.Depending on the kind of issue, an event is logged to one of the following event channels:DHCP Server Operational EventsDHCP Server Administrative EventsDHCP Server System EventsDHCP Server Filter Notification EventsDHCP Server Audit Events
The DHCP Server service debug logs provide more information about the IP address lease assignment and the DNS dynamic updates that are done by the DHCP server. These logs by default are located in %windir%\System32\Dhcp.For more information, see Analyze DHCP Server Log Files.
A correlating network trace may indicate what the DHCP server was doing at the time that the event was logged. To create such a trace, follow these steps:
Go to GitHub, and download the tss_tools.zip file.
Copy the Tss_tools.zip file, and expand it to a location on the local disk, such as to the C:\tools folder.
Run the following command from C:\tools in an elevated Command Prompt window:TSS Ron Trace 20321:DhcpAdminEvents NoSDP NoPSR NoProcmon NoGPresult
In this command, replace <Stop:Evt:> and <Other:> with the event ID and the event channel that you are going to focus on in your tracing session.The Tss.cmd_ReadMe_Help.docx files that are contained in the Tss_tools.zip file provide more information about all available settings.
After the event is triggered, the tool creates a folder that is named C:\MS_DATA. This folder will contain some useful output files that provide general information about the network and domain configuration of the computer.The most interesting file in this folder is %Computername%_date_time_packetcapture_InternetClient_dbg.etl.By using the Network Monitor application, you can load the file, and set the display filter on the “DHCP orDNS” protocol to examine what is going on behind the scenes.