How to pass DHCP / PXE through to a virtual machine

Hi everybody,

that’s a post I try to write since a few month. It’s related to an issue or misunderstanding which a customer of mine had.

He wanted to try to get a PXE Boot triggered by DHCP throw a virtual Machine Hosted on Hyper-V. For those of us who are familiar with vitualization, that sounds very simple because the solutions was, he didn’t tagged all VLANs on the Switch and virtual Machine.

For those who are not that familiar, I want to give you a short list what you need to do, to get traffic through you physical and virtual switches right to you virtual machines.

 

Physical Switch Configuration

First thing you need to do, is to tag all VLANs were your virtual Machines will have access to, to the physical ports of you Hyper-V Host and virtual Switch is connected too.

As example: You have one virtual machine in VLAN 10 and one in VLAN 233. Both need connect to your physical network. You Hyper-V virtual Switch is connected to Switch 1 on Port 12 and Switch 2 on Port 14. That means you need to tag VLAN 10 and VLAN 233 on Switch 1 Port 12 and Switch 2 Port 14.

Virtual Switch Configuration

Now you need to configure the virtual switch and that’s the point most people don’t see while working with virtualization. In nearly all Hypervisors you have an operation softwarebased layer 2 switch running. That switch needs to be configured too. That is mostly done via virtual machine settings.

In our example we need to set the VLAN Tag on the switch for a virtual machine on Hyper-V. To do so, you need to change the settings for the virtual machine network interface.

lan

 

You can also configure the switch for VLAN trunking. My Bro Charbel wrote a great blog about how to configure the virtual switch in that way. What is VLAN Trunk Mode in Hyper-V?

In our example you need to know one more thing. In Generation 1 Hyper-V VMs only the legacy network adapter is able to perform a PXE boot.

What’s new in Windows Server 2012 R2 networking?

What's new in Windows Server 2012 R2 (RTM)?
What's new in Windows Server 2012 R2 Storage?
What's new in Windows Server 2012 R2 Server Virtualization?
What's new in Windows Server 2012 R2 Networking?
What's new in Windows Server 2012 R2 Server Management and Automation?
What's new in Windows Server 2012 R2 VDI?
What's new in Windows Server 2012 R2 Access and Information Protection?
What's new in Windows Server 2012 R2 Web Application and Platform?
What's New in Windows Server 2012 R2 Essentials?
Whats new in Windows Server 2012 R2 in Web Application and Platform, Active Directory, Print Services and Clustering?

What’s New in Networking in Windows Server 2012 R2?

The following networking technologies are new or improved in Windows Server® 2012 R2 Preview.

802.1X Authenticated Wired Access in Windows 8.1 Preview and Windows Server 2012 R2 Preview provides new features and capabilities over previous versions.

For more information, see What’s New in 802.1X Authenticated Wired Access for Windows Server 2012 R2.

802.1X Authenticated Wireless Access in Windows 8.1 Preview and Windows Server 2012 R2 Preview provides new features and capabilities over previous versions.

For more information, see What’s New in 802.1X Authenticated Wireless Access in Windows Server 2012 R2.

Domain Name System (DNS) in Windows Server 2012 R2 Preview provides new features and capabilities over previous versions.

For more information, see What’s New in DNS Server in Windows Server 2012 R2.

Dynamic Host Configuration Protocol (DHCP) in Windows Server 2012 R2 Preview provides new features and capabilities over previous versions.

For more information, see What’s New in DHCP in Windows Server 2012 R2.

Hyper-V Network Virtualization (HNV) has many important updates that enable hybrid cloud and private cloud solutions.

For more information, see What’s New in Hyper-V Network Virtualization in Windows Server 2012 R2.

Hyper-V Virtual Switch provides new features and capabilities over previous versions.

For more information, see What’s New in Hyper-V Virtual Switch in Windows Server 2012 R2.

IP Address Management (IPAM) is a feature that was first introduced in Windows Server 2012 that provides highly customizable administrative and monitoring capabilities for the IP address infrastructure on a corporate network. IPAM in Windows Server 2012 R2 Preview includes many enhancements.

For more information, see What’s New in IPAM in Windows Server 2012 R2.

Remote Access provides new features and capabilities over previous versions.

For more information, see What’s New in Remote Access in Windows Server 2012 R2.

New in Windows Server 2012 R2 Preview, virtual Receive-side Scaling (vRSS) enables network adapters to distribute network processing load across multiple virtual processors in multi-core virtual machines (VMs).

For more information, see Virtual Receive-side Scaling in Windows Server 2012 R2.

New in Windows Server 2012 R2 Preview, Windows Server Gateway is a virtual machine (VM)-based software router that allows Cloud Service Providers (CSPs) and Enterprises to enable datacenter and cloud network traffic routing between virtual and physical networks, including the Internet.

Windows Server Gateway routes network traffic between the physical network and VM network resources, regardless of where the resources are located. You can use Windows Server Gateway to route network traffic between physical and virtual networks at the same physical location or at many different physical locations, providing network traffic flow in private and hybrid cloud scenarios.

For more information, see Windows Server Gateway.

 

What’s New in IPAM in Windows Server 2012 R2?

Feature/functionality New or improved Description
Role based access control New Role based access control enables you to customize the types of operations and access permissions for users and groups of users on specific objects.
Virtual address space management New IPAM streamlines management of physical and virtual IP address space in System Center Virtual Machine Manager.
Enhanced DHCP server management Improved Several new operations are available in IPAM to enhanced the monitoring and management of the DHCP Server service on the network.
External database support New In addition to Windows Internal Database (WID), IPAM also optionally supports the use of a Microsoft SQL database.
Upgrade and migration support New If you installed IPAM on Windows Server 2012, your data is maintained and migrated when you upgrade to Windows Server 2012 R2 Preview.
Enhanced Windows PowerShell support Improved Windows PowerShell support for IPAM is greatly enhanced to provide extensibility, integration, and automation support.

What’s New in DHCP in Windows Server 2012 R2?

Feature/functionality New or improved Description
DNS registration enhancements New You can use DHCP policies to configure conditions based on the fully qualified domain name (FQDN) of DHCP clients, and to register workgroup computers using a guest DNS suffix.
DNS PTR registration options New You can enable DNS registration of address (A) and pointer (PTR) records, or just enable registration of A records.
Windows PowerShell for DHCP server Improved New Windows PowerShell cmdlets are available.

What’s New in DNS Server in Windows Server 2012 R2

Feature/functionality New or improved Description
Enhanced zone level statistics Improved Zone level statistics are available for different resource record types, zone transfers, and dynamic updates.
Enhanced DNSSEC support Improved DNSSSEC key management and support for signed file-backed zones is improved.
Enhanced Windows PowerShell support Improved New Windows PowerShell parameters are available for DNS Server.

How to Configure DHCP Faileover Cluster on Windows Server 2012

All of you know that we didn’t have any Failover option for DHCP in the past. So must of us created different DHCP scopes for one IP range on different servers. This was needed to get a partly redundant DHCP option. This was working but any changes for reservations, scope changes or configuration changes must be done manually or with scripts. This took time or wasn’t really successful.

Now with Windows Server 2012, we get a real Failovercluster including configuration replication. Please notice, the only available options are load balanced and hot standby. I will explain you later when you should use which option.

So let us start to configure our cluster.

 

1. You need to install the first DHCP Server and configure the DHCP Scope. This DHCP Server has to be Windows Server 2012 Standard or Datacenter.

http://datacenter-flo.azurewebsites.net/?p=350

In this scenario I configured the first DHCP Server on Flo-SVR-DC01.

 

2. Next install a new server with Windows Server 2012 or take one other free server from your existing Windows Server 2012 Systems as Windows Server 2012 DHCP Failover Clusterpartner.

How to install a Windows Server 2012 http://datacenter-flo.azurewebsites.net/?p=203

First Configuration of a Windows Server 2012 http://datacenter-flo.azurewebsites.net/?p=222

In my case I installed a fresh Windows Server 2012 VM as Failover Partner.

 

3.  Now your could add the new node to your Server Manager, if you want to manage the Server remote. You can also configure the Failover Setup without this, but it helps to manage both Servers later.

http://datacenter-flo.azurewebsites.net/?p=496

 

4. When the DHCP role was installed correct on the second host and you added the server for management to your management host, than you should see both systems under DHCP.

5. In the next step open the DHCP MMC.

6. In the DHCP MMC please add the second DHCP Server first. You can do this via right click on “DHCP” and than “Add Server”.

http://datacenter-flo.azurewebsites.net/?p=689

7. Now you should see both DHCP Servers in the list.

12. In the next step we authorize the DHCP server to our Domain.

http://datacenter-flo.azurewebsites.net/?p=688

13.  Now click right on the scope that you want to cluster and select “Configure Failover”.

14. When the Wizzard starts, you see the Scope that can be clustered.

If you see no available Scope, you have to check if DHCP Service is up, DHCP Server is complet configured and there are no issues with DNS and ADDS.

 

15. Next step is to selecte the failover partner.

16. When you authorized the second DHCP server before, you see it in the second list. Otherwise you have to select “This Server:” and “Browse”.

17.  Now you type in the name of the server.

18. When you entered the name click “Check Names”. When the wizzard found the server, click “ok”.

19. Click “ok” and the server will attached to DHCP MMC.

20. Now you see the selected Server with complet FQDN in the Patern Server field.

Click “Next” to go on.

 

21. Now you have to set the clusterconfiguration.

Load Blanced:

Relationship Name: Name of your Failover Cluster

Maximum Client Lead Time: Defines the amount of time the surviving server will wait before assuming control of the entire scope.

Mode: Load Balanced – When the cluster is configured in Load Balance mode, this results in an active-active setup of the two DHCP Servers.

You should use when you have big networks with many clients or you want to deploy the cluster in different branch offices.

Load Balance Percentage: Means how the work is splitted up between both hosts. The percentages together can only be 100%. The node with the highest percentage gets the highest workload.

State Switchover Interval: automatically change state to partner down after <time>.

Enable Message Authentification: enables authentification from clusternodes.

Shared Secret:Validation Passwort that identifies the node as partners against each other.

 

Standby:

Relationship Name: Name of your Failover Cluster

Maximum Client Lead Time: Defines the amount of time the surviving server will wait before assuming control of the entire scope.

Mode: Hot Standvy – When the cluster is configured in Hot Standby mode, one node is active and the second is standby and will only take over when the primary DHCP Server failes.

You should use when you need the partner as fault tolerance.

Adresses reserved for standby server: Means how many adresse the standby can lease before he takes over the entire scope and becomes active.

State Switchover Interval: automatically change state to partner down after <time>.

Enable Message Authentification: enables authentification from clusternodes.

Shared Secret: Validation Passwort that identifies the node as partners against each other.

 

22. After klicking “Next” you see a short summary of your configuration.

23.  Klick “Finish” and the cluster configuration starts.

24. In the DHCP MMC click right on the Scope and force a replication by clicking on “Replicate Failover Scope” and than on the refresh  button or press F5.

25. On the failover node check the config. If the config is right your finished.

 

 

 

 

How to authorize a Windows DHCP Server to Active Directory (AD, ADDS)

If you want to authorize please perform following steps.

1. In the DHCP Server MMC, click right on the Server Scope (IPv4 or IPv6) that you want to Authorize and click “Authorize”.

2. Now you should see a green hook on the Scope Symbol and that’s all. You authorized the DHCP Server Scope to your Domain.

 

 

 

How to add second Server to MMC (example DHCP Server)

1. Right click on “DHCP” and than “Add Server”.

2. Now you can add the server. You will not see the new DHCP Server in the list of authorized DHCP server because we didn’t authorize the server yet.

Mark “This server:” and click “Browse”.

 

3.  Now you type in the name of the server.

4. When you entered the name click “Check Names”. When the wizzard found the server, click “ok”.

5. Click “ok” and the server will attached to DHCP MMC.

6. Now you should see both DHCP Servers in the list.