The Windows DHCP Server management pack is available as a single download that contains different libraries to monitor Windows DHCP on Windows Server 2000, 2003 and 2008 operating systems.
How to Install the DHCP MP
- Download the Windows DHCP Server management pack from the Management Pack Catalog (http://technet.microsoft.com/en-us/opsmgr/cc539535.aspx). The Windows DHCP Server Management Pack Guide is included in the download and labeled “OM2007_MP_DHCP_2003_2008 QFE110408.doc.” Read the Management Pack guide, as this covers items to be aware of with the DHCP such as how DHCP Clustering and multicast scopes are not supported.
- Import the Windows DHCP Server Management Pack (using either the Operations console or PowerShell).
- Create a WindowsDHCP_Overrides management pack to contain any overrides required for the MP.
DHCP MP Tuning / Alerts to look for
The following alerts were encountered and resolved while tuning the various DHCP management packs (these are listed in alphabetical order by Alert name):
Alert: DHCP IPv4 Runtime Authorization Needed Alert
Issue: DHCP scopes (both IPv4 and IPv6) were showing up as turned off offline/not authorized. This server had been authorized and then the IP address of the server was changed. The authorization was listing the previous IP address.
Resolution: Unauthorized the current server name/wrong IP address and re-authorized it with the correct IP address. This was occurring on a domain controller in a child domain. To do this change, logged into the root domain and authorized/re-authorized the server, and then restarted services on the domain controller after a short period of time.
Alert: DHCP Scope Addresses Available Monitor
Issue: Alert description is that the available scope addresses have fallen below the specified threshold. This is raised by the DHCP Scope Addresses Available Monitor. This monitor goes to warning level when there are less than 10 available IP addresses in the pool, and to critical when there are no remaining IP addresses in the pool. This environment originally had one DHCP server that contained the entire scope of available addresses. To provide redundancy, the scope was split between two different DHCP servers. This unfortunately leads to a tendency for the original DHCP server scope to fill while the other scope remains with a large number of available addresses in the range.
Resolution: For this environment, it was necessary to match up the two different scopes to determine if the lack of addresses was really a lack of addresses or just half of the scope filled while the half remained open. Performed the following actions to make this more readily apparent:
- Configured the warning states on this monitor to go to yellow when there are less than 2 available IP addresses in the scope.
- Monitored within the Microsoft Windows DHCP Server -> Scope Health view and ordered by display name to validate that the address range was not critical on both halves of the scope.
- Used the Microsoft Windows DHCP Server -> DHCP Performance Views -> Scopes & Superscopes -> Scope Free Addresses view sorted by Instance and color coded to match the colors for each half of the scope (so that as an example both halves of the Data Network on floor three show up as blue). Added this to the My Workspace view with the Y access limited to a maximum of 10 (to more easily identify scopes with less than 10 available addresses). This is useable but pretty unwieldy with a large number of DHCP scopes.
Alert: DHCP Service Bound to Static IP Address
Issue: The alert description on the Alert Context tab shows that “The DHCP service is not servicing any clients because none of the active network interfaces have statically configured IP addresses, or there are no active interfaces.”
Resolution: The product knowledge provided an effective resolution for this issue. The DHCP service was not bound to any IP addresses on the system. In this case this DHCP scope was not required and as it was the only DHCP scope on the system, removing the DHCP service from the system was an acceptable solution after deactivating the DHCP scope for a period of time.
Alert: Performance Threshold: Process\Working Set threshold exceeded.
Issue: DHCP management pack error. Occurring sporadically on the DHCP server in the environment, but not seeing any errors or issues as a result of the condition. The rule (Performance Threshold: Process\Working Set threshold exceeded.) is configured to work over a 5 minute interval, and to measure over three samples by default (per the overrides). The management pack says that the utilization is measured over 5 samples. In a 24-hour period, there were approximately 22 of these alerts occurring and self-closing. Increased the number of samples to measure over from 3 to 5 and tracking the result (as these were usually closing with 5-10 minutes automatically). This did not help the issue.
Resolution: In this environment, this is NOT affecting the ability of the DHCP server to function, but could affect it at higher-level values. This value is in place because exceeding this threshold can be an issue, so do not disable or override this rule unless you are sure that it is NOT impacting your environment.
Determined the trend of this value based upon the alerts in the environment (tried tracking it monitoring the performance counter for this variable with no luck as there does not appear to be one). For each alert, went to the alert context tab and tracked the values which appeared (17806131, 17780028, 17809408, 17823061, 17793024, 17788928, 17791658, 17800330, 17786197, 17787562, 17828522, 17772544, 17783466, 17824426, 17829888, 17821696, 17788928, 17870028). Determined the average, maximum (17870028) and minimum (17772544) values to determine where this threshold should be for the environment/found that closed alerts were not relevant as they showed values less than the threshold.
Created an override to change this value for this server (on the monitor) from the default of 17830000 to 18070000.
Alert: Script or Executable Failed to run
Issue: Script failure for Nslookuptest.js. Reporting for tests to Microsoft.com, localhost ip address, and the fully qualified name of the server all three failed at the same date and time.
Resolution: Noted the alert and the date/time to see if a root cause could be tracked back. Reviewed the event logs on the system to track back potential issues/none found. Reviewed the performance counters gathered by OpsMgr, but no bottlenecks identified during that timeframe. Closed the alerts.
Alert: The DHCP service has determined that it is not authorized on this domain.
Issue: Description says the DHCP/Binl service on the local machine belonging to the windows administrative domain (domain name) has determined that it is authorized to start. It is servicing clients now. This appears as a critical alert, but is actually stating that the DHCP server is working.
Resolution: The only option for the override on this is to disable it so the criticality of the alert cannot be changed. This should actually be an informational level alert. The only option currently is either to close the alerts or to disable the alert.
Alert: The DHCP Service is not servicing any clients because none of the active network interfaces have statically configured IP addresses, or there are no active interfaces
Issue: DHCP server cannot be a DHCP client.
Resolution: Hard-coded an IP address for the DHCP server.
DHCP Management Pack Evolution
It would be extremely useful if in future revisions of this management pack it could effectively match scopes (based upon name, or matching subnet potentially) and gather the information to provide a critical alert when the each of the different scopes was nearing empty.
Another useful enhancement would be to provide the number of available addresses in the range within the alert description text.