Wednesday, May 28, 2008

Netlogon and DHCP Client service



I remember asking many times in the interviews, about the DHCP client service. Here is the question, if exchange server has, or should configured with static IP address, why do we need to keep DHCP client service to be running? On it. Wouldn't ,it be better to disable it, and make exchange a little bit stronger, considering the best practice, is to disable services you don't need?

Active Directory is Multi-mater replication model with DNS integration. Many times, I refer the DNS as dynamic repository, where Servers, Workstation and other network applications publishes their own records (name and IP addresses and services, they provide) for client to locate them and offer these services to be used. Domain controllers will publish records in DNS claiming, they are domain controllers and they provide domain controller services to the clients, such as authentication service at the very basic and other similar services, such as DHCP, DNS, Remote access, Web services, Print Services, Multimedia, FTP, file service etc.

The servers are responsible for registering dynamic records into the DNS database. They also, refresh and update their own records. The servers refresh these records every 24 hours, by the help of NetLogon Service. (Domain controllers), the refresh process can be forced by restarting NetLogon service on the domain controllers if it is necessary for troubleshooting purpose.

When workstation starts, it will register host record (A records) into the DNS, and claim to be a workstation, along with the computer name and the IP address. Sometimes network administrators are adding these records into the DNS manually for various reasons as well.

The dynamically added records also will be refreshed, automatically every 24 hours. The way to force these records is to issue simple Ipconfig /RegisterDNS command or restarting the DHCP Client service. From Command line issuing below command simply will do the work, or if you prefer GUI, you need to go to services.msc snap in and locate the DHCP service and manually do the same steps.

  • net stop DHCP
  • net start DHCP

You will remember one of my previous posts telling a little story about DHCP client service. An Exchange administrator for an X company one day gets bored and he decides to make some improvements on production Exchange systems. He realize the exchange servers have static IP addresses , and he tells himself, why do I need DHCP client service running, let me disable them, and give more power to the Exchange boxes, and we disables the "DHCP client service" and leaves work early the same day without letting anyone the new improvements he has introduced.

Later on 12 exchange servers for X company gone crazy, and mail outage starts. Company spend quite a bit of time to figured of what was going wrong, they try to call the exchange admin and cannot reach him and try the most famous way to fix the problems, reboot the mail servers one by one. However, this even wont not do any good since the exchange admin not only stop the "DHCP client service" but also he sets them to disable permanently. Anyway the short story after reboot they end up calling Microsoft PS exchange support and Microsoft figures out in less than one minute the DHCP Client service was set to disable, they turn the service on ( restart) and set it to start automatic, and problem goes away.

I do not know what happened to Exchange admin on the X Company, but I heard he was in big trouble the next day. Manually created records in DNS will not get any time stamp and therefore they cannot become stale.

Make sure your DHCP client service is not set to disable on your exchange server (-: and do understand what it does

Oz Ozugurlu,

Systems Engineer

MCITP (EMA), MCITP (SA)

MCSE 2003, M+, S+, MCDST

Security+, Project +, Server +

2 comments:

Anonymous said...

Question if a computer has an public IP can it still go to the internet.

Oz Ozugurlu said...

I am not certain what you really wanted to ask, but the answer to your question will be yes or no, it really depends.
If The Subnet mask, default gateway and DNS IP addresses are set correctly, and your router is allowing outbound internet traffic on Port 80, you should be able to open your browser and access any URL you wish ( assuming it is not being blocked)
The Public IP address range is routable meaning, a Router will let the TCP/IP packets to pass trough in and out to premier network.
The Private IP address range is none routable meaning a Router will drop the TCP/IP packets if the router sees the TCP/IP traffic is coming from this IP address range.
What is your problem; if you can tell me the problem you are having, I might be able to assist better
Thanks for reading my blog
Regards
Oz