A.J.Anto's WebLog

All about DHCP Auditing

In this post, I would be discussing about DHCP Audit logging and how to tweak it to your specific situation. DHCP Audit logging can be customized using the following parameters:

1)      The directory path in which the DHCP service stores audit log files:

2)      A maximum size restriction (in MB) for the total amount of disk space available for all the audit log files created and stored by the DHCP service.

3)      An interval for disk checking that is used to determine how many times the DHCP server writes audit log events to the log file before checking for available disk space on the server.

4)      A minimum size requirement (in MB) for server disk space that is used during disk checking to determine if sufficient space exists for the server to continue audit logging.

 In Win2K3, only parameter 1 (i.e. DHCP Audit file path) can be configured through netsh and mmc (Using the command netsh dhcp server set auditlog). The other parameters cannot be configured neither through MMC nor netsh. To set them, we need to set some registry keys:

1)      To set the Maximum file size: You need to set the following key.

Key Name: HKLM\SYSTEM\CurrentControlSet\Services\DhcpServer\Parameters\

DhcpLogFilesMaxSize

Key Type: REG_DWORD

Value range: 0x0–0xFFFFFFFF MB

Description:

Specifies the maximum combined size of one week's worth of Dynamic Host Configuration Protocol (DHCP) audit logs. If the audit logs exceed the size specified by this value, DHCP stops writing to the audit log until sufficient space becomes available.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/46691.mspx?mfr=true

2)      To set the Disk Check interval: You need to set the following key.

Key Name: HKLM\SYSTEM\CurrentControlSet\Services\DhcpServer\Parameters\DhcpLogDiskSpaceCheckInterval

Key Type: REG_DWORD

Value range: 0x0–0xFFFFFFFF number of audit log entries

Description:

Determines how often Dynamic Host Configuration Protocol (DHCP) verifies that disk space and file size are adequate for its audit log. The value of this entry represents the number of audit log records entered between each verification check.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/46691.mspx?mfr=true

3)      To set the minimum disk space: You need to set the following key.

Key Name: HKLM\SYSTEM\CurrentControlSet\Services\DhcpServer\Parameters\DhcpLogMinSpaceOnDisk

Key Type: REG_DWORD

Key Value: 0x0–0xFFFFFFFF MB

Description:

Specifies the minimum amount of free disk space required for audit logging.The Dynamic Host Configuration Protocol (DHCP) periodically verifies that it has sufficient disk space to proceed with audit logging (the interval is specified in the value of the DhcpLogDiskSpaceCheckInterval entry). This entry specifies the minimum value that DHCP requires. If the amount of free disk space is less than the value of this entry, then the DHCP service does not write to the audit log. Logging is suspended until sufficient disk space is available.

http://technet2.microsoft.com/WindowsServer/en/library/f7802dce-3ff9-406a-b3e6-c0c6b3ed49411033.mspx?mfr=true

 In Longhorn Server, all the above functionality is exposed in the command netsh dhcp server set auditlog.

One more specific information I want to include in this post is about the delete policy of the DHCP Server with respect to old audit log files. The DHCP server does its auditing for a given day in a file corresponding to the day. For example, if the current day is wednesday, then it audit logs that day's events into the wednesday file. Like this for every day in the week, there is a audit log file. At 12:00 A.M. local time on the server computer, the DHCP server closes the existing log and moves to the log file for the next day of the week. For example, if the day of the week changes at 12:00 A.M. from Wednesday to Thursday, the log file named DhcpSrvLog-Wed.log is closed and the file named DhcpSrvLog-Thu.log is opened and used for logging events. When the DHCP server starts or whenever a new day of the week occurs (when local time on the computer is 12:00 A.M.), the server writes a header message in the audit log file, indicating that logging started. Depending on whether the audit log file is a new or existing file, the following actions occur next:
• If the audit log file has existed without modification for more than 24 hours, it is overwritten.
• If the file has existed but was modified within the previous 24 hours, the file is not overwritten. New logging activity is appended to the existing file.

So if you want to make sure that your audit log files are appended and not overwritten, they must be changed in the last 24 hours. Let's say today is tuesday, and you want that auditing for tomorrow needs to be appended to last week's activity(and not overwritten), then you must edit the file DhcpLog-Wed.log.

For further information on DHCP Auditing, please refer: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncb_dhc_tmvc.mspx?mfr=true

RManager - A tool to manage reservations

Reservation Manager:
Reservations are a critical feature in the DHCP server. Reservations’ are generally used for centralized static IP address assignment for critical machines. This way the IP address of the critical machines which serves critical functions in the network will not have dynamically assigned IP address which can change over time. The reservation manager is a tool which will help solve typical reservation-related problems which the network admins might face. More often than not this tool tries to automate problems to recurring customer problems. It tries to solve the following reservation-related problems:
1) Migrating reservations from one DHCP Server to another on specific subnets.
As a general best-practice, reservations must be duplicated across all DHCP servers serving the same subnet. This particular functionality addresses this best-practice. Without this the admin has to manually dump reservations from one server to another. This command takes 3+ arguments. The first argument tells the destination DHCP server IP address to which the reservations must be copied to. The second argument identifies the IP Address of the source DHCP server. The last argument is either ‘all’ or identifies the first scope address on which this operation has to be performed. The third argument can be followed by n number of arguments which identify the different subnet’s to which this operation has to be performed.
Example:
cscript rmanager.vbs Rmanager –migrate 10.0.0.1 11.0.0.1 all
This command will copy all reservations in all scopes from the server 10.0.0.1 to the server 11.0.0.1.
cscript rmanager.vbs Rmanager –migrate 10.0.0.1 11.0.0.1 12.0.0.0 10.0.0.0 11.0.0.0
This command will copy reservations from the scopes 12.0.0.0 10.0.0.0 and 11.0.0.0 from the server 10.0.0.1 to 11.0.0.1.
For this command to work properly the specified scope/scopes should be present in both the servers. An error message will be printed for those scopes for which this condition is not met. Also for those reservations which cannot be added successfully for whatever reason, an error is printed. Also for every successfully migrated reservation, it can be printed.
In addition to this, this command can also take an additional preview switch which will just print the action which will be taken and not actually take the action. This is especially useful when the admin wants to review the action before doing it.
Example:
cscript rmanager.vbs Rmanager –migrate 10.0.0.1 11.0.0.1 all –preview out.txt
cscript rmanager.vbs Rmanager –migrate 10.0.0.1 11.0.0.1 12.0.0.0 10.0.0.0 11.0.0.0 –preview out.txt

2) Synchronizing reservations on 2 DHCP servers on specific subnets.
As already mentioned, it is a general best-practice for reservations must be duplicated across all DHCP servers serving the same subnet. This particular functionality addresses this best-practice in a more subter way. Instead of copying reservations from one server to another, this option lets the admin to synchronize the reservation lists between two servers. The arguments for this switch is exactly similar to that of the migrate switch. This command also has an optional preview switch.
Example:
cscript rmanager.vbs Rmanager –sync 10.0.0.1 11.0.0.1 all
This command will sync all reservations in all scopes from the server 11.0.0.1 to the server 10.0.0.1.
cscript rmanager.vbs Rmanager –sync 10.0.0.1 11.0.0.1 12.0.0.0 10.0.0.0 11.0.0.0
For this command to work properly the specified scope/scopes should be present in both the servers. An error message will be printed for those scopes for which this condition is not met. Also for those reservations which cannot be added successfully for whatever reason, an error is printed. Also for every successfully migrated reservation, it can be printed.
In addition to this, this command can also take an additional preview switch which will just print the action which will be taken and not actually take the action. This is especially useful when the admin wants to review the action before doing it.
Example:
cscript rmanager.vbs Rmanager –sync 10.0.0.1 11.0.0.1 all –preview out.txt
cscript rmanager.vbs Rmanager –sync 10.0.0.1 11.0.0.1 12.0.0.0 10.0.0.0 11.0.0.0 –preview out.txt

3) Dumping leases on specific subnets.
This command dumps the leases for a specific scope and server into a human-editable text file. The file will contains several lines each of which corresponds to a single lease. A lease is represented by IP address and MAC address. The exact utility of this command will be exposed once you see the next section.
Example:
cscript rmanager.vbs Rmanager -dumplease out.txt 120.0.0.1 all
The above command dumps all leases in all scopes in the server 120.0.0.1 to a text file called "out.txt"
cscript rmanager.vbs Rmanager -dumplease out.txt 120.0.0.1 10.0.0.0 11.0.0.0
The above command dumps all leases in scopes 10.0.0.0 and 11.0.0.0 in the server 120.0.0.1 to a text file called "out.txt"

4) MakeReservation switch.
This switch tries to create reservations on a given DHCP server from the information present in a given input file. The input file contains several lines of info. Each line corresponds to a single reservation. Each reservation is represented by IP address and MAC address pair. The format of this input file is exactly the same as the output file of the -dumplease switch.
Example:
cscript rmanager.vbs Rmanager -makereservation 120.0.0.1 out.txt
This command will create reservations out of information present in the file out.txt in the server 120.0.0.1.

Based on the -dumplease and -makereservation switch, some interesting possibilities arise. What is possible is the following scenario: An admin has an active DHCP server which has a couple of scopes. Initially there are no reservations in any of these scopes. Thus all the subnets corresponding to these scopes have dynamic addresses. In the environment any machine which is plugged into the these subnets will get a dynamic IP address from the DHCP server. Now to restrict the access of the network to those machines that are already connected to the network, the admin can do the following.
cscript rmanager.vbs Rmanager -dumplease out.txt 120.0.0.1 all
cscript rmanager.vbs Rmanager -makereservation 120.0.0.1 out.txt
These two commands intends to convert every active lease in a given DHCP server identified by an IP address in a given set of scopes identified by a list of scope addresses into reservations. Once this is done, the admin also has to make sure that the whole address space in the given scope in the DHCP server are excluded. This operation is thus particularly relevant to those admins who might want to move from a pure Dynamic IP address assignment to a more controlled purely reservation oriented address assignment. This way the admin can keep track of who is getting IP addresses and can limit the network access to those clients who already have an IP address.
The first command Rmanager -dumplease <filename> <Scope Identifiers> will dump all the active leases in the specified server and scope to a text file. This text file will have pair of IP address and MAC addresses. The second command Rmanager –makereservation <ServerIdentifier> <filename> will take the file which is generated by the first command and create reservations corresponding to them. The idea behind separating these two actions is to make sure that the admin gets a chance to edit the file generated by the first command before proceeding to the second. Also we want to support scenarios where the admin can just create the file and use it to run the second command directly.

In the attachment (See the link at the end of this post), Find the RManager.vbs .You need to extract the contents of the zip file into a separate folder and run it from there. The zip file should contain two files: rmanager.vbs and help.txt.

 If you are not able to get it, Cut-copy-paste the following into a file named rmanager.vbs. Also copy the contents of the documentation help.txt

Run it by typing "cscript rmanager.vbs"

X-----------------------Begin Paste---------------------X

call start()
dim scopes
dim synccount
dim argerror
dim iparray
dim macarray
dim finaliparray
dim finalmacarray
dim m
dim args

sub start()
 
 args=0 
 synccount=0
 argerror=0
 if(wscript.arguments.count=0) then
 wscript.echo "enter the command"
 exit sub
 end if

 for i=0 to wscript.arguments.count-1
 if(i=0) then
 str=wscript.arguments.item(i)
 else
 str=str&" "&wscript.arguments.item(i)
 end if 
 next
 
 str1=split(str)

 'show error if nothing is entered------------

 if (not isarray(str1)) then
 wscript.echo "Error: unrecongnized or incomplete command line."
 call helpfile()
 exit sub
 end if

 'checking if the command is Rmanager or not

 if(strcomp("Rmanager",str1(0))<>0) then
 wscript.echo "Error: unrecongnized or incomplete command line."
 call helpfile()
 exit sub
 end if
  
 'checking for different cases after Rmanager
 if(ubound(str1)=0) then
 wscript.echo "Error: unrecongnized or incomplete command line."
 call helpfile()
 exit sub
 end if
 select case str1(1)

 case "-migrate"

  call migrate(str1)
  
 case "-sync"
  
  call migrate(str1)
  if(argerror=1) then
  exit sub
  end if
  synccount=1
  a=str1(2)
  str1(2)=str1(3)
  str1(3)=a
  call migrate(str1) 

 case "-dumplease"
  
  call dump(str1)
  
 case "-makereservation"

  call makereservation(str1)
 
 case "/?"
 
  call helpfile()
  
 case else
  wscript.echo "Error: unrecongnized or incomplete command line."
  call helpfile()
 
  end select
 
'delete the scopefile that is created during the program 

set fso = createobject("Scripting.FileSystemObject")
if(fso.fileexists("scopefile.txt"))then
fso.deletefile("scopefile.txt"),true
end if

end sub

' function for dumplease

sub dump(str1)

'if improper arguments are entered show error

if ubound(str1)<4 then       
wscript.echo "Error: unrecongnized or incomplete command line."
call helpfile()
exit sub
end if

filename = str1(2)
set fso = createobject("Scripting.FileSystemObject")
 Set outfile = fso.CreateTextFile(filename)
 outfile.close

p=checkserver(str1(3))

if p=0 then
wscript.echo "server "&str1(3)&" not present or is entered wrongly"
exit sub
end if

serverarray = makescopearray(scopes)

if not isarray(serverarray) then
wscript.echo "no scopes in server "&str1(3)
exit sub
end if

if (strcomp(str1(4),"all")=0) then

 if(ubound(str1)=4) then
 scope = serverarray
 else
 wscript.echo "improper arguments"
 end if

else

for i = 4 to ubound(str1)
if(isscope(str1(i),serverarray)) then
redim preserve scope(i-4)
scope(i-4)=str1(i)
else
wscript.echo "scope "& str1(i) &" is not present in server "&str1(3)
exit sub
end if
next
end if
'scope contains all the scopes entered
if not isarray(scope) then
wscript.echo "no scopes in the server "&str1(3)
else
if scope(0)="" then
wscript.echo "no scopes in the server "&str1(3)
else
 set wshell = CreateObject("WScript.Shell")
 
 for i = 0 to ubound(scope)
 set obj = wshell.exec("netsh dhcp server "&str1(3)&" scope "&scope(i)&" show clients")
 clients = obj.stdout.readall()
 if(instrrev(clients,"Command completed successfully.")=0) then
 exit sub
 end if 
 call makeclients(clients,str1(2)) 
 next
end if
end if
if args = 0 then
else
wscript.echo "the ipaddress and macaddress pair are in file "&filename
end if
end sub

'the following procedure outputs the ip and corresponding mac addresses(active leases) into the file - 'filename'...it takes the output string clients that we get after executing the command shoe clients

sub makeclients(clients,filename)

 set fso = createobject("Scripting.FileSystemObject")
 Set scopefile = fso.CreateTextFile("scopefile.txt")
 scopefile.writeline(clients)
 scopefile.close
 
 
 Set scopefile = fso.OpenTextFile("scopefile.txt")
   do While not scopefile.AtEndOfStream   'reading line by line and checking for the string "Total No. of Scopes"
    
    line = scopefile.ReadLine
   
   if(instr(line,"No of Clients")=1) then  
   str = split(line)
   
   t=str(4)        'taking no. of clients into t
   exit do
   
   end if

   loop   

   scopefile.close
   
   t=cint(t)    

   if t=0 then
   wscript.echo "no clients in the scope "&str(ubound(str))
   
   exit sub
   end if
args=args+1
Set scopefile = fso.OpenTextFile("scopefile.txt")
for i= 1 to 8
scopefile.skipline
next     

set outfile = fso.opentextfile(filename,8)

for i=0 to t-1
line=scopefile.readline

str= split(line)

if (instr(line,"INACTIVE")<>0) then
d=0
 for l=0 to ubound(str)
 if(str(l)="") then
 else
 if d=3 then
 exit for
 else
 d=d+1 
 end if
 end if
 next
 
outfile.write(str(0))
for size = 1 to 18-(len(str(0)))
outfile.write(" ")
next

outfile.writeline(trim(replace(str(l),"-","")))

else
d=0
 for l=0 to ubound(str)
 if(str(l)="") then
 else
 if d=4 then
 exit for
 else
 d=d+1 
 end if
 end if
 next
outfile.write(str(0))
for size = 1 to 18-(len(str(0)))
outfile.write(" ")
next

outfile.writeline(trim(replace(str(l),"-","")))

end if
next
outfile.close
end sub

sub makereservation(str1)

if ubound(str1)<>3 then
wscript.echo "Error: unrecongnized or incomplete command line."
call helpfile()
exit sub
end if

server = str1(2)
filename = str1(3)

set fso = createobject("Scripting.FileSystemObject")
if(not fso.fileexists(filename))then
wscript.echo "file "&filename&" not present"
exit sub
end if

k = checkserver(server)
if k=0 then
wscript.echo "server "&server&" is not present or may have been entered wrongly"
exit sub
end if

scopearray=makescopearray(scopes)       'scopes is the output string obtained after executing show scope command for given server

set handle = fso.opentextfile(filename)

Dim ipaddress
Dim macaddress
t=0
do while not handle.atendofstream

 line=trim(handle.readline)
 line=replace(line," ","") 
 if line="" then
 
 else
  strarray=split(line)

  p=0

  for k=0 to ubound(strarray)
   if strarray(k)="" then
      
   else

    if p=0 then 
    ipaddress=trim(strarray(k))
    else if p=1 then
    macaddress = trim(strarray(k))
    end if
    end if
    p=p+1
    'wscript.echo Replace(ipaddress, " ", "")
    'wscript.echo macaddress
   end if
  next
  
  if p<>2 then
  wscript.echo "improper format of file"
  exit sub
  end if
 
 redim preserve iparray3(t)
 redim preserve macarray3(t)
 iparray3(t)=ipaddress
 macarray3(t)=macaddress
 t=t+1
 end if
 

loop
handle.close

if not isarray(iparray3) then
wscript.echo "there is nothing in the file"
exit sub
end if

dim arr
redim arr(t-1)
 
for i = 0 to ubound(scopearray)
 
set iprange = fso.createtextfile("iprangefile.txt")
iprange.close
arraysize = 0
dim iparray1
redim iparray1(0)
redim macarray1(0)

  set wshell = CreateObject("WScript.Shell")
 set obj = wshell.exec("netsh dhcp server "&server&" scope "&scopearray(i)&" show iprange")
 range = obj.stdout.readall()
 
 set iprange = fso.opentextfile("iprangefile.txt",8)
 iprange.writeline(range)
 iprange.close
 set iprange = fso.opentextfile("iprangefile.txt")
 
 for p=0 to 5
 iprange.skipline
 next
 line1=iprange.readline
 line2=split(line1)
 
 count=0
 
 for j=0 to t-1
 
 k = checkiprange(line2(3),line2(13),iparray3(j))
 
 if k = 1 then
 
 redim preserve iparray1(arraysize)
 redim preserve macarray1(arraysize)
 iparray1(arraysize) = iparray3(j)
 macarray1(arraysize) = macarray3(j) 
 arraysize = arraysize + 1
 arr(j)=1
 else if k=2 then
 wscript.echo "the ip address "&iparray3(j)&" is not valid" 
 fso.deletefile("iprangefile.txt"),true
 exit sub
 end if 
 end if
 next 

iprange.close

if isarray(iparray1) and not iparray1(0)="" then

call addreservation(server,scopearray(i),iparray1,macarray1) 

if (finaliparray(0)="") then

else
for l=0 to ubound(finaliparray)
set obj = wshell.exec("netsh dhcp server "&server&" scope " &scopearray(i)& " add reservedip "&finaliparray(l)&" "&finalmacarray(l) )
outp =  obj.stdout.readall()
  if(instr(outp,"Command completed successfully.")<>0) then
  wscript.echo "added reservation "&finaliparray(l)& " "&finalmacarray(l)&" to server "&server&" in scope "&scopearray(i)
  else
  
  wscript.echo "The specified IP address "&finaliparray(l)& " or hardware address "& finalmacarray(l)& " is either not proper or is being used by another client."
  end if
next
end if

end if
redim iparray1(0)
redim macarray1(0)

next

set handle = fso.opentextfile(filename)
for i=0 to ubound(arr)
str=trim(handle.readline)

if(arr(i)=0) then
line=split(str)

wscript.echo "The ipaddress "&iparray3(i)&" is not present in any scope"
end if
next
handle.close
fso.deletefile("iprangefile.txt"),true
end sub

sub addreservation(server,scopestr,iparraysource,macarraysource)

 redim finaliparray(0)
 redim finalmacarray(0)
 set wshell = CreateObject("WScript.Shell")
 set obj = wshell.exec("netsh dhcp server "&server&" scope " &scopestr& " show reservedip" )
 outpdest = obj.stdout.readall()

 call makeipandmacarray(outpdest)
 iparraydest = iparray
 macarraydest = macarray   
 
 ' remove common ip and mac pair between the two servers for the given scope
 
 if(not isarray(iparraydest)) then
  finaliparray=iparraysource 
  finalmacarray=macarraysource 
 
 else
  k=0
  
  for i = 0 to ubound(iparraysource)
  flag=0
   for j=0 to ubound(iparraydest)
    if(iparraysource(i)=iparraydest(j) and macarraysource(i)=macarraydest(j)) then
    flag=1
    exit for
    end if
   next
  
  if flag=1 then
  
   if synccount = 0 and m=0 then
  
  wscript.echo "reservation "&iparraysource(i)&" "&macarraysource(i)&" is already present on server "&server
   end if
  else
  
  redim preserve finaliparray(k) 
  redim preserve finalmacarray(k)
  finaliparray(k)=iparraysource(i)
  finalmacarray(k)=macarraysource(i) 
  k=k+1   
  end if
  next
 end if

end sub

function checkiprange(ip1,ip2,ip3)

str2=split(ip1,".")
str3=split(ip2,".")
str4=split(ip3,".")
if ubound(str4)<>3 then
checkiprange=2
exit function
end if

dim string

if cint(str2(0))<=cint(str4(0)) and cint(str4(0))<=cint(str3(0)) then
 if cint(str2(1))<=cint(str4(1)) and cint(str4(1))<=cint(str3(1)) then
  for i=2 to 3
if(cint(str2(i))>=0 and cint(str2(i))<10) then
string1=string1&"00"&str2(i)
else if(cint(str2(i))>=10 and cint(str2(i))<100) then
string1=string1&"0"&str2(i)
end if
end if
next
for i=2 to 3
if(cint(str3(i))>=0 and cint(str3(i))<10) then
string2=string2&"00"&str3(i)
else if(cint(str3(i))>=10 and cint(str3(i))<100) then
string2=string2&"0"&str3(i)
end if
end if
next

for i=2 to 3
if(cint(str4(i))>=0 and cint(str4(i))<10) then
string3=string3&"00"&str4(i)
else if(cint(str4(i))>=10 and cint(str4(i))<100) then
string3=string3&"0"&str4(i)
end if
end if
next

if(cint(string1)<=cint(string3) and cint(string3)<=cint(string2)) then
checkiprange=1
else
checkiprange=0
end if

 else
 checkiprange=0
 end if
else
checkiprange=0
end if
end function

sub helpfile()

set fso = createobject("Scripting.FileSystemObject")
set help = fso.OpenTextFile("help.txt")

do while not help.atendofstream

wscript.echo (help.readline)

loop

end sub

' this function will return 1 if the scope(scopestr) is present in the given server(serverarray....this is an array of server scopes)(be it source or destination)...else 0

function isscope(scopestr,serverarray)

l=0
for i=0 to ubound(serverarray)
if(strcomp(scopestr,serverarray(i))=0) then
l=1
exit for
end if
next

isscope=l

end function

'this function will check if the server entered as argument is present or not(or rather entered correctly or not)

function checkserver(str1)
dim wshell

dim pos1

 set wshell = CreateObject("WScript.Shell")
 set obj = wshell.exec("netsh dhcp server "&str1&" show scope")
    
 scopes = obj.stdout.readall()
 
 pos1=instr(scopes,"Command completed successfully.")      'if the string is present, the command has executed succesfully
 
 if(pos1<>0) then
  checkserver=1
 else
  checkserver=0
 end if
  
end function

'this function takes as argument the output string that we get after the command show scope is executed and returns
'the array of all scopes present in the server

function makescopearray(scopes)

   set fso = createobject("Scripting.FileSystemObject")
   Set scopefile = fso.CreateTextFile("scopefile.txt")
   scopefile.writeline(scopes)           'writing output string to a file
   scopefile.close
       
   Set scopefile = fso.OpenTextFile("scopefile.txt")
   do While not scopefile.AtEndOfStream   'reading line by line and checking for the string "Total No. of Scopes"
    
    line = scopefile.ReadLine
   
   if(instr(line,"Total No. of Scopes")=2) then  
   str = split(line)
   t=str(ubound(str)-1)        'taking no. of scopes into t
   exit do
   end if

   loop   

   scopefile.close
   
   t=cint(t)      'converting string to integer
    
   if t=0 then      'if no scopes are present
   
   makescopearray=""     
   else
      
   Set scopefile = fso.OpenTextFile("scopefile.txt")    
   for i=1 to 5
   scopefile.skipline     'skipping first five lines
   next    
   for i=0 to t-1
   str3=trim(scopefile.readline)
   
   str3 = split(str3," ")
       
   redim preserve serverscope(i)
   serverscope(i)=str3(0)     'adding scopes to array serverscope
   
   next
   makescopearray = serverscope    'returning the array to calling function
   scopefile.close
   end if
end function

'function to take reservations from source server and add to destination server for a given scope

sub reservedip(sourceadd,destadd,scopestr,filename,command)

 dim outp
 set wshell = CreateObject("WScript.Shell")
 set obj = wshell.exec("netsh dhcp server "&sourceadd&" scope " &scopestr& " show reservedip" )
 outpsource = obj.stdout.readall()

 call makeipandmacarray(outpsource)
 iparraysource = iparray
 macarraysource = macarray
 
 if(not isarray(iparraysource)) then
 wscript.echo "no reservations in the scope "&scopestr&" on the server "&sourceadd
  exit sub
 end if
 

 if(m=1 or m=2) then

 set fso = createobject("Scripting.FileSystemObject")
 Set outfile = fso.openTextFile(filename,8)

 for i=0 to ubound(iparraysource)  
 outfile.writeline("netsh dhcp server "&destadd& " scope " &scopestr& " add reservedip " &iparraysource(i)& " " & macarraysource(i))
 next
 outfile.close
 exit sub
 end if

call addreservation(destadd,scopestr,iparraysource,macarraysource)

'now finaliparray and finalmacarray contain only the unique ip and mac addresses

if (not isarray(finaliparray) or finaliparray(0)="") then
if ((m=1 or m=2)) then
  if (strcomp(command,"-migrate")=0 or (strcomp(command,"-sync")=0 and synccount=1)) then
  wscript.echo"output is in file "&filename
  end if 
 end if

 exit sub
 end if

t=ubound(finaliparray)
  
  set wshell = CreateObject("WScript.Shell")
  for i=0 to t
  set obj = wshell.exec("netsh dhcp server "&destadd&" scope " &scopestr& " add reservedip " &finaliparray(i)& " " & finalmacarray(i))
  outp =  obj.stdout.readall()
  if(instr(outp,"Command completed successfully.")) then
  wscript.echo "added reservation "&finaliparray(i)& " "&finalmacarray(i)&" to server "&destadd&" in scope "&trim(scopestr)
  else
  
  wscript.echo "The specified IP address "&finaliparray(i)& " or hardware address "& finalmacarray(i)& " is being used by another client."
  end if
  
  next
 
 if ((m=1 or m=2)) then
  if (strcomp(command,"-migrate")=0 or (strcomp(command,"-sync")=0 and synccount=1)) then
  wscript.echo"output is in file "&filename
  end if 
 end if
end sub

sub makeipandmacarray(outp)

 redim iparray(0)
 redim macarray(0)

 set fso = createobject("Scripting.FileSystemObject")
 Set scopefile = fso.CreateTextFile("scopefile.txt")
 scopefile.writeline(outp)
 scopefile.close
  
 Set scopefile = fso.openTextFile("scopefile.txt")
  
 
 do While not scopefile.AtEndOfStream
 line = scopefile.ReadLine
 if(instr(line,"No of ReservedIPs")=1) then
 str = split(line)
 t=str(4)         'taking no. of reservations into t
 exit do
 end if
 loop   
 
 scopefile.close
 
 if t=0 then
 iparray = ""
 macarray = ""
 exit sub
 
 else
 Set scopefile = fso.openTextFile("scopefile.txt")
 
 for i=1 to 7
 scopefile.skipline
 next
 
 for i=1 to t
 redim preserve iparray(i-1)
 redim preserve macarray(i-1)
 string1=split(trim(scopefile.readline))
 
 iparray(i-1)=string1(0)
 macarray(i-1)=replace(string1(ubound(string1)),"-","")
 next
 end if
 scopefile.close
 
end sub

sub migrate(str1)

  if ubound(str1)<4 then        ' ensures that the command entered has required no. of arguments 
         wscript.echo "Error: unrecongnized or incomplete command line."
  call helpfile()
  argerror=1
  exit sub
  end if
  dim k     

  k = checkserver(str1(2))               'checking if the source server exists or not...
              'or if they are entered correct or not
  if k=0 then
  wscript.echo "server "&str1(2)& " not present or is entered wrongly"
  argerror=1
  exit sub
  end if
  
  scopes1 = scopes
  
  k = checkserver(str1(3))   
  if k=0 then
  wscript.echo "server "&str1(3)& " not present or is entered wrongly"
  argerror=1
  exit sub
  end if

  scopes2 = scopes   
  
'comes here if both servers are entered correctly
     
   sourcescope = makescopearray(scopes1)      'sourcescope here has all scopes from source server
   if(isarray(sourcescope)) then     'checking if there are any scopes in source server  
   else
   wscript.echo "no scopes present on server "&str1(2) 
   argerror=1
   exit sub
   end if  
  
   bound=ubound(str1)
   if(strcomp(str1(4),"all")=0) then           'checking if the option "all" is entered
    if(bound>4 and bound<7) then
     if(strcomp(str1(5),"-preview")<>0) then
      argerror=1
      wscript.echo "Error: unrecongnized or incomplete command line."
      call helpfile()
      exit sub
     else
      if(bound=6) then
      filename = str1(6)
      m=2
      else
      m=1
      filename = "output.txt"
      end if
     end if
    else
     m=0
    end if
        
    scope=sourcescope       'scope array now contains all the scopes from source server 
    

   else
   
    if(strcomp(str1(bound),"-preview")=0) then
     m=1
     filename = "output.txt"
    else if(strcomp(str1(bound-1),"-preview")=0) then
     m=2
     filename = str1(bound)
    else
     m=0
    end if
    end if

   p=0
   for i = 4 to ubound(str1)-m      'this is the case when scopes are entered as arguments
   if(isscope(str1(i),sourcescope)) then     'checking if the given scope is present in source server 
   redim preserve scope(p)       'if present then add the scope entered to the array 'scope' 
   scope(p)=str1(i)
   p=p+1   
   else
    if(synccount=0) then         'if the scope entered is not present in the source server 
   wscript.echo "scope "&str1(i)& " is not present in the server "&str1(2)  
   end if
   end if
   next

   end if 
   
   erase sourcescope       'freeing the space allocated to sourcescope 
   if(not isarray(scope)) then      'checking if the scope array has some scopes or not  
   argerror=1
   exit sub
   end if
    
   destscope = makescopearray(scopes2)     'destscope has all scopes from destination server 
   if(isarray(destscope)) then      'checking if there are scopes present on destination server 
   
   else
   wscript.echo "no scopes present on server "&str1(3) 
   argerror=1
   exit sub
   end if 
   
  if(m=1 or m=2) then
   if(synccount=0) then
   set fso = createobject("Scripting.FileSystemObject")
   set outfile = fso.createtextfile(filename)
   outfile.close
   end if
  end if

   for i=0 to ubound(scope)     
   
   if(isscope(scope(i),destscope)) then     'checking if scopes are present on destination server or not  
   
    call reservedip(str1(2),str1(3),scope(i),filename,str1(1)) 'this will take reservations in the given scope from source server and output add reservedip(destination) command to a file
   
   else        
   
    wscript.echo "scope "&scope(i)& " not present in server "&str1(3)  
   

   end if   

   next
  if (m=1 or m=2) then
   if(strcomp(str1(1),"-migrate")=0 or (strcomp(str1(1),"-sync")=0 and synccount=1)) then
   wscript.echo"output is in file "&filename
 
   end if
  end if
end sub

X-----------------------End Paste---------------------X

And here is a more formal looking help:
USAGE:
  Rmanager  /?
     -migrate <source server> <destination server> <all|<list of scopes>>
  [-preview [filename]]
     -sync <server1> <server2> <all | <list of scopes>>
  [-preview [filename]]
     -dumplease <filename> <server> <all | <listof scopes>> 
     -makereservation <server> <filename>

    Options:
       /?     display this help message
       -migrate     copies reservations from all or the specified
      scopes from source to destination server...if
      preview is specified, it shows the commands that
      will be executed, in the output file           
       -sync            synchronises reservations between two servers for
      all or the specified scopes....if preview is
      specified, it shows the commands that will be
      executed, in the output file
       -dumplease          outputs the ip and macaddresses of all clients in
      the given server for the given scopes
       -makereservation    adds reservations for the ip and mac address pairs
      from the given file into the given server
      
Examples:
    > cscript rmanager.vbs Rmanager -migrate 120.0.0.1 120.0.0.2 all   
  ....copies reservations in all scopes from server 120.0.0.1
      to server 120.0.0.2
    > cscript rmanager.vbs Rmanager -sync 120.0.0.1 120.0.0.2 120.0.0.0
  ....synchronises reservations between the two servers
      120.0.0.1 and 120.0.0.2 for the scope 120.0.0.0
    > cscript rmanager.vbs Rmanager -dumplease out.txt 120.0.0.1 all
  ...dumps all clients' ip and mac addresses into out.txt
    > cscript rmanager.vbs Rmanager -makereservation 120.0.0.1 out.txt
  ...takes ip and mac address pairs from the file out.txt and
     makes reservation on the server 120.0.0.1 

If you feel this tool is great, then don't thank me. Rather thank Amit Mirchandani who is an intern working with us.. :-)

How to find out how many more addresses are available in the DHCP server?

I got a couple of questions from a collegue regarding configuring DHCP server from a client machine. Before you can configure the DHCP server from a client machine like XP through netsh or MMC, you need to install something. Please refer: http://blogs.msdn.com/anto_rocks/archive/2005/04/05/405511.aspx
Now coming to the questions:

1)     from a client side, I would like to check if the server has additional leases.

a.     assume that the client doesn’t have admin privilege to the DHCP server

[AntoAMJ]: If the client does not have the admin/user priveledge to configure the DHCP server, then the only way to determine whether the server has additional leases is to send a DHCP DISCOVER packet and waiting for a DHCP OFFER to come. If the DHCP OFFER has a valid address, then the server has additional leases. To make sure that the DHCP server does not commit the lease to this client, abstain from sending the DHCP REQUEST in response to the OFFER. This way the address which is given to the client will be reclaimed automatically. Care must be taken so that an artificial MAC address is put into the DISCOVER so that the DHCP server does not identify this request to the actual client but treats it as a new client. This is needed if the client has already an valid lease from the same DHCP server. This is a proper hack. Don’t do this unless you are desperate. Moreover you won’t be able to find the no of free addresses this way.

b.     assume that the client has admin privilege to the dhcp server

[AntoAMJ]: If the client has admin/user priveldge to configure the DHCP server, then the best way to find out the number of additional leases (free addresses) in a given scope in a given DHCP server is throught the netsh command netsh dhcp server show mibinfo. This command will print the number of available leases for every scope in the DHCP server.

2)    from a client side, I would like to release a lease (or delete the client’s lease)

a.     assume that the client doesn’t have admin privilege to the DHCP server

[AntoAMJ]: The client does not need admin priviledge to the DHCP server to release its own lease. All it needs to do is call the ipconfig /release.

b.     assume that the client has admin privilege to the dhcp server

 [AntoAMJ]: The client does not need admin priviledge to the DHCP server to release its own lease. All it needs to do is call the ipconfig /release.

3)    from a client side, delete a lease on the dhcp server that the client doesn’t own

a.     assume that the client doesn’t have admin privilege to the DHCP server

[AntoAMJ]: Send the DHCP RELEASE packet on behalf of the client. Create your own release packet with the MAC address of the client whose lease has to be deleted. This is also a hack. Don’t do this unless you are desperate.

b.     assume that the client has admin privilege to the dhcp server

[AntoAMJ]: The best bet for you is call the netsh command netsh dhcp server delete lease.

4)    from a client side, discover if there is a dhcp server on the subnet

[AntoAMJ]: Send a DISCOVER and wait for OFFERS to come. If there are any DHCP server which are servincing the subnet, then that many OFFER’s will come to the client. In fact if I remember correctly, there was a tool called dhcploc.exe which does this automatically for you.

DhcpLoc.exe Documentation: http://technet2.microsoft.com/WindowsServer/en/Library/8fa42e83-ec08-4a9b-9057-8909f7ed433e1033.mspx

DhcpLoc.exe Download: http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

How to programatically set/view the DNS settings.

How to override the system default for the threshold for the event 1020.

About "Default Routing and Remote Access Class"

The following is a question i received from one of the internal groups and my answer to the same. I hope you find the information usefull.

Question:

I am trying to configure options to be applied specifically to workstations that make a vpn connection. The workstations appear to get all options that are set on the dhcp server as long as they are "Default User Class" options but as soon as I set an option to "Default Routing and Remote Access Class" the workstations no longer get the options. 

I have run the command on the client "ipconfig /setclassid test "Default Routing and Remote Access Class" where test is the name of the vpn connectoid.

The client gets an ip address and the ipconfig output even shows "DHCP Class ID: Default Routing and Remote Access Class" but it still fails to get the options.

I even moved the client to the local lan and set the class on the NIC to rule out RRAS but still don't get the options applied. In my tests, Windows 2003 DHCP is not assigning options based on the clients class-id of "Default Routing and Remote Access Class". 

Can a client have multiple classes?

Does it send all classes in a DHCP inform?

If so, how does DHCP determine which class to select from?

If I change the class-id on a client to be "Default Routing and Remote Access Class" so that I can set specific options on the machine when it is in the field, must I remove or change that class on the workstation when it returns to the LAN?

Answer:

    Let me clarify first of all that the class "Default Routing and Remote Access Class" is a predefined user class meant to used as a way to identify clients which are getting network access using VPN. These clients first talk to the VPN server to get connectivity. The VPN server tries to get the ip address for the remote client by talking to the DHCP server. The DHCP server assigns the VPN server set of addresses from which the VPN server assigns to the remote clients. Now that the remote client gets an IP address, it tries to get all other configuration information directly from the DHCP server through DHCP INFORM packets. When the DHCP server recieves the INFORMS from such remote clients, it identifies that these clients are belonging to the "Default Routing and Remote Access Class" through an internal mechanism and it picks up the configuration present under the class "Default Routing and Remote Access Class". This is how this user class is meant to be used.

Regarding your other specific questions:

Can a client have multiple classes?  No. It can have atmost one user class and one vendor class. If it does not have a expliclty defined user/vendor class, it is assumed to belong to the Default User/Vendor class.

Does it send all classes in a DHCP inform?: NA. See answer to previous question.

If so, how does DHCP determine which class to select from?: NA. See answer to previous question.

If I change the class-id on a client to be "Default Routing and Remote Access Class" so that I can set specific options on the machine when it is in the field, must I remove or change that class on the workstation when it returns to the LAN?: First of all when you mention "Default Routing and Remote Access Class" as mentioned in the UI of the DHCP server, you are referring to the display name of the user class. This is not what you would see if you parse the user class information of the DHCP packet. The actual byte sequence which represents this user class, can be quite different. Whereas, when you mention the user class in the ipconfig /setclassid command, what you are mentioning is the actual byte string that will be put into the user class field in the DHCP packet by the DHCP client when sending the requests. You should not attempt to use upconfig /setclassid to set the user class of the clients and use the name of the predefined User classes. When you want to assign specific set of clients specific config, you might want to create a new user class and configure that in the dHCP server and on the client using ipconfig /setclassid.

I hope i have cleared your doubts... Let me know if you have any further issues.

Interaction between DHCP and RRAS (VPN):

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/8e9004b2-1153-4202-89e2-b7f0a9c7f8a4.mspx

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8006f246-2029-4bad-b9f0-4f31a56b0590.mspx Please refer the section on "DHCP and Routing and Remote Access"

http://support.microsoft.com/kb/160699/

General discussion about user/vendor classes:

http://blogs.msdn.com/anto_rocks/archive/2005/02/25/380231.aspx

Follow-up article on DHCP server callout DLL.

Hi all,

I got a VS.NET solution for the sample DHCP server callout DLL. I have shared it to the world here: http://www.geocities.com/anto_rocks/DHCPCalloutDL.zip. Please let me know of any copyright issues as i do not know who wrote this code. I suppose this will work as i did not test it out myself. I just got it from my colleague.

Thanks, A.J.Anto

Windows 2003 SP1 DHCP export/import netsh commands failure on IA64 platform

Hi all,
 This post is regarding an issue that plagues the Windows Server 2003 SP1 on Itanium 64 platforms. The problem is that the netsh export/import commands fail on these cases with the following error:

DHCP Server import and export are allowed on local servers only.
DHCP Server export failed.

There is a simple work arround for this problem:
We need to write a small text file, let's call it test.nsh with the following contents:
show bindings
export c:\test.txt all
and on the command prompt type netsh -f test.nsh. Similarly the import command can also be executed.

This problem does not occur in other platforms.
Please feel free to contact me if you have happen to come across any other problem with Windows Server 2003 SP1.

Follow-up article on how to set lease times through netsh.

Question: I have a customer that has 5 DHCP servers that host many scopes. The customer wants to know of a way to script changing the lease duration on the advanced page of the properties of the scope (because they also have Bootp clients). Anybody have any ideas on how to script this change?

netsh dhcp server scope 10.0.0.0 set optionvalue 51 DWORD user=”Default BOOTP Class”  3600 is your babe! For a detailed explanation please refer to my previous post on How to set DHCP scope lease time through netsh? 

A very good article on DHCP technology.

Hi all, The person (Balint Toth) who gave the contents of the previous post pointed out this link. This link really good description of the DHCP technology. A must read i must say: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/8006f246-2029-4bad-b9f0-4f31a56b0590.mspx Thanks a lot Balint Toth!

Btw, If any body finds out an interesting peice of information (This can be anything from a documentation link to a sample code.) regarding DHCP technology especially with respect to Microsoft's implementation of it and want to contribute to this blog, please contact me at anto_rocks@yahoo.co.in I will put it on my blog so that it is available for wider audience.

What it takes to get a lease.........

Hi all,

I found this pretty useful content in one of our internal DL's. I thought it should be available more widely.

The following describes what it takes to get a address lease from the DHCP client. It describes the various steps taken by the DHCP client in various circumstances.

1. The DHCP client requests an IP address by broadcasting a DHCPDiscover message to the local subnet.

2. The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP address and configuration information for lease to the client. If no DHCP server responds to the client request, the client sends DHCPDiscover messages at intervals of 0, 4, 8, 16, and 32 seconds, plus a random interval of between -1 second and 1 second. If there is no response from a DHCP server after one minute, the client can proceed in one of two ways:

If the client is using the Automatic Private IP Addressing (APIPA) alternate configuration, the client self-configures an IP address for its interface.

If the client does not support alternate configuration, such as APIPA, or if IP auto-configuration has been disabled, the client network initialization fails.

            In both cases, the client begins a new cycle of DHCPDiscover messages in the background every five minutes, using the same intervals as before (0, 4, 8, 16, and 32 seconds), until it receives a DHCPOffer message from a DHCP server.

3. The client indicates acceptance of the offer by selecting the offered address and broadcasting a DHCPRequest message in response.

4. The client is assigned the address and the DHCP server broadcasts a DHCPAck message in response, finalizing the terms of the lease.

When the client receives acknowledgment, it configures its TCP/IP properties by using the DHCP option information in the reply, and completes its initialization of TCP/IP.

5. In rare cases, a DHCP server might return a negative acknowledgment to the client. This can happen if a client requests an invalid or duplicate address. If a client receives a negative acknowledgment (DHCPNack), the client must begin the entire lease process again.

Manage your server from your desktop!

In this post, I am going to talk about an interesting way to manage your Windows Servers. One of the things that would certainly be a good thing to have is the freedom to use your desktop environment to monitor and configure your servers. The advantages of the above method are the following:

1)      General Ease of configuration: Sometimes it is difficult to physically reach the actual server you want to configure. I know the dhcp-mmc snap-in can remotely configure a DHCP server but the problem is that you need to get your hands on a Win2k3 server machine to do this.

2)      Reliability: When you monitor your servers from your desktop or other server machines you make sure that you cause the least disturbance on the target server. That is the extra load of running the management application is removed from the DHCP server.

Now for the part which actually explains how to get to a state when you can use your desktop to configure and monitor the DHCP server. I won’t go into details of it as it has been clearly documented here: How to install adminpak to configure DHCP server from your Desktop. Here is the download link: http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en 

The installation will pull in all the binaries which are needed for remote configuration and management of the Windows server. Primarily these are the MMC-snap-ins for the various windows services. After the installation you can immediately test your new setup by doing the following:

1)      Type mmc.exe in the run command window.

2)      Click File->Add Remove Snap-in and select dhcpmgmt.msc

3)      If everything went well you would be seeing a DHCP console similar to the one you see on your server. From here you can do all the operations you want to do.

If you want to use the netsh command-line interface to configure your DHCP server then you need to do the following:

1)      First open a command prompt.

2)      Type netsh add helper dhcpmon.dll This command will formally install the netsh dhcp helper dll which would have already been pulled to system32 as a part of the install process.

3)      If everything goes fine, you should be able to manage your DHCP server from the netsh interface as well.

Win2K3 SP1 RTM's

The best Server OS just got better! http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4D81-8354-72593B1C1F43&displaylang=en 

The Windows Server 2003 Service Pack1 RTM's.

How to set DHCP scope lease time through netsh?

In this post, I am going to talk about how to set the lease time for a given scope in the DHCP server through netsh command-line. The command is a little unintuitive considering the fact that you won't be mentioning anything about lease time in the command itself. The fact that you are updating the lease time is specified through the option-id for the lease time option. Without delaying any longer, let me give the command:

netsh dhcp server scope 10.0.0.0 set optionvalue 51 DWORD 3600

Let me explain this command: scope 10.0.0.0 specifies that you are going to change the lease time of the scope whose id is 10.0.0.0. 51 is the option-id for the option Lease time. This is an IETF assigned number: http://www.faqs.org/rfcs/rfc2132.html DWORD is the datatype of the lease-time option. And finally 3600 represents the option value in number of seconds.

Compare this to the way you edit the lease time in your snap-in. You right-click on the scope icon and click 'Properties' and change the lease time. That's it!! That's a lot simpler I must say....

How to find out all the active clients serviced by your DHCP server

In this post, I am going to discuss about the various ways by which you can enumerate all the client leases of the DHCP server. The reasons why you might want to do this can be many:

You might want to do this when we want to have a single list of all clients your DHCP server is serving which automatically means that you want to know all the participants in your private LAN’s. You might need this information for administrative or for security reasons. (Let’s say whenever an unauthorized machine joins the network, you want to check it) Another interesting situation is when you want to maintain a database of all active network devices which are getting an IP address from the DHCP server in your favorite database for your own purposes.

You can do this through the following:

1) In the netsh, there is no command to create leases. But there is definitely a command to view the leases. What we need to do is go to each scope context via netsh and type the commands show clients

            Netsh dhcp server scope 10.0.0.0 show clients

The above command will dump the leases in a human-readable form into the screen. We need to redirect the output to the text file. The information for each lease is represented by IP address, Hardware address and other misc info.

 2)  Another way is perhaps use the DHCP server management API: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dhcp/dhcp/dhcpenumsubnetclients.asp to enumerate the active leases.

3) You can also do this from the MMC. This was a little surprising to me the first time I saw as I did not expect the granular data control that was made available. Go to the Address leases of each scope and right-click on the ‘Address Leases’ icon and clieck ‘Export List’ and you can dump the leases to a text file. Later you might want to parse this file (this contains the IP address and hardware address) and store it in your custom format.