Migrating DHCP from 2003 to 2012 R2

This post will likely fall on deaf ears since no one out there is still running Windows Server 2003 right?

Well we are for our oldest DHCP server. Better yet it’s 2003 Standard (non R2) which means I can’t installed¬†Active Directory Management Gateway Service which would allow me to remotely access DHCP on the 2003 server via PowerShell 5.1 running on a different box. Newer versions of PowerShell include support for working with DHCP. PowerShell 2.0 (latest available for Server 2003) does not support these commands.

Googling around found me the standard recommended way of migrating DHCP subnets.

On the source machine run:

This will export all of the current leases and reservations in the 192.168.0.0 scope into a text file, you can then transfer the text file over to your new DHCP server and run the following to import it:

The downside to this method is that it causes a temporary outage of your DHCP server during the import/export. I just migrated 80 odd subnets during the day and the outages were so short no one noticed.

Alright so that was the easy part.

In addition to 80 standard DHCP scopes we have 4 superscopes that also need to be migrated.

Attempting to migrate the superscopes using the above method failed. When I attempted to import the scope into the destination DHCP server I got the error “TLS supported but not configured”.

The first post I found for this error in Google links to a Technet discussion where someone states “No, you cannot direct migrate windows server 2003 DHCP/DNS to windows server 2012 DHCP/DNS.”. Clearly not an accurate statement since I’d just migrated 80 standard scopes.

So here I am. I cannot move 4 super scopes using the netsh method, I cannot use PowerShell because the 2003 server is to old and I do not want to upgrade it to 2003 R2 for multiple reasons (did I mention it’s a Domain Controller to?).

What I ended up doing was building a new Windows 2012 R2 Standard box, joined it to our domain so I could remotely access it and have the benefit of domain logins for accessing resources across our network and then installed DHCP on it. Immediately after the DHCP Server installation completed I went into the Windows Firewall and blocked DHCP just in case.

Then on the old DHCP server I ran this command:

I then transferred the all.txt file over to the DHCP server I just built and ran this:

and ended up with a complete copy of my old DHCP server on my temporary DHCP server including my superscopes, no errors.

Now I can use PowerShell to finish this up. On the temporary DHCP server I ran this:

transferred SUPERSCOPE1.xml to the new DHCP server and ran:

And bingo. Superscope successfully migrated from 2003 to 2012R2 with a small middle step.

If you screw up or need to do this in batches over time you can quickly and easily wipe everything out on the temporary DHCP server by doing the following:

  1. Stop the DHCP service
  2. Delete the contents of C:\Windows\system32\dhcp
  3. Start DHCP servoce

You’ll end up with a blank DHCP server that you can re-import a fresh copy of your old DHCP server into.

After vCenter 6.5 U1g newly cloned VMs report “HA not enabled”

Our environment is:

  • vCenter 6.5 U1g (8024368) running on a Windows Server 2008 R2 Standard VM (we’re moving to an appliance once we go 6.7)
  • vSphere 5.5¬†7504623, 8 node cluster

Since upgrading to the latest vCenter every new VM we clone into our production cluster reports “The virtual machine failed to become vSphere HA Protected and HA may not attempt to restart it after a failure”

After contacting VMware Support they informed me that this is a known issue with the versions of vCenter and vSphere we’re using and to upgrade to vSphere 6.0 or 6.5.

Since vSphere 5.5 is EOL in September no patches are coming to resolve this.

It also turns out the issue is a GUI issue only. The VMs displaying this error are still protected via HA and will recover fine if a host goes down.

A workaround for the issue is to disable/enable HA. Doing so will clear the error.