How to Configure High Availability for DHCP with DHCP Failover on Windows Server 2022

Why Use DHCP Failover?

In any production Active Directory environment, DHCP is a critical infrastructure service. If your single DHCP server goes offline — even briefly for maintenance or due to an unexpected failure — clients that attempt to renew or obtain leases will fail, resulting in lost network connectivity. While clients hold their existing leases for several days, any new device or any device whose lease has expired cannot obtain an IP address and will fall back to APIPA (169.254.x.x), rendering it unreachable.

DHCP Failover, introduced in Windows Server 2012 and fully mature in Windows Server 2022, provides native high availability for DHCP without requiring clustering, shared storage, or complex IP helper configurations. Two DHCP servers share scope configuration and lease databases, and they coordinate to ensure every lease request is served even when one partner is offline.

DHCP Failover operates per-scope — you select which scopes to include in the failover relationship. Multiple failover relationships can exist on the same server pair, with different modes for different scopes if needed.

Failover Modes: Hot Standby vs Load Balance

Hot Standby mode: One server is Active and handles all DHCP requests. The second server is Passive and only takes over if the active server becomes unavailable. You configure what percentage of the scope’s address pool the standby server reserves for emergency use. Typically 5% is reserved for the standby server. This mode is suitable when both servers do not have equal network access to all client subnets — for example, one server is in headquarters and the standby is in a DR site.

Load Balance mode: Both servers actively respond to DHCP requests simultaneously, each handling a configured percentage of requests (default 50/50 split). Both servers have the full scope address pool available but serve different portions based on the configured load ratio. This mode doubles your DHCP processing capacity and provides immediate failover with no delay. It is the recommended mode when both servers have equal network access to all client subnets (same site, or with proper DHCP relay forwarding to both).

Prerequisites

Before configuring DHCP Failover, ensure the following are in place:

Both servers must be domain members running Windows Server 2008 R2 or later (2022 for this guide). Install the DHCP Server role on both servers if not already present:

# Install DHCP role on both servers
Install-WindowsFeature -Name DHCP -IncludeManagementTools

# Authorize both DHCP servers in Active Directory
Add-DhcpServerInDC -DnsName "dhcp01.corp.local" -IPAddress 10.0.0.10
Add-DhcpServerInDC -DnsName "dhcp02.corp.local" -IPAddress 10.0.0.11

# Verify authorization
Get-DhcpServerInDC

At least one IPv4 scope must exist on the primary server before failover can be configured. The scope does not need to exist on the secondary — failover replicates scope configuration from primary to secondary. Verify scopes on the primary:

Get-DhcpServerv4Scope -ComputerName dhcp01.corp.local | 
    Select-Object ScopeId, Name, SubnetMask, StartRange, EndRange, State

Configuring DHCP Failover with Add-DhcpServerv4Failover

The Add-DhcpServerv4Failover cmdlet configures the failover relationship from the primary server’s perspective. Run this on the primary DHCP server (dhcp01):

# Configure Load Balance failover for a specific scope
Add-DhcpServerv4Failover `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -PartnerServer "dhcp02.corp.local" `
    -ScopeId "10.0.0.0" `
    -Mode "LoadBalance" `
    -LoadBalancePercent 50 `
    -SharedSecret "YourSharedSecret2024!" `
    -MaxClientLeadTime "00:01:00" `
    -AutoStateTransition $true `
    -StateSwitchInterval "00:60:00"

For Hot Standby mode:

Add-DhcpServerv4Failover `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-DR" `
    -PartnerServer "dhcp02.corp.local" `
    -ScopeId "10.0.0.0" `
    -Mode "HotStandby" `
    -ServerRole "Active" `
    -ReservePercent 5 `
    -SharedSecret "YourSharedSecret2024!" `
    -MaxClientLeadTime "00:01:00" `
    -AutoStateTransition $true `
    -StateSwitchInterval "00:60:00"

To add multiple scopes to one failover relationship in a single command:

Add-DhcpServerv4Failover `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -PartnerServer "dhcp02.corp.local" `
    -ScopeId @("10.0.0.0", "10.1.0.0", "10.2.0.0") `
    -Mode "LoadBalance" `
    -LoadBalancePercent 50 `
    -SharedSecret "YourSharedSecret2024!"

Key Failover Parameters Explained

MaxClientLeadTime (MCLT): The Maximum Client Lead Time defines how far ahead one server can be from the other in terms of lease expiration times. When one server goes down, the surviving server extends leases but only up to MCLT ahead of what was already committed. This prevents the servers from diverging on lease state. The default is 1 hour. Shorter values mean faster recovery but more frequent synchronization; longer values provide more buffer during extended outages but risk more divergence.

AutoStateTransition and StateSwitchInterval: AutoStateTransition controls whether the surviving server automatically transitions to Partner Down state after the configured interval. In Partner Down state, the server can allocate IP addresses from the full pool (including the portion normally reserved for the partner). Without this, in Load Balance mode the surviving server can only serve its 50% of the pool, potentially exhausting addresses during extended outages. The StateSwitchInterval sets how long to wait before automatically declaring Partner Down (default 60 minutes). Set this to a value longer than your longest expected maintenance window to avoid false Partner Down transitions.

SharedSecret: The shared secret authenticates communication between the two DHCP servers. Must match exactly on both servers. This is set automatically when using Add-DhcpServerv4Failover from the primary.

Replicating Scope Configuration

After creating the failover relationship, the scope configuration (reservations, options, exclusions) is replicated from the primary to the secondary. You can trigger manual replication at any time:

# Replicate all scopes in a failover relationship to the partner
Invoke-DhcpServerv4FailoverReplication `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -Force

# Replicate a specific scope
Invoke-DhcpServerv4FailoverReplication `
    -ComputerName "dhcp01.corp.local" `
    -ScopeId "10.0.0.0" `
    -Force

# Replicate all failover scopes at once
Invoke-DhcpServerv4FailoverReplication -ComputerName "dhcp01.corp.local" -Force

Changes to scope options, reservations, and exclusions on the primary do not automatically propagate to the secondary in real time. You must either run Invoke-DhcpServerv4FailoverReplication or wait for the automatic replication interval. For production changes, always replicate immediately after making scope modifications.

Failover State Machine

The DHCP Failover protocol defines five operational states that each server transitions through based on connectivity to the partner:

Normal: Both servers are communicating and operating correctly. Each server serves its designated portion of the address pool (50/50 in Load Balance, or Active/Passive in Hot Standby).

Communication Interrupted: The servers cannot communicate with each other but neither has declared the other dead. Each server continues serving its portion of the pool but cannot verify lease state with the partner. This state is transient.

Partner Down: One server has been explicitly told (via the console, or via AutoStateTransition after the timer expires) that the partner is down. The surviving server now takes over the full address pool and can issue leases from both halves. This is the state that must be declared for full failover to work during extended outages.

Potential Conflict: A transitional state when the partner comes back online and the servers are reconciling their lease databases. Leases issued during the Partner Down period are validated against each other.

Recover: The failed server is back online and synchronizing its lease database with the surviving server before returning to Normal operation.

Manually transition to Partner Down during planned maintenance:

# Declare partner down on dhcp01 (when dhcp02 is being taken offline for maintenance)
Set-DhcpServerv4Failover `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -AutoStateTransition $false

# Or use the DHCP console: Right-click failover relationship > Properties > Change state

Monitoring Failover State

Monitor the health and state of DHCP failover relationships using PowerShell:

# View all failover relationships and their current state
Get-DhcpServerv4Failover -ComputerName "dhcp01.corp.local" | 
    Select-Object Name, Mode, State, PartnerServer, ServerRole, 
        MaxClientLeadTime, StateSwitchInterval, AutoStateTransition

# Check failover status on the partner as well
Get-DhcpServerv4Failover -ComputerName "dhcp02.corp.local" | 
    Select-Object Name, State, ServerRole

# View scope-level failover status
Get-DhcpServerv4Failover -ComputerName "dhcp01.corp.local" -ScopeId "10.0.0.0"

Check current lease statistics to see how load is distributed:

# View scope statistics on both servers to verify load distribution
Get-DhcpServerv4ScopeStatistics -ComputerName "dhcp01.corp.local" -ScopeId "10.0.0.0"
Get-DhcpServerv4ScopeStatistics -ComputerName "dhcp02.corp.local" -ScopeId "10.0.0.0"

In DHCP Manager (dhcpmgmt.msc), each scope in a failover relationship shows a failover indicator. Right-clicking a scope shows the option to replicate scope, configure failover properties, or view failover statistics.

Set up Windows event alerting for DHCP failover state changes. Key event IDs to monitor are 20120 (partner down), 20121 (communication interrupted), and 20129 (failover relationship created/modified):

Get-WinEvent -LogName "Microsoft-Windows-Dhcp-Server/Operational" |
    Where-Object { $_.Id -in @(20120, 20121, 20122, 20125, 20129) } |
    Select-Object TimeCreated, Id, Message | Format-List

Failover with Scopes Across Different Subnets

In environments with multiple subnets, you typically have DHCP relay agents (IP helpers) on each router forwarding DHCP broadcasts to the DHCP server(s). For Load Balance failover to work correctly across multiple subnets, the relay agent must forward to both DHCP servers:

# Cisco IOS example for dual DHCP server relay (on interface facing clients):
# ip helper-address 10.0.0.10   (dhcp01)
# ip helper-address 10.0.0.11   (dhcp02)

When both relay addresses are configured, each DHCP broadcast from a client is forwarded to both servers. In Load Balance mode, both servers receive the DISCOVER, but only the server whose load balance hash matches the client’s MAC address responds first with an OFFER. The other server discards it. This ensures approximately 50% of leases go to each server without double-issuing.

For Hot Standby mode across multiple subnets, only the active server needs to be reachable via relay. The passive server only needs to communicate with the active server over the failover port (TCP 647) to synchronize lease state. Configure the relay to point only to the active server’s IP. During failover, update the relay address to point to the new active server — this can be automated via the AutoStateTransition timer and a monitoring script that updates the relay configuration.

# Add a scope to an existing failover relationship (for newly created scopes)
Add-DhcpServerv4FailoverScope `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -ScopeId "10.5.0.0"

# Remove a scope from failover (returns it to single-server operation)
Remove-DhcpServerv4FailoverScope `
    -ComputerName "dhcp01.corp.local" `
    -Name "DHCP-Failover-Corp" `
    -ScopeId "10.5.0.0"