Introduction to DHCP Failover on Windows Server 2019
DHCP Failover in Windows Server 2019 enables two DHCP servers to share a scope’s IP address pool, providing continuous DHCP service even if one server fails. This is far superior to the older “split scope” approach where each server held half the addresses, because DHCP Failover allows either server to lease any address in the full scope range. Introduced in Windows Server 2012, DHCP Failover in Windows Server 2019 supports two modes: Hot Standby (one server is active, one is on standby) and Load Balance (both servers share lease issuance, typically 50/50).
DHCP Failover requires no additional hardware and works over a standard TCP connection between the two DHCP servers. Both servers synchronise lease state using a secure protocol with a shared secret. If communication between the servers is lost, each server enters a configurable Maximum Client Lead Time (MCLT) grace period before assuming sole ownership of the address pool.
Installing DHCP on Both Servers
Install the DHCP Server role on both servers that will participate in failover:
Install-WindowsFeature -Name DHCP -IncludeManagementToolsRepeat on the second server. Authorise both DHCP servers in Active Directory (required for AD-joined DHCP servers):
Add-DhcpServerInDC -DnsName "DHCP01.contoso.com" -IpAddress 192.168.1.10
Add-DhcpServerInDC -DnsName "DHCP02.contoso.com" -IpAddress 192.168.1.11Verify both servers are authorised:
Get-DhcpServerInDCCreating a DHCP Scope on the Primary Server
Create the DHCP scope on the primary server (DHCP01). The failover relationship will replicate this scope to the secondary:
Add-DhcpServerv4Scope -Name "Production LAN" -StartRange 192.168.1.100 -EndRange 192.168.1.250 -SubnetMask 255.255.255.0 -Description "Main production DHCP scope" -State ActiveConfigure scope options (default gateway, DNS servers, domain name):
Set-DhcpServerv4OptionValue -ScopeId 192.168.1.0 -Router 192.168.1.1 -DnsServer 192.168.1.10,192.168.1.11 -DnsDomain "contoso.com"Add exclusion ranges for static IP devices:
Add-DhcpServerv4ExclusionRange -ScopeId 192.168.1.0 -StartRange 192.168.1.100 -EndRange 192.168.1.110Set the lease duration:
Set-DhcpServerv4Scope -ScopeId 192.168.1.0 -LeaseDuration (New-TimeSpan -Days 8)Configuring DHCP Failover (Load Balance Mode)
Configure DHCP failover between DHCP01 and DHCP02 in Load Balance mode. Run this on DHCP01:
Add-DhcpServerv4Failover -ComputerName "DHCP01" -Name "DHCP-Failover-LB" -PartnerServer "DHCP02" -ScopeId 192.168.1.0 -LoadBalancePercent 50 -SharedSecret "DHCPsharedS3cret!" -MaxClientLeadTime (New-TimeSpan -Minutes 30) -AutoStateTransition $true -StateSwitchInterval (New-TimeSpan -Minutes 60)Verify the failover relationship was created:
Get-DhcpServerv4Failover -ComputerName "DHCP01"The scope should now appear on DHCP02 as well:
Get-DhcpServerv4Scope -ComputerName "DHCP02"Configuring DHCP Failover (Hot Standby Mode)
In Hot Standby mode, the primary server handles all DHCP requests while the secondary stays ready to take over. The secondary holds a reserved percentage of the address pool for use when the primary is unreachable:
Add-DhcpServerv4Failover -ComputerName "DHCP01" -Name "DHCP-Failover-HS" -PartnerServer "DHCP02" -ScopeId 192.168.2.0 -Mode HotStandby -ServerRole Active -ReservePercent 20 -SharedSecret "DHCPsharedS3cret!" -MaxClientLeadTime (New-TimeSpan -Minutes 30)View failover state:
Get-DhcpServerv4Failover -ComputerName "DHCP01" | Select Name, PartnerServer, Mode, LoadBalancePercent, StateSynchronising Leases Between Servers
Manually synchronise lease state between failover partners (normally happens automatically):
Invoke-DhcpServerv4FailoverReplication -ComputerName "DHCP01" -Name "DHCP-Failover-LB" -ForceView active leases on both servers to confirm synchronisation:
Get-DhcpServerv4Lease -ScopeId 192.168.1.0 -ComputerName "DHCP01" | Measure-Object
Get-DhcpServerv4Lease -ScopeId 192.168.1.0 -ComputerName "DHCP02" | Measure-ObjectBoth servers should report the same number of active leases after synchronisation.
Adding Additional Scopes to an Existing Failover Relationship
After creating a failover relationship, add new scopes to the existing relationship without creating a new one:
# First create the new scope on DHCP01
Add-DhcpServerv4Scope -Name "VLAN 20" -StartRange 10.20.0.100 -EndRange 10.20.0.250 -SubnetMask 255.255.255.0 -State Active
Set-DhcpServerv4OptionValue -ScopeId 10.20.0.0 -Router 10.20.0.1 -DnsServer 192.168.1.10
# Add the new scope to the existing failover relationship
Add-DhcpServerv4Failover -ComputerName "DHCP01" -Name "DHCP-Failover-LB" -ScopeId 10.20.0.0DHCP Failover on Windows Server 2019 provides seamless, automatic DHCP redundancy with zero additional licensing cost, eliminating DHCP as a single point of failure in your network infrastructure.
