How to Configure High Availability for DHCP with DHCP Failover on Windows Server 2016
DHCP (Dynamic Host Configuration Protocol) is a critical network service — when it fails, new devices cannot obtain IP addresses and existing leases eventually expire, causing network outages. Windows Server 2016 includes DHCP Failover, a feature that allows two DHCP servers to share address lease information and provide redundancy for DHCP services. Unlike older approaches that required manual scope splitting or Active Directory-integrated hot-standby, DHCP Failover provides automatic synchronization of the lease database between two servers and configurable load balancing or hot-standby operation modes.
DHCP Failover supports two modes. In Load Balance mode, both servers actively respond to DHCP requests, sharing the load according to a configured percentage split (commonly 50/50). This utilizes both servers and provides immediate failover if one goes down. In Hot Standby mode, one server is active and the other is passive, taking over only when the primary fails. Hot Standby is simpler to reason about but wastes the standby server’s capacity. Both modes synchronize the lease database so clients can renew with either server seamlessly.
Prerequisites
Install the DHCP Server role on both servers that will participate in failover. Both servers must be joined to the same Active Directory domain:
Install-WindowsFeature DHCP -IncludeManagementToolsAuthorize both DHCP servers in Active Directory (must be done as a Domain or Enterprise Admin):
Add-DhcpServerInDC -DnsName "DHCP1.corp.local" -IPAddress 192.168.1.11Add-DhcpServerInDC -DnsName "DHCP2.corp.local" -IPAddress 192.168.1.12Verify both servers are authorized:
Get-DhcpServerInDCCreating a DHCP Scope on the Primary Server
Create a DHCP scope on the primary server if one does not already exist. The failover relationship will replicate the scope to the secondary server:
Add-DhcpServerv4Scope -ComputerName "DHCP1.corp.local" -Name "LAN Scope" -StartRange 192.168.1.100 -EndRange 192.168.1.200 -SubnetMask 255.255.255.0 -State ActiveConfigure scope options such as default gateway and DNS servers:
Set-DhcpServerv4OptionValue -ComputerName "DHCP1.corp.local" -ScopeId 192.168.1.0 -Router 192.168.1.1 -DnsServer 192.168.1.5,192.168.1.6 -DnsDomain "corp.local"Configure the lease duration:
Set-DhcpServerv4Scope -ComputerName "DHCP1.corp.local" -ScopeId 192.168.1.0 -LeaseDuration (New-TimeSpan -Hours 8)Configuring DHCP Failover in Load Balance Mode
Create a failover relationship from the primary DHCP server. The PartnerServer parameter specifies the secondary server. A shared secret is used for authentication between the servers:
Add-DhcpServerv4Failover -ComputerName "DHCP1.corp.local" -Name "DHCP-Failover" -PartnerServer "DHCP2.corp.local" -ScopeId 192.168.1.0 -LoadBalancePercent 50 -SharedSecret "DHCPSecret@2016" -AutoStateTransition $true -MaxClientLeadTime (New-TimeSpan -Hours 1)The MaxClientLeadTime is a safety margin that prevents lease expiry during a controlled failure state. The AutoStateTransition parameter enables automatic transition to partner-down state when the primary cannot reach the secondary, allowing the surviving server to serve the entire address pool.
Verify the failover relationship was created:
Get-DhcpServerv4Failover -ComputerName "DHCP1.corp.local"Configuring DHCP Failover in Hot Standby Mode
To configure Hot Standby mode instead, specify the Mode parameter and a reserve percentage (the percentage of the address pool reserved for the standby server when the primary is down):
Add-DhcpServerv4Failover -ComputerName "DHCP1.corp.local" -Name "DHCP-Standby" -PartnerServer "DHCP2.corp.local" -ScopeId 192.168.1.0 -Mode HotStandby -ServerRole Active -ReservePercent 5 -SharedSecret "DHCPSecret@2016" -AutoStateTransition $trueReplicating Scopes to the Partner
After creating the failover relationship, replicate the scope configuration to the partner server:
Invoke-DhcpServerv4FailoverReplication -ComputerName "DHCP1.corp.local" -Name "DHCP-Failover" -ForceReplicate all scopes in the failover relationship:
Invoke-DhcpServerv4FailoverReplication -ComputerName "DHCP1.corp.local" -ForceMonitoring and Managing DHCP Failover
Check the current state of the failover relationship. The State should show Normal when both servers are communicating properly:
Get-DhcpServerv4Failover -ComputerName "DHCP1.corp.local" | Select-Object Name,State,PartnerServer,Mode,LoadBalancePercentView lease statistics for both servers to verify load is being distributed:
Get-DhcpServerv4ScopeStatistics -ComputerName "DHCP1.corp.local" -ScopeId 192.168.1.0Get-DhcpServerv4ScopeStatistics -ComputerName "DHCP2.corp.local" -ScopeId 192.168.1.0Remove the failover relationship if reconfiguration is needed:
Remove-DhcpServerv4Failover -ComputerName "DHCP1.corp.local" -Name "DHCP-Failover" -ForceDHCP Failover on Windows Server 2016 is a straightforward way to eliminate a single point of failure in IP address management. For most environments, Load Balance mode is recommended as it provides both redundancy and uses both servers actively. Ensure the shared secret is strong and stored securely, as it protects the DHCP lease data exchanged between servers. Regularly monitor the failover relationship state and set up alerting for any transition out of Normal state to catch communication failures between the DHCP servers before they impact network availability.
