8 Replies Latest reply on Dec 2, 2009 7:46 AM by Vinnie Lima

    How to track if DHCP scope definitions are changed?

    Vinnie Lima

      Hi,

       

      We are configuring the Provisioning Manager in BL in our lab.  The problem we have is that people tinker very often with the AD configuration and thus breaks the PXE boot scope options in the DHCP server configuration.

       

      Does anyone know of any option to dump the DHCP configuration in W2K3, in a way that I can import it as an extended object into BL so I can track such change?

       

      Thanks,

      Vinnie

        • 1. Re: How to track if DHCP scope definitions are changed?
          Bill Robinson

          something like:

           

          netsh dhcp server \\<server> dump

          • 3. Re: How to track if DHCP scope definitions are changed?
            Vinnie Lima

            I'm trying to implement the command below to be part of a data gathered and then analyzed within a Component Template.  I started down the path of doing an Extended Object, but have run into problems.  The issue seems to be that executing the command above via nexec does not carry over all of the environment that may be needed (which is more and so a known limitation from my understanding):

             

            emda-nbp-uea26% nexec -e /C/WINDOWS/system32/netsh.exe dhcp server \\\\<DHCPSERVERIP> dump

             

            Unable to determine the DHCP Server version for the Server <DHCPSERVERIP>.
            Server may not function properly.

             

             

            I tried to create an NSH script which can then be called as a remote execution extended object, but it keeps failing. The script I am using is as follows:

             

            #!/bin/nsh
            #
            # script:  dhcp_configuration_dump.nsh
            #
            # Description: This script uses nsh to dump the DHCP server configuration
            #
            #============================================================
            #
            # Init variables
            #---------------
            TARGET="$1"

             

            nexec $TARGET /C/WINDOWS/system32/netsh.exe dhcp server \\\\$TARGET dump

             

            # Exit
            exit 0

             

             

            The output is as follows when I run it via an NSH session (attempting to mimic the extended object):

             

            emda-nbp-uea21% ./dhcp_configuration_dump.nsh emda-nbp-uea26

             

            Unable to determine the DHCP Server version for the Server <IPADDRESS>.
            Server may not function properly.

             

            I have even tried to hard code the IP address of the DHCP server into the script, to make sure it is always trying to do the dump against the DHCP server, but the result is the same.

             

            Any suggestions?

            • 4. Re: How to track if DHCP scope definitions are changed?
              Bill Robinson

              you could do this in one line, directly in the EO command box..maybe like:

               

              nexec ??TARGET.HOST?? cmd /c "netsh dhcp \\%COMPUTERNAME%% dump"

               

              the cmd /c might get your env to load, i typically put a cmd /c or sh -c before any of my nexecs.

               

              you could also try the nexec -i -l ??TARGET.HOST?? <blah>

               

              -i and -l should load some additional env settings, though it seems to affect unix more than windows.

              • 5. Re: How to track if DHCP scope definitions are changed?
                Vinnie Lima

                Doesn't seem to work.  Also the backslash seems to need to be escaped:

                 

                emda-nbp-uea24% nexec -i -l emda-nbp-uea26 cmd /c "C:\WINDOWS\system32\netsh.exe dhcp server
                \\\\<IPADDR> dump"

                 

                Unable to determine the DHCP Server version for the Server <IPADDR>.
                Server may not function properly.

                 

                But running on that system locally seems to work (note: i validated that both commands are being executed via the same user):

                 

                C:\Documents and Settings\Administrator>C:\WINDOWS\system32\netsh.exe dhcp serve
                r \\<IPADDR> dump | more

                 


                # ==============================================================
                #  Configuration Information for Server <IPADDR>
                # ==============================================================

                 

                 

                # =====================================
                #     Add Classes
                # =====================================

                Dhcp Server <IPADDR> Add Class "Default Routing and Remote Access Class" "Us.......

                 

                 

                 

                I'm starting to rethink this and instead setup a File Deploy job that outputs the results to a file, then add the Extended Object off of that file.

                • 6. Re: How to track if DHCP scope definitions are changed?
                  Vinnie Lima

                  Tried setting up an NSH Script job - didn't work.  Also tried a File Deploy job with a post-command execution, also didnt work.  Both complained:

                   

                  Unable to determine the DHCP Server version for the Server <IPADDR>.
                  Server may not function properly.

                   

                  Even though if I run it as the mapped-user for the role I am executing this job under, it works.

                  • 7. Re: How to track if DHCP scope definitions are changed?
                    Bill Robinson

                    is the dhcp server hooked into AD or standalone?  maybe it's an AD permission thing?

                    • 8. Re: How to track if DHCP scope definitions are changed?
                      Vinnie Lima

                      It's tied to AD.  I don't know if its permissions, but would expect that if I am logging in as "usera" who is the local admin account that the job is being executed as (per the user privilege mappings in the role definition), I would get same results.  But I don't quite understand exactly what the RSCD agent does to impersonate such user, and if that is not a full "impersonation" as having myself logging in interactively via RDP.

                       

                      I am going to deploy the RSCD agent on the DHCP server itself and try running the job directly on that server, maybe there will be a different result.