IPAM Access Status

okay,

i installed ipam, set provision , created gpo's.

i changed of servers found in server discovery manageability status "managed", can see gpo's security filtering server objects has been added gain access, accelerated new settings apply logging servers , issued, gpupdate /force. result of 1 of server elsal-dc1 (dns, dhcp, ad)

however, after retrieve server data ipam, ipam entry server still blocked.

i tried issuing gpupdate /force again, restarting dns , dhcp service, then retrieve server ipam still same.

here gpo security filtering.

what doing wrong?

---

for god, , country.

hi sheen,

according screen captures,it seems caused dhcp been blocked,it can due permission settings on dhcp server service.here step of configuration required @ dhcp server:

1.create network file share directory ‘%windir%\system32\dhcp’ share name dhcpaudit , allow read-only access ipam server computer account on share.

2.add ipam server computer account dhcp users local security group on dhcp servers.

3.update dhcp service access settings.

    a.get ipam computer account sid - domain controller, launch windows powershell , type get-adcomputer <ipam server name>.  in example below name of ipam server s4-ipam

    b.add ipam sid dhcp service read access status

       i.find string corresponding current permissions using sc sdshow dhcpserver

          ii.create string corresponding new permissions added typing (a;;cclcswlocrrc;;; followed ipam sid followed closed parenthesis. 

       iii.update permissions adding new permission string current permissions using sc sdset dhcpserver

4.unblock inbound traffic on dhcp rpc firewall ports enabling following inbound firewall rules

    a.dhcp server (rpc-in)

   b.dhcp server (rpcss-in)

5.unblock inbound traffic on remote service management firewall ports enabling following inbound firewall rules

    a.remote service management (rpc)

    b.remote service management  (rpc-epmap)

6.unblocking inbound file , printer sharing firewall ports enable sharing of dhcp audit logs enabling following inbound firewall rules:-

     a.file , printer sharing (smb-in)

     b.file , printer sharing (nb-session-in)

7.enable remote event log management rpc access enabling following inbound firewall rules

      a.remote event log management  (rpc)

      b.remote event log (rpc-epmap)

8.add ipam server computer account event log readers local security group on dhcp servers.

more information ipam ,please read this:

understand , troubleshoot ip address management (ipam) in windows server "8" beta

https://www.microsoft.com/en-us/download/details.aspx?id=29012

best regards,

cartman

please remember mark replies answers if , unmark them if provide no help. if have feedback technet support, contact tnmff@microsoft.com.

Windows Server  >  IPAM, DHCP, DNS