Windows Server DHCP Failover BAD_ADDRESS

I have two Window Server 2016 servers configured as a failover pair DHCP servers. Everything had been working fine for more than a year until suddenly clients were not able to get leases and the DHCP scope statistics indicated that the pools had no more addresses to assign. Using a bit of PowerShell

$computername = “server01”

$scopeid = "”

import-module DHCPServer

foreach ($object in Get-DhcpServerv4Lease –ComputerName $computername –ScopeId $scopeid)


if ($object.AddressState –eq 'BAD_ADDRESSES')





I saw the following:

IPAddress ScopeId ClientId HostName AddressState LeaseExpiryTime
--------- ------- -------- -------- ------------ --------------- 65-00-14-0a BAD_ADDRESS Declined 7/17/2018 4:04:... 6b-00-14-0a BAD_ADDRESS Declined 7/20/2018 4:16:... 6c-00-14-0a BAD_ADDRESS Declined 7/18/2018 2:50:... 6f-00-14-0a BAD_ADDRESS Declined 7/9/2018 4:18:4... 78-00-14-0a BAD_ADDRESS Declined 7/9/2018 6:30:2...

Edited for brevity. Nearly the entire scope was filled up like this.

After much head scratching, I looked in the Windows Event Viewer on both servers and saw the following error repeatedly logged on one of the servers “The server detected that it is out of time synchronization with partner server: for failover relationship: SLP-DHCP-Failover. The time is out of sync by: 163 seconds .” This error was logged under the “Applications and Service Logs -> Microsoft -> Windows-DHCP Server -> Microsoft-Windows-DHCP Server Events/Admin”

I checked the clock on the partner server and noticed it was more than four minutes off from the other DHCP server. When looking at the NTP status using the command “w32time /query /status” there wasn’t any NTP server defined! Once I re-issued the “w32tm /resync /rediscover” command it discovered the domain controller and after a bit of time the clocks were in sync and all my DHCP issues were resolved.

SSL Host Headers in IIS 7.x

In order to leverage host header capabilities with SSL enabled sites you need to use a command line tool as the IIS GUI management tool does not allow you to bind multiple SSL sites to the same IP.

The ‘appcmd’ executable is in the following path %windir%\system32\inetsrv

The syntax is:

appcmd set site /"Site Name" /+bindings.[protocol='https',bindingInformation='*']

Windows Server 2003 Command Line Tab Completion

I ran across a server that was running Windows Server 2003, but it was actually an upgraded Windows Server 2000 machine. This meant that the glorious tab completion function didn’t work within a command prompt window.

In order to enable this functionality a simple registry change is required.

Navigate to HKEY_CURRENT_USER\Software\Microsoft\Command Processor and edit the CompletionChar value to the hex equivalent of the key you’d like to use. to use the tab key a value of 9 is required.

Registry Screen Shot

Here’s the Microsoft page on this topic (KB 244407)

Search for host headers in IIS

I had an issue today that required me to determine what virtual directory was responding to a particular host header. I quickly located a VB script that handled this task with ease. The script is courtesy of this page:


DIM strServer
DIM objWebService

TAB  = CHR(9)
CRLF = CHR(13)& CHR(10)IF WScript.Arguments.Length =1THEN
    strServer = WScript.Arguments(0)ELSE
    strServer ="localhost"ENDIF

WScript.Echo "Enumerating websites on "& strServer & CRLF
SET objWebService = GetObject("IIS://"& strServer &"/W3SVC")
EnumWebsites objWebService

SUB EnumWebsites( objWebService )DIM objWebServer, objWebServerRoot, strBindings

    FOREACH objWebServer IN objWebService
        IF objWebserver.Class="IIsWebServer"THENSET objWebServerRoot = GetObject(objWebServer.adspath &"/root")
            WScript.Echo _
                "Site ID = "& objWebserver.Name & CRLF & _
                "Comment = """& objWebServer.ServerComment &""" "& CRLF & _
                "State   = "& State2Desc( objWebserver.ServerState )& CRLF & _
                "Path   = "& objWebServerRoot.path & CRLF & _
                "LogDir  = "& objWebServer.LogFileDirectory & _
                ""' Enumerate the HTTP bindings (ServerBindings) and' SSL bindings (SecureBindings)
            strBindings = EnumBindings( objWebServer.ServerBindings )& _
                          EnumBindings( objWebServer.SecureBindings )IFNOT strBindings =""THEN
                WScript.Echo "IP Address"& TAB & _
                             "Port"& TAB & _
                             "Host"& CRLF & _
            ENDIFENDIFNEXTENDSUBFUNCTION EnumBindings( objBindingList )DIM i, strIP, strPort, strHost
    DIM reBinding, reMatch, reMatches
    SET reBinding =NEW RegExp
    reBinding.Pattern ="([^:]*):([^:]*):(.*)"FOR i = LBOUND( objBindingList )TO UBOUND( objBindingList )' objBindingList( i ) is a string looking like IP:Port:HostSET reMatches = reBinding.Execute( objBindingList( i ))FOREACH reMatch IN reMatches
            strIP = reMatch.SubMatches(0)
            strPort = reMatch.SubMatches(1)
            strHost = reMatch.SubMatches(2)' Do some pretty processingIF strIP =""THEN strIP ="All Unassigned"IF strHost =""THEN strHost ="*"IF LEN( strIP )<8THEN strIP = strIP & TAB

            EnumBindings = EnumBindings & _
                           strIP & TAB & _
                           strPort & TAB & _
                           strHost & TAB & _

        EnumBindings = EnumBindings & CRLF
        State2Desc ="Starting (MD_SERVER_STATE_STARTING)"CASE2
        State2Desc ="Started (MD_SERVER_STATE_STARTED)"CASE3
        State2Desc ="Stopping (MD_SERVER_STATE_STOPPING)"CASE4
        State2Desc ="Stopped (MD_SERVER_STATE_STOPPED)"CASE5
        State2Desc ="Pausing (MD_SERVER_STATE_PAUSING)"CASE6
        State2Desc ="Paused (MD_SERVER_STATE_PAUSED)"CASE7
        State2Desc ="Continuing (MD_SERVER_STATE_CONTINUING)"CASEELSE
        State2Desc ="Unknown state"ENDSELECTENDFUNCTION


Exchange 2007 Outlook Web Access Default Domain

When using Exchange 2007 in a single domain environment users can log in using just a username instead of domain\username. This was problematic in Exchange 2003 because of the DS2MB background process, but simple to do in Exchange 2007.

Open Exchange Management Console
Expand Server Configuration
Select Client Access and click the Outlook Web Access tab
Select owa (Default Web Site) and click the Properties action
Click the Authentication tab
Under Use forms-based authentication, select User name only
Click Browse and select the domain name
Click OK

Or, using PowerShell:

Set-OWAVirtualDirectory -Identity “owa (default web site)” -LogonFormat username -DefaultDomain

Finally run IISRESET /NOFORCE from a command promp to restart IIS and enforce the change.

This will update the logon page to display the new logon requirements.