question

SethSimmons-2869 avatar image
0 Votes"
SethSimmons-2869 asked TravisBrowne-1156 commented

August 2021 update breaks DHCP server with Fortigate relay

In my test environment, the August update (KB5005043) installed fine and had no issues after testing.

Last Thursday I installed the update on my domain controllers in production. It installed fine but then had some strange issues over the weekend.
Devices were not getting an address from either domain controller. They would show an APIPA address and ipconfig /renew would only get a timeout. After spending hours on the phone with Meraki and Fortinet looking at switch/firewall configs and packet captures, decided to uninstall the August update from one domain controller.

Firewall debug was showing the DHCP broadcast but the domain controller sent nothing back. After a reboot, clients started getting addresses again from that server. Uninstalled the update from the other domain controller and clients were pulling from that server also. In the test environment, Windows 10 clients had no issues getting a DHCP address.

Anyone else ever heard of such a thing? Searched around and found nothing but clearly it broke after installing the update.
It is a Fortigate 501E with 6.4.6 firmware. Multiple vLANs configured for DHCP relay to both domain controllers.

windows-serverwindows-dhcp-dns
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered TravisBrowne-1156 commented

Hello SethSimmons,

This is a known issue described in https://support.microsoft.com/en-us/topic/june-21-2018-kb4284833-os-build-14393-2339-e1f91533-bb14-7076-2b9d-ad061b11d7cb
"After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid configuration when requesting a new IP address. This may result in loss of connectivity as systems fail to renew their leases."

It has been resolved in KB4345418
https://support.microsoft.com/en-us/topic/july-16-2018-kb4345418-os-build-14393-2368-f75223b5-1fda-1afa-4c8c-48a4cd3fb8ab

Hope this helps,
Best regards,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there a similar issue reported for Windows 2019? We seem to have an identical problem but it's on a Windows 2019 server.

Fortigate 40F 6.4.9 works with a relay towards an Infoblox DHCP server, but not with a Microsoft 2019 server.

0 Votes 0 ·
SethSimmons-2869 avatar image
0 Votes"
SethSimmons-2869 answered

It's not configured as a failover.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.