Loan

Aug 11 2017

Windows Server 2008 RC2 DHCP Server Option 119 – Matt Zuba #server #windows # #r

#

Matt Zuba

web developer | health and fitness coach | husband | dad

Windows Server 2008 RC2 DHCP Server Option 119

If you ve scoured through Windows Server configurations for the DHCP server looking to set the Search Domains and have come up empty, there s good reason: Most, if not all, versions of Windows do not support setting Search Domains via DHCP (option 119), thus Microsoft does not include a visible option to set this on their DHCP servers.

99% of the computers used at my company are Windows based, so we use GPO to push down the search domains and it works pretty well. We do, however, have iPads used by upper management, as well as Android users connecting to the corporate wifi and a few of us using Linux based operating systems which won t accept Microsoft s GPO. We were essentially out in the cold unless we manually configured our networking options to add all of the search domains used by our company.

Someone in Executive Management requested that the GPO only push of search domains be changed to be included in the DHCP server for any non-Windows users. After 3 hours of troubleshooting, searching the web, and scouring RFC s, we finally implemented it. Here are some notes about our journey: Technet is wrong when it explains how to add this functionality; everyone who says just use GPO simply didn t get that non-Windows couldn t use GPO; Stephen was close in his explanation, but that still didn t work (chankster even pointed him to the RFC that helped me, but he brushed it off).

The size does indeed have to be per domain component (excluding the . ); but the size also comes BEFORE the domain component, not after. The domain in it s entirety also needs to be null terminated. So here s an example: apple.com (we ll use Stephen s example as a base).

We have two domain components: apple and com
Translated to hex, we get the following:

The size of apple is 5, or 0x05 and the size of com is 3, or 0x03, so our complete string is

Each one of these needs to be individually added as a separate byte in the array for the 119 option in the DHCP server configuration (Remember to null terminate the entries with 0x00). Once we made this change and saved it, our non-Windows based clients were then able to get the Search Domains via DHCP (note: it appears Android does not support option 119 as well, at least from my testing with packets from Wireshark).

Hope this helps someone out.

Share this:

Post navigation

Glad you got it sorted I was a bit perplexed at first, because all but one of our domains at work are sub-domains, so it should have worked.

http://www.ea.n-lanark.sch.uk/ecc Andrew McNaughton

Thanks! Brilliant lifesaver. We re slowly moving all our DHCP to Windows across hundreds of schools and we have various intranet sites with different domain endings. This helps the Macs get there where the content has many unqualified links. Don t approve of unqualified links myself but you can t stop everyone in such a large disparate organisation.

Sorry to ask dummie questions (hope this help other dummies), so let s say, i.e. I set 119 as a default dhcp option on a DHCP Windows Server, type string. Then configuring a scope options for a search list in foo.com and tenletters.com, according to Microsoft http://technet.microsoft.com/en-us/library/dd572752(office.13) .aspx I should write in the String field foo.com;tenletters.com, but this shouldn t work on all OSes.
Instead you suggest to set option 119 type as Byte and flag Array , then add for each (?) suffix an 119 option like 0x03 0x66 0x6f 0x6f 0x03 0x63 0x6f 0x6d 0x00 (corresponding to foo.com) and 0x0a 0x74 0x65 0x6e 0x6c 0x65 0x74 0x74 0x65 0x72 0x7a 0x03 0x63 0x6f 0x6d 0x00 (corresponding to tenletterz.com)? Does this work on Windows XP to 7?

In any case, readers take care to convert string length, which is a number, following the link Decimal to Hex

Sorry, forgot to change all tenletterz.com. No offense and no reference to letters.com (existing)

Yes, I m basically saying don t listen to Microsoft. This will not work on any Windows machine as Windows does not support option 119. If you want to push down search domains to Windows machines you ll need to either manually configure it on your machines or use Group Policy.

So you are saying that if i configure this option 119 on a server 2012 dhcp server that my non-domain joined PCs will not pick up this search list? Even if i follow your procedure for the length,hex,null at end?

How would you do this then if you have machines from another domain need a suffix search at this site?

No, I m saying that Windows doesn t support option 119, regardless of whether they re domain or non-domain machines. Option 119 will only work for domain or non-domain machines/devices that support it (Mac, Linux, etc).

If you have Windows machines on another domain that need to search this domain, either push it down with GPO or manually configure it in the network settings.

Thanks Matt for the information. However, I have followed your instructions but my mac clients are still not receiving the domain search list. Is there an order in which you enter the bytes into the Data Byte Entry?
In your example: 0x05 0x61 0x70 0x70 0x6c 0x65 0x03 0x63 0x6f 0x6d 0x00, do you enter 0x05 first, or 0x00?
Many thanks in advanced!

We typed them in, in the exact order shown. I d suggest using a tool like Wireshark to capture the packets on the Mac (or over the wire in promiscuous mode) and see if a) the Mac is requesting option 119 from the server, and b) if so, what the response from the server is.





Written by admin


Leave a Reply

Your email address will not be published. Required fields are marked *