I’ve just been setting up IP Address Management (IPAM) to manage a virtual IP space using VMM and also just to get it working for IP Address management. My network is pretty simple, a single DC, my IPAM server and a VMM Server. I was looking around, encountered an issue and so I thought that I’d just go through and show you what I needed to do to get everything working.

  1. Add the IPAM Role to Window Server 2012 R2
  2. Open Server Manager and add the IPAM server
  3. Open the IPAM node
  4. Using the Quick Start select Provision the IPAM Server

     

  1. Read the information at the start of the Wizard and click Next
  2. On the Configure Database screen select to either use the WID or SQL Server, I chose WID and click Next

  1. On the Select Provisiong Method screen select Group Policy Based and enter a prefix for the IPAM GPOs, I used IPAM, clickNext.

  1. Read the summary and hit Apply
  2. When the wizard has completed read the summary and click Close
  3. Back at the IPAM Quick Start select the Configure Server Discovery link
  4. Select the domain that we want to add to the discovery scope from the drop down box and click Add, check the types of roles to discover, I checked them all, then click OK.

  1. On the IPAM Quick Start select step 4 Start Server Discovery and wait for the discovery to finish
  2. On the IPAM Quick Start select step 5 Select or add servers to manage and verify IPAM access
  3. At this point my server said Set Manageability Status with a warning sign. So Right Click the server and select Edit Server.

  1. Set it’s status to Managed and check the correct Server Types have been picked up then click OK.

  1. Next my sever showed up as blocked, there are a couple of reasons for this. First we need to make sure the server has the GPOs applied so connect to the server in question.

  1. First lets check that the GPOs exist, I did this by opening the Group Policy Management console and visually identifying them – they should have a IPAM_ prefix if you did that earlier
    1. If they don’t exist then provision them with this PowerShell, changing the appropriate params for your environment.
    Invoke-IpamGpoProvisioning -Domain contoso.com -GpoPrefixName IPAM -IpamServerFqdn ipam.contoso.com -DomainController orange-dc.contoso.com
    1. Again verify that the GPOs exist
  2. We now need to change the security filtering on the IPAM GPOs to include our server so add the servers

  1. We then need to apply the GPO to our servers using gpupdate / force
  2. To be sure the policies have applied we can run gpresult /r and should see the IPAM GPOs listed

  1. Next we need to allow our IPAM server to view the event logs on our servers so add the IPAM server to the Event Log Readers AD group. I used ADAC but you could use PowerShell like this:
    Set-ADGroup -Add:@{'Member'="CN=IPAM,CN=Computers,DC=Contoso,DC=com"} -Identity:"CN=Event Log Readers,CN=Builtin,DC=Contoso,DC=com" -Server:"Orange-DC.Contoso.com"
  2. Return to Server Manager to the IPAM node, select the Server Inventory Node, right click the server in question and selectRefresh Server Access Status then refresh Server Manager. The status should turn to IPAM Unblocked.