hirschhouse
asked on
Internet connectivity
I am running win2k server as a proxy to the internet. It is configured with two NICs: 1 for the Cable Modem , 2 for my private network to the hub. I use a 3rd party Internet sharing program called 'Sygate Home Network' on the server to shrare the cable modem nic.
THE PROBLEM:
I am unable to connect to the Internet from the server. My client computers can connect but the server its self cant ping or connect via web browser. The system was working fine until I installed Active Directories. The problem must be dealing with some sort of system permissions?? I don't know???
Any help would be great!
THE PROBLEM:
I am unable to connect to the Internet from the server. My client computers can connect but the server its self cant ping or connect via web browser. The system was working fine until I installed Active Directories. The problem must be dealing with some sort of system permissions?? I don't know???
Any help would be great!
Unfortunately you can?t run NAT and AD services on the same server. Your software is a third party Network Address Translation program and will conflict with DNS services that are required to run active directory. I believe the only way to restore internet connectivity on your server is to demote it to a member server or disable the software. Incidentally, NAT is included on W2K server in RRAS and you don?t need to install third party software to share your internet connection via NAT. If you have another member server set up Nat on that box and disable the Sygate program and you can keep AD on your present box.
Good luck,
Pete
Good luck,
Pete
ASKER
The reason I installed AD is for Exchange 5.5. exch5.5 requires installation on a Domain Controler. So what you are saying Pete is, remove the 3rd party software (Sygate) and instal RRAS? Keep in mind the nic that connects me to my cable modem must be DHCP enabled. that is my cable modem must supply the address to the nic on the server.
NOTE: the strange thing is I can get to my server from the internet and the private network. I just cant get out to the internet???
NOTE: the strange thing is I can get to my server from the internet and the private network. I just cant get out to the internet???
Can you get to the internet by IP address rather than by name like http://207.46.197.101/ms.htm ? If so you just need to configure the server's DNS to use forwarders. In DNS manager r.click server, properties, forwarders and enter the ISP's resolvers here. If enable forwarders is greyed then delete the "." zone under forward lookup zones, then actions-refresh after which it will not be gray.
ASKER
andyalder ,
No, I cannot resolve via IP.
No, I cannot resolve via IP.
Hi hirschhouse,
All I can tell you for certain is that AD and NAT don?t like to be on the same box. If you disable the Sygate program and set up RRAS and NAT on your server you?ll still have conflicts with AD. It is strange that your workstations are getting out but the server isn?t, though. I?m guessing that the workstations are getting their IP?s from your server via DHCP, that is they?re looking to the IP of the LAN NIC for resolution. How often does your ISP give you a new address? What happens if you assign that address to the DSL NIC and disable DHCP?
I was just at the sygate site and I?m wondering if it may be a security issue involving the firewall aspects of the program.
I went through the whole business of setting up NAT, promoting the server, losing connectivity, demoting the server and reconfiguring NAT. I?ll admit I not sure how it all works but I?m able to maintain multiple connections including linux and Macintosh workstations.
Anyway, I think if you want to run Exchange and the requisite AD you might want to set up a different box to share the connection from.
Hope this helps,
Pete
All I can tell you for certain is that AD and NAT don?t like to be on the same box. If you disable the Sygate program and set up RRAS and NAT on your server you?ll still have conflicts with AD. It is strange that your workstations are getting out but the server isn?t, though. I?m guessing that the workstations are getting their IP?s from your server via DHCP, that is they?re looking to the IP of the LAN NIC for resolution. How often does your ISP give you a new address? What happens if you assign that address to the DSL NIC and disable DHCP?
I was just at the sygate site and I?m wondering if it may be a security issue involving the firewall aspects of the program.
I went through the whole business of setting up NAT, promoting the server, losing connectivity, demoting the server and reconfiguring NAT. I?ll admit I not sure how it all works but I?m able to maintain multiple connections including linux and Macintosh workstations.
Anyway, I think if you want to run Exchange and the requisite AD you might want to set up a different box to share the connection from.
Hope this helps,
Pete
Exchange 5.5 doesn't need to be installed on a DC. It needs a DC in the domain to authenticate users as other NT services do.
"Keep in mind the nic that connects me to my cable modem must be DHCP enabled. that is my cable modem must supply
the address to the nic on the server."
-- you can configure 1 NIC to use DHCP and the other to be static.
Petemcc, I've run Win2k NAT on a DC with AD enabled before and it was working fine. Third party NAT works the same way as Win2k NAT. It just translates and forwards ip packets to the destination hosts -- why would AD affect its functionality?
hirschhouse, is this 3rd party software a NAT or a Proxy software? They are different, but some packages include both. Can you please provide some infor. on how you configured it? I know that installing VPN modifies the TCP/IP configuration and can cause confusion, but not NAT. Please provide more infor.
"Keep in mind the nic that connects me to my cable modem must be DHCP enabled. that is my cable modem must supply
the address to the nic on the server."
-- you can configure 1 NIC to use DHCP and the other to be static.
Petemcc, I've run Win2k NAT on a DC with AD enabled before and it was working fine. Third party NAT works the same way as Win2k NAT. It just translates and forwards ip packets to the destination hosts -- why would AD affect its functionality?
hirschhouse, is this 3rd party software a NAT or a Proxy software? They are different, but some packages include both. Can you please provide some infor. on how you configured it? I know that installing VPN modifies the TCP/IP configuration and can cause confusion, but not NAT. Please provide more infor.
ASKER
Matt,
Im not realy sure if Sygate Is NAT or not?
My configuration:
I have Sprint broadband for an internet connection. Sprint provides the cable modem (router) with one public IP that never changes. the cable modem has DHCP running for the private side. the cable modem MUST serve DHCP or it will not allow routing from a computer to the internet (the scope is 1 address). I wanted to use more than one computer at home on the internet so i installed a second NIC and sygate on Win2k pro. later I decided I wanted to run IIS and exchange so i installed W2k Server. W2k server, IIS and Sygate were all very happy together. Exchange was looking for a DC. so i promoted the server. now everything still works fine accept for the fact I cant get out when on the server. you can get in from the internet, and out from client computers. I dont have another machine i can dedicate as a DC.
Sygate configuration:
sygate has a manager. you simply tell it the address of the private nic and the address of the public nic. sygate runs its own DHCP for client machines..
Is that enough info????
I sure hope this can be solved with the resources in place?!
I think i'll increase the point value X2!
HELP
Im not realy sure if Sygate Is NAT or not?
My configuration:
I have Sprint broadband for an internet connection. Sprint provides the cable modem (router) with one public IP that never changes. the cable modem has DHCP running for the private side. the cable modem MUST serve DHCP or it will not allow routing from a computer to the internet (the scope is 1 address). I wanted to use more than one computer at home on the internet so i installed a second NIC and sygate on Win2k pro. later I decided I wanted to run IIS and exchange so i installed W2k Server. W2k server, IIS and Sygate were all very happy together. Exchange was looking for a DC. so i promoted the server. now everything still works fine accept for the fact I cant get out when on the server. you can get in from the internet, and out from client computers. I dont have another machine i can dedicate as a DC.
Sygate configuration:
sygate has a manager. you simply tell it the address of the private nic and the address of the public nic. sygate runs its own DHCP for client machines..
Is that enough info????
I sure hope this can be solved with the resources in place?!
I think i'll increase the point value X2!
HELP
Matt023, you are right. I have been confusing features of ICS and NAT, plus looking back at my own experiences.
From the MS website:
The ICS service is one implementation of Network Address Translation (NAT) that Windows 2000 uses. The ICS service automatically sets up a mini DHCP scope and a DNS Proxy service to enable clients on the private network to use ICS and get on the Internet.
The DHCP allocator and DNS Proxy services are not configurable in ICS and start as soon as the service is enabled. Because these services bind to the same TCP ports that a DDNS or DHCP server uses, ICS conflicts if these services are running.
And:
To resolve this issue, do not run the ICS service on a DHCP or DDNS server. NAT (which is installed using routing protocols in the Routing and Remote Access Service (RRAS) snap-in) works correctly if you do not enable the DNS Proxy service or the DHCP allocator.
From the sygate home network page:
?Sygate Home Network is based on Network Address Translation (NAT) with a built-in DHCP server that automatically assigns all required parameters to each computer enabling simultaneous Internet connectivity to every PC on your network?
Is the Sygate more like ICS or NAT?
Pete
ASKER
I disabled DHCP and DNS???? Still no joy?
I would check the bindings on the NIC cards, and also, please copy and paste the result of
ipconfig /all
and
route print.
This may help.
ipconfig /all
and
route print.
This may help.
ASKER
I think my bindings are good
C:\Documents and Settings\administrator.MAS
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : mask
Primary DNS Suffix . . . . . . . : home.hirschhouse.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.hirschhouse.net
phoenix.speedchoice.com
hirschhouse.net
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : phoenix.speedchoice.com
Description . . . . . . . . . . . : Network Everywhere Fast Ethernet Ada
pter(NC100 v2)
Physical Address. . . . . . . . . : 00-03-6D-16-45-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 24.221.114.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 24.221.114.21
DHCP Server . . . . . . . . . . . : 24.221.114.21
DNS Servers . . . . . . . . . . . : 24.221.30.4
Lease Obtained. . . . . . . . . . : Friday, July 20, 2001 8:18:10 AM
Lease Expires . . . . . . . . . . : Friday, July 20, 2001 8:33:10 AM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Netelligent 10/100TX PCI Embedded UT
P/AUI Controller
Physical Address. . . . . . . . . : 00-80-5F-C1-88-04
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 24.221.114.22
DNS Servers . . . . . . . . . . . : 24.221.114.22
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
==========================
Interface List
0x1 ..........................
0x2 ...00 03 6d 16 45 94 ...... Network Everywhere Fast Ethernet Adapter NDIS5 D
river
0x3 ...00 80 5f c1 88 04 ...... Compaq NetFlex-3 Driver, Version 4.28
==========================
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.221.114.21 24.221.114.22 1
0.0.0.0 0.0.0.0 24.221.114.22 192.168.0.101 1
24.221.114.0;255.255.255.0
24.221.114.22;255.255.255.
24.255.255.255;255.255.255
127.0.0.0; 255.0.0.0; 127.0.0.1; 127.0.0.1; 1
192.168.0.0;255.255.255.0;
192.168.0.101;255.255.255.
192.168.0.255;255.255.255.
224.0.0.0;224.0.0.0;24.221
224.0.0.0;224.0.0.0;192.16
255.255.255.255;255.255.25
Default Gateway: 24.221.114.22
==========================
Persistent Routes:
None
IT IS A MESS BUT HERE IT IS
C:\Documents and Settings\administrator.MAS
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : mask
Primary DNS Suffix . . . . . . . : home.hirschhouse.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.hirschhouse.net
phoenix.speedchoice.com
hirschhouse.net
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : phoenix.speedchoice.com
Description . . . . . . . . . . . : Network Everywhere Fast Ethernet Ada
pter(NC100 v2)
Physical Address. . . . . . . . . : 00-03-6D-16-45-94
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 24.221.114.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 24.221.114.21
DHCP Server . . . . . . . . . . . : 24.221.114.21
DNS Servers . . . . . . . . . . . : 24.221.30.4
Lease Obtained. . . . . . . . . . : Friday, July 20, 2001 8:18:10 AM
Lease Expires . . . . . . . . . . : Friday, July 20, 2001 8:33:10 AM
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Netelligent 10/100TX PCI Embedded UT
P/AUI Controller
Physical Address. . . . . . . . . : 00-80-5F-C1-88-04
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 24.221.114.22
DNS Servers . . . . . . . . . . . : 24.221.114.22
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
C:\Documents and Settings\administrator.MAS
==========================
Interface List
0x1 ..........................
0x2 ...00 03 6d 16 45 94 ...... Network Everywhere Fast Ethernet Adapter NDIS5 D
river
0x3 ...00 80 5f c1 88 04 ...... Compaq NetFlex-3 Driver, Version 4.28
==========================
==========================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 24.221.114.21 24.221.114.22 1
0.0.0.0 0.0.0.0 24.221.114.22 192.168.0.101 1
24.221.114.0;255.255.255.0
24.221.114.22;255.255.255.
24.255.255.255;255.255.255
127.0.0.0; 255.0.0.0; 127.0.0.1; 127.0.0.1; 1
192.168.0.0;255.255.255.0;
192.168.0.101;255.255.255.
192.168.0.255;255.255.255.
224.0.0.0;224.0.0.0;24.221
224.0.0.0;224.0.0.0;192.16
255.255.255.255;255.255.25
Default Gateway: 24.221.114.22
==========================
Persistent Routes:
None
IT IS A MESS BUT HERE IT IS
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Let me try to understand: Win2k server has 2 NIC's - public = 24.221.114.22 (dynamic from the cable modem); private = 192.168.0.101.
The cable modem has a static Ip address of 24.221.114.21 and acts as a DHCP server with a 1 address scope.
Sygate is a NAT program with a DHCP server.
You have just disabled the Win2k DHCP and DNS server.
Your routing table looks fine.
This is pretty complicated. Let's try to troubleshoot this step by step. First off, you did the right thing by disabling the Win2k DHCP server. One thing that I notice is that your LAN interface is using the 24.221.114.22 as a DNS server and the default gateway is also set to the same address. Try changing the default gateway to the 24.221.114.21 address. Also add another DNS server entry in the TCP/IP configuration to point to the same DNS server used on the public interface. What is the DNS server entry on the client pc's? Let's give this a try and see what happens. I'm not sure how AD can cause the server not communicate to the Internet. Exchange and AD should have effected it. Let see what happens with the changes mentioned above. Good luck.
The cable modem has a static Ip address of 24.221.114.21 and acts as a DHCP server with a 1 address scope.
Sygate is a NAT program with a DHCP server.
You have just disabled the Win2k DHCP and DNS server.
Your routing table looks fine.
This is pretty complicated. Let's try to troubleshoot this step by step. First off, you did the right thing by disabling the Win2k DHCP server. One thing that I notice is that your LAN interface is using the 24.221.114.22 as a DNS server and the default gateway is also set to the same address. Try changing the default gateway to the 24.221.114.21 address. Also add another DNS server entry in the TCP/IP configuration to point to the same DNS server used on the public interface. What is the DNS server entry on the client pc's? Let's give this a try and see what happens. I'm not sure how AD can cause the server not communicate to the Internet. Exchange and AD should have effected it. Let see what happens with the changes mentioned above. Good luck.
ASKER
SysExpert !
You rock! That worked....So simple, It realy kicked my butt.
I would like to give points to both SysExpert & Petemcc, for spending so much time with me, thanks. can you tell me how to accept one answer and give points to both or accept both????
You rock! That worked....So simple, It realy kicked my butt.
I would like to give points to both SysExpert & Petemcc, for spending so much time with me, thanks. can you tell me how to accept one answer and give points to both or accept both????
To distribute points you can accept a comment as an answer or
You can open up new questions with points for each expert with a subject like " For xxxnname" for help with...
, and notify the experts here of what you did and perhaps even provide the links,
or
You can put in a request to
https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
to distribute the points in any manner you think is proper.
This is especially true when you think you have received good information from more than one person.
I hope this helps !
I meant Exchange and AD shouldn't have effected it. 2nd to last line.
wow, Sysexpert beats me to it. I guess fast typing mean a lot. congrates.
wow, Sysexpert beats me to it. I guess fast typing mean a lot. congrates.
Nice work, sysexpert
Also check the bindings on both NICs and see if they have changed since the AD install.
http://www.microsoft.com/windows2000/techinfo/planning/walkthroughs/default.asp
http://www.microsoft.com/technet/win2000/win2ksrv/add.asp
Deploy active directory
I hope this helps !