Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Two SBS 2003's sharing a single router

Posted on 2005-05-12
8
Medium Priority
?
439 Views
Last Modified: 2010-04-19
Hi all, trust you are well.

I would like to share a single ADSL Router (4 port) for two SBS 2003 servers:

Will this work:

(each server has two network cards)

SBS Server 1 has ip address 192.168.16.x on its 1st NIC (running DHCP for client PCs)
SBS Server 1 has ip address assigned by ADSL router of 10.0.0.x

SBS Server 2 has ip address of 192.168.0.x on 1st NIC (running DHCP for client PCs)
SBS Server 2 has ip address assigned by ADSL router of 10.0.0.y

PRINTER 1 has IP of 10.0.0.z
PRINTER 2 has IP of 10.0.0.s

Would this work?

Thankyou
Sean
0
Comment
Question by:SeanNij
  • 4
  • 2
  • 2
8 Comments
 
LVL 97

Expert Comment

by:Lee W, MVP
ID: 13990364
If the printers are served by the server, then that should work fine.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13993048
Sean,

leew -- no, you can't have 2 SBS's on the same network even with different subnets (unless as I describe below).

I thought we already went over this...  I have tried EXACTLY what you describe above and you will still run into problems.  I will tell you that it can ONLY be done this way, as quoted from Peter Gallagher from the Microsoft Small Business Server team:

1.  Only one can be a DHCP server

2.  You will likely have to statically assign IP's on one of the networks

3.  You *may* run into problems with printers, depending on various print monitors that get install with the various printers.

4.  The computers on network "A" are only licensed to connect to resources on SBS "A", and vice versa.  If you have 10 users on each network (for a total of 20) and each 10 access resources on the other domain, you will need 20 licenses on each server.  Remember a license is required for an authenticated connection (printing). <<<---- This is going to be a problem for you!

5.  Be absolutely sure that the naming on each domain controller and workstations are unique.  Two domain controllers with the same name (even if they are different domains) will cause a huge problem.  Workstations will also have problems if there are dup names, but that can be easily overcame by renaming the workstation).

I would also add that if you use a router that supports virtual circuits you will be a bit better off, but the reality is that you are trying to share a printer which requires authentication and thus CAL's.  An option would be to connect the printer directly to the router and give it an external IP address (as I had suggested to you previously).

I know that you are really trying to make this work... but it is rather difficult to plan after-the-fact.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13993063
Just one point of clarification... by making the printers 10.0.0.x/z/whatever they are not actually members of either domain and thus cannot have ANY permissions attached to them... which means that a user from Network A can manipulate  a document that has been sent from a user from Network B.  (you can read into that as much as you like... but redirecting a copy is what comes to mind... it's a security issue).
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:SeanNij
ID: 13993309
Jeff, thanks, i think i'm more trying to understand why it is that you cant do this. Dont mean to be a pain.

Also the servers in turn on their first NIC are connected to their own switches and in turn each network of client pc's are connected to that "servers" switch.

If we for a minute negated the security around printing, and assumed that we didnt want users on networdk A to to see anything on network B, would it work - following all your rules associated with naming etc.

OR

What you saying is that even though the routers DHCP server assigns an ip address to the 2nd NIC of each SBS server, they will confict (the two sbs servers)?

Thanks
Sean


0
 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 1000 total points
ID: 13993400
Jeff,

I have to disagree.  I know you're an SBS expert, but consider this:

1 & 2: The original question was not clear - I assumed each 192 network was on a seperate network device.  If they are, then DHCP from Server 1 should have no route to the otehr 192 network of Server 2.  However, even if this weren't the case, if reservations and limited scopes were used, then there could be two DHCP servers on the same network as opposed to requiring a 3rd DHCP system OR the use of static addresses.

3: If the printer is networkable to begin with, then there's no problem installing it locally on either - OR BOTH - servers.  There is the limited risk of a jam from one print job/server could hang it for the other, but that's not a big deal in a small office environ.

4: The assumption is that they are NOT accessing resources on the other domains as you cannot setup trusts with SBS.  Thus if there are 10 and 10, they are NOT accessing resources.  Besides, IF they were, the licensing of each server would limit the connections possible.

5: Agreed -- in a Windows network, no name should be the same as another name - no ccomputer name that matches a user name, no computer name that matches a domain name.



0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 14001466
leew,

I didn't write those steps, as I mentioned above they are a direct quote from Peter Gallagher, so please understand that I realize that they weren't EXACTLY written to this situation.  But...

Essentially, the problem is that the external NICs WILL be on the same subnet... and therefore there will be traffice exchanges between them.  

Secondly, the resources that ARE being shared are the printers.  We haven't yet established the type/model of these printers, but if they can be installed locally to BOTH servers it would have to be via a third IP subnet to account for the item I noted above.  

Regarding DHCP... "If reservations and scopes are used" can be a very troublesome process, compared to the incredible ease of use that SBS provides.



Sean...

You definitely aren't being a pain... these are questions that a lot of people have which is really why I take the time to respond here (not that you aren't important... but it's nice to know that there will be others that can benefit).  :-)

I've often said before, and I'll repeat here... the majority of the questions I hear are not necessarily going to get answers that solve the problem because the question  may not be the right one.  So, let's look at what you are REALLY trying to accomplish.  As I understand your situation and your goals:

1.  Two separate companies sharing the same office space
2.  Two Small Business Servers which are already purchsed
3.  The desire to share printers
4.  The desire to share an Internet connection
(and I'm throwing this one in as well)
5.  The lowest cost of continuing maintenance

One factor that is unanswered is if you have more than one static IP address.  I am going to assume that you do because if you don't, you're going to have problems with inbound traffic going to the right place because you can't have one of your servers handle "header" routing (traffic routed by domain name rather than IP address).  

One of the main issues that wasn't being addressed by your question is how to deal with inbound traffic -- port forwarding.  One of the fantastic benefits of SBS is Remote Web Workplace (along with Outlook Web Access).  Its important to consider this as well.  Another thing to note is that by having two NICs in your servers, they are, in fact, routers.  Also... I looked back into your question history and see that you were wrongly advised about adding ISA to your SBS standard boxes.  This can be done, quite easily by buying the upgrade from Standard to Premium.  The reason I bring this up is that my solution below is not entirely secure with out some kind of additional firewall, either software or hardware. (I've assumed that your "ADSL Router (4 port)" is not an extremely sophisticated model since you didn't name it by Brand/Model).  Therefore, you may want to consider adding ISA to your servers at some point.

My suggestion would be that you use static routes from your router to the External NICs on each SBS and to each of the printers.  You would need to enable Internet printing in IIS (http://support.microsoft.com/default.aspx?scid=kb;en-us;323428) and would probably want to filter the printer connections to only accept traffic from your IPs... but that would avoid having to authenticate to a printer that is part of a domain.

Also, you don't want your router providing DHCP... especially to your external NICs... those should always be manually assigned.  When your router is handling DHCP you would have to manually configure the DNS on both of the servers so that http://companyweb works, among other things.  I would still only allow one of the networks to use DHCP, but if you want to attempt to configure the scope and reservations on both, then you should be okay... although I think that's more work than manually assigning IP's and protocols.

Therefore, to rewrite your schema above:

SBS Server 1 has ip address 192.168.16.x on its 1st NIC (running DHCP for client PCs)
SBS Server 1 has ip address manually assigned of ab.cd.ef.vv (external WAN IP provided by your ISP)

SBS Server 2 has ip address of 10.0.0.x on 1st NIC (running DHCP for client PCs -- or not... as noted above)
SBS Server 2 has ip address manually assigned of ab.cd.ef.xx (external WAN IP2 provided by your ISP)

PRINTER 1 has IP of ab.cd.ef.yy (external WAN IP3 provided by your ISP)
PRINTER 2 has IP of ab.cd.ef.zz (external WAN IP4 provided by your ISP)

Truth be told... it really seems as though you might just want to bring in another DSL line and add another router... it really would make things much easier to manage in the long run. You could eventually configure them to be backup connections for eachother... but that's for another day once you get your primary task completed.

Also, depending on your location and ISP, they may actually have a dual router solution for you.  (not to be confused with a dual WAN router which is the opposite of what you want -- that would provide two WAN connections to one server).

I am aware of a few routers that have virtual circuits... but from experience they are extremely difficult to configure for SBS environments.

Hope I didn't add more confusion to the situation...

Jeff
TechSoEasy



0
 
LVL 1

Author Comment

by:SeanNij
ID: 14815476
Feedback time:

The good news is it is working. Heres what I.

Server 1: Address Range 192.168.16.x
Server 2: Address Range 10.0.0.x

I removed the 10.0.0.x range from the LAT in ISA on Server1 and vica versa on Server2

I disabled dhcp on the second server and gave all the clients  that connect to that server a fixed ip (10.0.0.x).

I put in a Cisco800 Router with 4 Static IPs and connected each second network interface to the router giving them an external ip in the range on the router. (Jeff, you were right, incoming traffic too the servers became problamtic on the ADSL DHCP Router we thought of doing orginally.)

In terms of the printers - something i didn't know, is that the network printers used at this client allow me to bind more then one ip address to the interface (how this actually works i dont know) but it does - i gave each printer two ip address (one of each range) and yes the pcs can printer to either - we were initally going to put them into the 3rd and 4th ip supplied, but the crowd who supplied the router told us that some network printers allow for this. (Should've known weeks ago...)

Its all working.

Problems experienced though.

Once I disabled the DHCP, the internet connection wizard doesn't want to run - so I had to manually configure the second nic and isa.
It absolutly imperative that the PC have different names! (Missed that point Jeff - and so did one of my techies...)
The printer software does seem to "hang" occasionally. But i think this is to do with the network printer allowing two ip's?

Final MAJOR Problem! The owner of the business realised this morning that he wont be able to see shared on the other network now, and there was a file he needed access to. PRAT!!!! Well, told him to buy another pc and log into each "network" cause i dont have enough points on EE to solve that one!!!

As far as the licencing goes, they have two full pack SBS premiums plus enough cal on each for the connecting users. (Essentially i treated the licencing like two completely seperate companies)

So, it can be done. I would like to try and get the DHCP server to run on both as mentioned by LeeW. But it is not a critical at them moment.

Thankyou so much for all the valuable input. I'm splitting the points for each as i think the resolution has been taken from both your inputs.

Again, thankyou!
Sean




0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 14815970
Good job!  Sounds like you got most of it figured out.  The same name thing is something I didn't anticipate but you are right that it would cause a problem, because Netbios over TCP/IP is enabled on SBS's.  

For the shared files, you may want to look into some kind of Network Attached Storage device... most of the external networked hard drives around (Maxtor, Buffalo, etc) actually run Linux as their OS, and can easily be accessed by both servers/networks in much the same way your printers are.  Some of these drives actually have print servers as part of them (http://h18006.www1.hp.com/products/storageworks/dl100storageserver/ or http://www.buffalotech.com/products/product-detail.php?productid=104&categoryid=22)  which may resolve your "hang" issue.

Jeff
TechSoEasy
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question