Two SBS 2003's sharing a single router

Hi all, trust you are well.

I would like to share a single ADSL Router (4 port) for two SBS 2003 servers:

Will this work:

(each server has two network cards)

SBS Server 1 has ip address 192.168.16.x on its 1st NIC (running DHCP for client PCs)
SBS Server 1 has ip address assigned by ADSL router of 10.0.0.x

SBS Server 2 has ip address of 192.168.0.x on 1st NIC (running DHCP for client PCs)
SBS Server 2 has ip address assigned by ADSL router of 10.0.0.y

PRINTER 1 has IP of 10.0.0.z
PRINTER 2 has IP of 10.0.0.s

Would this work?

Who is Participating?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

I didn't write those steps, as I mentioned above they are a direct quote from Peter Gallagher, so please understand that I realize that they weren't EXACTLY written to this situation.  But...

Essentially, the problem is that the external NICs WILL be on the same subnet... and therefore there will be traffice exchanges between them.  

Secondly, the resources that ARE being shared are the printers.  We haven't yet established the type/model of these printers, but if they can be installed locally to BOTH servers it would have to be via a third IP subnet to account for the item I noted above.  

Regarding DHCP... "If reservations and scopes are used" can be a very troublesome process, compared to the incredible ease of use that SBS provides.


You definitely aren't being a pain... these are questions that a lot of people have which is really why I take the time to respond here (not that you aren't important... but it's nice to know that there will be others that can benefit).  :-)

I've often said before, and I'll repeat here... the majority of the questions I hear are not necessarily going to get answers that solve the problem because the question  may not be the right one.  So, let's look at what you are REALLY trying to accomplish.  As I understand your situation and your goals:

1.  Two separate companies sharing the same office space
2.  Two Small Business Servers which are already purchsed
3.  The desire to share printers
4.  The desire to share an Internet connection
(and I'm throwing this one in as well)
5.  The lowest cost of continuing maintenance

One factor that is unanswered is if you have more than one static IP address.  I am going to assume that you do because if you don't, you're going to have problems with inbound traffic going to the right place because you can't have one of your servers handle "header" routing (traffic routed by domain name rather than IP address).  

One of the main issues that wasn't being addressed by your question is how to deal with inbound traffic -- port forwarding.  One of the fantastic benefits of SBS is Remote Web Workplace (along with Outlook Web Access).  Its important to consider this as well.  Another thing to note is that by having two NICs in your servers, they are, in fact, routers.  Also... I looked back into your question history and see that you were wrongly advised about adding ISA to your SBS standard boxes.  This can be done, quite easily by buying the upgrade from Standard to Premium.  The reason I bring this up is that my solution below is not entirely secure with out some kind of additional firewall, either software or hardware. (I've assumed that your "ADSL Router (4 port)" is not an extremely sophisticated model since you didn't name it by Brand/Model).  Therefore, you may want to consider adding ISA to your servers at some point.

My suggestion would be that you use static routes from your router to the External NICs on each SBS and to each of the printers.  You would need to enable Internet printing in IIS (;en-us;323428) and would probably want to filter the printer connections to only accept traffic from your IPs... but that would avoid having to authenticate to a printer that is part of a domain.

Also, you don't want your router providing DHCP... especially to your external NICs... those should always be manually assigned.  When your router is handling DHCP you would have to manually configure the DNS on both of the servers so that http://companyweb works, among other things.  I would still only allow one of the networks to use DHCP, but if you want to attempt to configure the scope and reservations on both, then you should be okay... although I think that's more work than manually assigning IP's and protocols.

Therefore, to rewrite your schema above:

SBS Server 1 has ip address 192.168.16.x on its 1st NIC (running DHCP for client PCs)
SBS Server 1 has ip address manually assigned of (external WAN IP provided by your ISP)

SBS Server 2 has ip address of 10.0.0.x on 1st NIC (running DHCP for client PCs -- or not... as noted above)
SBS Server 2 has ip address manually assigned of (external WAN IP2 provided by your ISP)

PRINTER 1 has IP of (external WAN IP3 provided by your ISP)
PRINTER 2 has IP of (external WAN IP4 provided by your ISP)

Truth be told... it really seems as though you might just want to bring in another DSL line and add another router... it really would make things much easier to manage in the long run. You could eventually configure them to be backup connections for eachother... but that's for another day once you get your primary task completed.

Also, depending on your location and ISP, they may actually have a dual router solution for you.  (not to be confused with a dual WAN router which is the opposite of what you want -- that would provide two WAN connections to one server).

I am aware of a few routers that have virtual circuits... but from experience they are extremely difficult to configure for SBS environments.

Hope I didn't add more confusion to the situation...


Lee W, MVPTechnology and Business Process AdvisorCommented:
If the printers are served by the server, then that should work fine.
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:

leew -- no, you can't have 2 SBS's on the same network even with different subnets (unless as I describe below).

I thought we already went over this...  I have tried EXACTLY what you describe above and you will still run into problems.  I will tell you that it can ONLY be done this way, as quoted from Peter Gallagher from the Microsoft Small Business Server team:

1.  Only one can be a DHCP server

2.  You will likely have to statically assign IP's on one of the networks

3.  You *may* run into problems with printers, depending on various print monitors that get install with the various printers.

4.  The computers on network "A" are only licensed to connect to resources on SBS "A", and vice versa.  If you have 10 users on each network (for a total of 20) and each 10 access resources on the other domain, you will need 20 licenses on each server.  Remember a license is required for an authenticated connection (printing). <<<---- This is going to be a problem for you!

5.  Be absolutely sure that the naming on each domain controller and workstations are unique.  Two domain controllers with the same name (even if they are different domains) will cause a huge problem.  Workstations will also have problems if there are dup names, but that can be easily overcame by renaming the workstation).

I would also add that if you use a router that supports virtual circuits you will be a bit better off, but the reality is that you are trying to share a printer which requires authentication and thus CAL's.  An option would be to connect the printer directly to the router and give it an external IP address (as I had suggested to you previously).

I know that you are really trying to make this work... but it is rather difficult to plan after-the-fact.

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Just one point of clarification... by making the printers 10.0.0.x/z/whatever they are not actually members of either domain and thus cannot have ANY permissions attached to them... which means that a user from Network A can manipulate  a document that has been sent from a user from Network B.  (you can read into that as much as you like... but redirecting a copy is what comes to mind... it's a security issue).
SeanNijAuthor Commented:
Jeff, thanks, i think i'm more trying to understand why it is that you cant do this. Dont mean to be a pain.

Also the servers in turn on their first NIC are connected to their own switches and in turn each network of client pc's are connected to that "servers" switch.

If we for a minute negated the security around printing, and assumed that we didnt want users on networdk A to to see anything on network B, would it work - following all your rules associated with naming etc.


What you saying is that even though the routers DHCP server assigns an ip address to the 2nd NIC of each SBS server, they will confict (the two sbs servers)?


Lee W, MVPTechnology and Business Process AdvisorCommented:

I have to disagree.  I know you're an SBS expert, but consider this:

1 & 2: The original question was not clear - I assumed each 192 network was on a seperate network device.  If they are, then DHCP from Server 1 should have no route to the otehr 192 network of Server 2.  However, even if this weren't the case, if reservations and limited scopes were used, then there could be two DHCP servers on the same network as opposed to requiring a 3rd DHCP system OR the use of static addresses.

3: If the printer is networkable to begin with, then there's no problem installing it locally on either - OR BOTH - servers.  There is the limited risk of a jam from one print job/server could hang it for the other, but that's not a big deal in a small office environ.

4: The assumption is that they are NOT accessing resources on the other domains as you cannot setup trusts with SBS.  Thus if there are 10 and 10, they are NOT accessing resources.  Besides, IF they were, the licensing of each server would limit the connections possible.

5: Agreed -- in a Windows network, no name should be the same as another name - no ccomputer name that matches a user name, no computer name that matches a domain name.

SeanNijAuthor Commented:
Feedback time:

The good news is it is working. Heres what I.

Server 1: Address Range 192.168.16.x
Server 2: Address Range 10.0.0.x

I removed the 10.0.0.x range from the LAT in ISA on Server1 and vica versa on Server2

I disabled dhcp on the second server and gave all the clients  that connect to that server a fixed ip (10.0.0.x).

I put in a Cisco800 Router with 4 Static IPs and connected each second network interface to the router giving them an external ip in the range on the router. (Jeff, you were right, incoming traffic too the servers became problamtic on the ADSL DHCP Router we thought of doing orginally.)

In terms of the printers - something i didn't know, is that the network printers used at this client allow me to bind more then one ip address to the interface (how this actually works i dont know) but it does - i gave each printer two ip address (one of each range) and yes the pcs can printer to either - we were initally going to put them into the 3rd and 4th ip supplied, but the crowd who supplied the router told us that some network printers allow for this. (Should've known weeks ago...)

Its all working.

Problems experienced though.

Once I disabled the DHCP, the internet connection wizard doesn't want to run - so I had to manually configure the second nic and isa.
It absolutly imperative that the PC have different names! (Missed that point Jeff - and so did one of my techies...)
The printer software does seem to "hang" occasionally. But i think this is to do with the network printer allowing two ip's?

Final MAJOR Problem! The owner of the business realised this morning that he wont be able to see shared on the other network now, and there was a file he needed access to. PRAT!!!! Well, told him to buy another pc and log into each "network" cause i dont have enough points on EE to solve that one!!!

As far as the licencing goes, they have two full pack SBS premiums plus enough cal on each for the connecting users. (Essentially i treated the licencing like two completely seperate companies)

So, it can be done. I would like to try and get the DHCP server to run on both as mentioned by LeeW. But it is not a critical at them moment.

Thankyou so much for all the valuable input. I'm splitting the points for each as i think the resolution has been taken from both your inputs.

Again, thankyou!

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Good job!  Sounds like you got most of it figured out.  The same name thing is something I didn't anticipate but you are right that it would cause a problem, because Netbios over TCP/IP is enabled on SBS's.  

For the shared files, you may want to look into some kind of Network Attached Storage device... most of the external networked hard drives around (Maxtor, Buffalo, etc) actually run Linux as their OS, and can easily be accessed by both servers/networks in much the same way your printers are.  Some of these drives actually have print servers as part of them ( or  which may resolve your "hang" issue.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.