Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

Windows 2003 server setup as Domain Controller loses connection to Internet

I have a Windows 2003 server that I have setup as the Domain controller on our local network. Everything was working fine till today when the server lost connection to the internet. When I try to ping a site it resolves the IP address but the request times out. Other computers on the network can access the internet and have the Win 2003 machine setup as the preffered DNS and the router as the alternate DNS.
0
BrijBhasin
Asked:
BrijBhasin
  • 4
  • 3
2 Solutions
 
Mad_JasperCommented:
Are the client computer having problems contacting the domain controller?

Can you ping IP address from the Internet?

Is there a firewall that could be the server (Windows Firewall, 3rd Party Firewall)?

Have you tried another NIC in the server?

In the Internet Options, Connections tab, do you have anything entered under LAN Settings?
0
 
BrijBhasinAuthor Commented:
Can ping the domain controlller from other network computers

Firewall disabled on Domain controller

Nothing entered under LAN settings

There are two network cards that were both set to static IP and using local as the DNS and router as the alternate. When the changed the second connection to dynamic the connection was up. So I guess it has something to do with the domain controller. I can't have the second connection dynamic because I want to use that for incoming VPN connections.
0
 
Joseph HornseyPresident and JanitorCommented:
If you're doing VPN connections, then that means that Windows is attempting to route between the two networks connected to the NICs, so it should be asking you  for different network IDs for the two interfaces.  This is going to cause routing problems for you, unless you directly connect the VPN NIC to the network outside the firewall and assign it a public IP address or unless your firewall has a DMZ or some other interface which will allow you to assign a different network ID.  Also, whichever NIC you specify as the "external" VPN NIC will be locked down and will not accept connections other than VPN connections.  Most likely, your problem is a combination of these two things.

Also, with two NICs, make sure that you're not specifying two different default gateways.

<-=+=->
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
Mad_JasperCommented:
DNS may be an issue here if both NICs are on the same network. Is the VPN setup and on a different subnet? In our case, we have a Win2K server that poses as our VPN server. The internal IP address that is connected to our network is 192.168.xxx.xxx/24. The external IP address is 10.1.xxx.xxx/24. the external IP address is connected to a Cisco PIX that has a public IP address statically mapped to the 10.1.xxx.xxx/24 NIC. The internal NIC uses an internal DNS IP address for name resolution because it is a member of the domain (other network services tun on this server). RRAS must be configured properly for VPN/Routing to work as it should.
0
 
Mad_JasperCommented:
The VPN server routes information from the 192.168.xxx.xxx network to the 10.1.xxx.xxx network.

                              192.168.xxx.xxx                   10.1.xxx.xxx
                                                   |                   |
                                                    |                 |
                                                     |               |
US Campus LAN------TI Router--------VPN Server---------Cisco PIX---------ADSL Modem--------Internet
                                    |                Proxy Server
                                    |                  Mail Filter
                                    |
                              T1 Router
                                    |
                                    |
                         LS Campus LAN
0
 
Joseph HornseyPresident and JanitorCommented:
Oooh.  ASCII Art!

The setup I was referring to would look like this:



Internal LAN ---------------------- Router/Firewall -------------- Internet
                                     \                                 /  
                                      \                              /      
                                        ---- VPN Server ---

So, instead of routing all of your traffic through the VPN server, it's simply another perimeter device that accepts VPN connections.

By the way, none of this is a good idea to do on a domain controller.  Especially what I've described.  You never, ever, ever, put a domain controller on the perimeter of your network and you never, ever, ever, open a port on your firewall to it (which is what you'd have to do in Mad_Jasper's scenario).


<-=+=->
0
 
Mad_JasperCommented:
Our VPN server serves as a proxy and mail filter which is why it is set up like it is. Next month I will be terminating the VPN on our Cisco 515 PIX.

Running a VPN on a DC is not a recommended practice by any means, but it can be done out of necessisty. If your network is small and your budget is smaller, then you may have to. But I would definately attempt make a case against it.

If I had to set up a DC as VPN, I would set it up as Splinter described. But if your router/firewall is VPN capable, I would terminate my VPN there and use access lists to restrict traffic flow.
0
 
Joseph HornseyPresident and JanitorCommented:
I agree.

Also, if you've got a small budget (and a small network), take a look at a Cisco PIX 501.  You can get it with either a 10 user or 50 user license.  If you've got less than 50 users, it's well worth the investment.  It supports up to 64 (I think) tunnels and is less than $1000 for 50 users.  About $500 for 10 users.

<-=+=->
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now