Users can't get to web on new win2003 sbs install

Thanks, I will try that tomorrow.

Good luck, let us know how you make out.
The wizard should "ask" you the appropriate questions and make the correct entries for you, but the above should give you a better idea of where you are headed and what to verify after complete. The reason the wizard is so important with SBS is it also creates all the interrelated links with the different components of SBS, such as remote access, Sharepoint, and other networked services.

Umm..

Your Internal and External IP addresses are on the same network - it won't work.

You NICs must be on different subnets for routing to take place.

This was mentioned above, but he wasn't overly clear on that unless you read carefully.

OK, some progress.  I am now able to ping the external nic using your answer, but I am still not able to get users to the internet or receive email into exchange.  

I noticed that you changed the wins server to the external nic, is this correct?  I also entered the ISP's DNS servers in the forwarders section of the DNS management console.  Do these need a separate title other than "All Other DNS Domains"?

This is a lot different than NT 4.......

My ipconfig now looks as you prescribed, but still no prize.....

>>"not able to get users to the internet or receive email into exchange."
Exchange will need to have port 25 of the router forwarded to the Exchange server/SBS to receive e-mail

>>"I noticed that you changed the wins server to the external nic, is this correct?"
I changed it to the internal NIC, on the external NIC. This is correct, though not really necessary at all on the External NIC.

>>"Do these need a separate title other than "All Other DNS Domains"?"
No that is fine/typical. You want all unknown traffic (non-LAN) to use those DNS servers

>>"This is a lot different than NT 4......."
A lot of changes with the addition of Active directory, but it does work well.

Can the users ping or connect to an Internet IP such as Goggle:
http://64.233.187.99/
If so that means routing is resolved, we only need to worry about DNS
By the way, having made changes to DNS you flush the old cache, both on server and workstations. (restarting accomplishes this by default)
 ipconfig  /flushdns
 ipconfig  /registerdns

>>Exchange will need to have port 25 of the router forwarded to the Exchange server/SBS to receive e-mail
I am assuming that the "Connect to the Internet Wizard" completed this task.  Is this incorrect?  I am not able to access the router config since the "Connect to the Internet Wizard" was run.

I do recall checking that box for the firewall settings.

After flushing the dns cache and re-registering dns, I still am not able to get the users to connect.  The farthest is the external nic, I can't even ping the gateway.

>>" am assuming that the "Connect to the Internet Wizard" completed this task.  "
If UPnP is enabled on the router, it is supposed to configure the router. However, there are security concerns with UPnP and it doesn't work very well. Therefore, if present, it is usually disabled and you have to configure the router manually. I would get Internet access working first and then worry about incoming connections such as Exchange.

Perhaps it would be best if you post the results from ipconfig  /all   from the server, and one workstation here.
In case you are not familiar with the process you can export the results to a text file and then just copy and paste here, using at a command line:
 ipconfig  /all  > c:\output.txt

Server ipconfig /all
Windows IP Configuration
   Host Name . . . . . . . . . . . . : mail
   Primary Dns Suffix  . . . . . . . : XXXX.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : GJGPA.local

Ethernet adapter Server Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-17-31-9B-60-CB
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.10.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   Primary WINS Server . . . . . . . : 192.168.10.1

Ethernet adapter Network Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA VT86C100A Rhine Fast Ethernet Adapter
   Physical Address. . . . . . . . . : 00-80-C8-4B-CD-06
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.10.1
   Primary WINS Server . . . . . . . : 192.168.10.1
   NetBIOS over Tcpip. . . . . . . . : Disabled

Workstation ipconfig /all
Windows IP Configuration
        Host Name . . . . . . . . . . . . : adelalago
        Primary Dns Suffix  . . . . . . . : XXXX.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : XXXX.local
                                            XXXX.local

Ethernet adapter Local Area Connection:
        Connection-specific DNS Suffix  . : XXXX.local
        Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter
        Physical Address. . . . . . . . . : 00-17-31-12-1E-2D
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 192.168.10.1
        Primary WINS Server . . . . . . . : 192.168.10.1
        Lease Obtained. . . . . . . . . . : Sunday, November 26, 2006 12:24:39 PM
        Lease Expires . . . . . . . . . . : Monday, December 04, 2006 12:24:39 PM

I will connect to the router by alternate means, but I thought that since we had the router configured to pinhole through to the mail server before (same ip address) that I would not have a problem, but I will check it out.

Geezzzz   How do I edit that last comment?

>>"Geezzzz   How do I edit that last comment?"
I don't think you can  

>>"thought that since we had the router configured to pinhole through to the mail server before (same ip address) that I would not have a problem"
If the IP's haven't changed that is correct, you should be fine.

The above IP configuration looks great. You mention the users can ping as far as the server's external NIC, but not beyond. I suspect then that the problem is between the external NIC and the router/modem.

I had suggested earlier the gateway should be 192.168.1.254. That was based on above notes, but is that correct? Is that the IP of the router? Can the server ping that IP. Also does the router use a 255.255.255.0 subnet mask ? That would be normal, but it could be 255.255.0.0  If so that could be a problem as it will incorporate your LAN as well. Let us know if so.

Yes, the server can ping the gateway, and the ip is correct.  Only users can't ping the gateway.

I was able to gain access to the router, but still no prize...

GOOD NEWS!  External email is flowing.  Still no luck on the users internet access...  Is anyone out there?

If Exchange is working then the server must have Internet access ???

You do need routing configured between the 2 NIC's but if you use the Wizard, that should configure RRAS for you. I assume you did use the router.

Sorry, last line should read; I assume you did use the wizard.

What I did was connect to the router through My Computer and manually set pinholes through it.  I think this is the culprit.  I am going to check to be sure I have all the right ports open tomorrow.

I didn't use the wizard to configure rras.....  It's not configured.... is this a bad thing?

BTW, the server always had internet access...  It's the users that is the problem

>>"I didn't use the wizard to configure rras.....  It's not configured.... is this a bad thing?"
You need to use the CEICW (Configure E-mail and Internet Connection Wizard), located in the Server Management Console, under "Internet and E-Mail", "Connect to the Internet". This should configure RRAS and the  other necessary interrelated components for you.

>>" the server always had internet access...  "
I assumed since you mentioned "I am not able to access the router" that Internet access was not available either.

If I open ports on the router, will this make the ISA firewall moot?

>>"will this make the ISA firewall moot?"
ISA ?  There was no mention of ISA earlier. ISA requires it's own sets of rules/policies to allow users to connect to the Internet. There are wizards that will assist you in doing this, but I am afraid I have not worked with ISA enough to walk you through it. Many others here have, but it is a holiday weekend for many, and rather quiet.

Opening ports on the firewall is used to allow incoming services such as Exchange, not out going services such as web browsing. Though personally I don't recomend it, it is quite common to eliminate the router when you have ISA. It is used as the firewall.

Rob,

I was under the impression that SBS 2003 automatically configures ISA when you install SBS.  I will have to investigate further.  

Thanks again for your help.  You have definately earned the 500 pts on this one.

ISA? hehe...

This would have been solved days ago had we known about this.

By default, ISA installs fully locked down.

Since you have changed your NIC settings, you need to reconfigure ISA's LAT (network tables) then create a rule to allow HTTP and HTTPS from Internal to External as applied to all users.

>>"I was under the impression that SBS 2003 automatically configures ISA when you install SBS."
No I am afraid not. It is an option available only with SBS Premium. I should have suspected there was something else causing problems, as configuration should be quite simple with the wizard.

I'm sure Netman66 can help you out with this part. ISA should be easy as well, but I haven't worked with it since 2000 version (a bit of a pain), and not much with that version either.

Rob, there's little difference.  The concept is the same - prettier eye candy!

Netman66, I understood it was a little more user friendly with wizards and such. I suppose the underlying functionality is still the same. I actually have had a copy of ISA 2006 on my desk for a month meaning to install and get familiar with it. Full time job keeping up :-)

I hear you!

2004 to 2006 is virtually identical (to me anyway).  A little different interface from 2000 to 2004/2006.  Either way, the whole thing takes no learning curve at all between versions.

I have looked at 2004 and 2006, and I agree I see very little difference. 2000 seemed to have the same features, but a little less friendly, if you didn't know what you were looking for. In any case, other than installing 2000 and playing with it for a few days, I haven't used it. I have always felt it was a fantastic product, one of their better, but haven't had occasion to work with it. I'll move it up on my todo list  :-)

Having said all of the above, SBS is so intuitive with all of it's wizards, I am surprised ISA is not automatically configured with the CEICW. The wizard automatically configures internet, e-mail, firewalls, routers (if UPnP actually works), and internal routing, so I am surprised it doesn't give you access permission options with the Wizard for ISA. I don't have a SBS w/ISA here to check.

Zygopetalum, when you joined the workstations to the domain did you use the wizard for that ? Yes, another wizard :-)
Proper way to join them is with a web browser and going to   http://YourServerName/connectcomputer
This configures a lot of the networking, services, and permissions automatically. Perhaps related to the problem. If you did it in the traditional, manual way, you might try re-joining one as a test.

Back again :-)
Have a look at the following. You should be able to configure ISA within the CEICW wizard:
http://download.microsoft.com/download/4/0/8/40860507-c351-4308-a876-e1b83ee4e77a/isainstallsteps.htm

Ok, everyone relax.  There is no ISA.  It's just the firewall.  And I still can't get my users to connect to the internet.  The good news is that the print servers are up and runnning!

I received this message from the server this morning in my email:
  NETLOGON 5774 11/26/2006 10:20 AM 30 *
The dynamic registration of the DNS record 'GJGPA.local. 600 IN A 192.168.10.1' failed on the following DNS server: DNS server IP address: <UNAVAILABLE> Returned Response Code (RCODE): 0 Returned Status Code: 0 For computers and users to locate this domain controller, this record must be registered in DNS. USER ACTION Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. You can find this program on the Windows Server 2003 installation CD in Support\Tools\support.cab. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD. Or, you can manually add this record to DNS, but it is not recommended. ADDITIONAL DATA Error Value: The requested address is not valid in its context.  
 
Any thoughts.  I am going to find the DCDiag.exe file .....

PS.  yes, I used the browser to join the workstations,  except that x@#*&^%!! WinME workstation....

>>"except that x@#*&^%!! WinME workstation...."
Mmmmmm.... been there, done that !!!

Though the error may be the result of the problem, I would think it is more of a routing issue than DNS, since the workstations can ping the server but not beyond. If it was simply DNS they should be able to ping an Internet IP.

DCdiag would help to diagnose this problem. also are there any Event Id #'s in the event log relating to this. While at it, in the same location as DCdiag there should be another utility netdiag, which may help with this connection issue. Try running it on the server. It has been removed from some CD's, if it is not available, try the version from:
http://www3.ns.sympatico.ca/malagash/Downloads/Net/   it may work. There are different versions, and not all work on all Windows versions. I find that one the most compatible.

Thanks Zygopetalum,
--Rob