Solved

Remote office connectivity problem with SBS 2003

Posted on 2007-12-03
19
1,605 Views
Last Modified: 2012-08-13
I suspect this is going to be simple, but simple seems to elude me for some reason. Here is the scenario:

Network 1 (office)  192.168.1.0 / 24
Brand new SBS 2003 server (192.168.1.120) with everything working so far as we can tell. Had some issues after Server 2003 SP2 but re-installing SBS SP1 apparently solved this. Server is a DNS, GC and WINS server. Another 2003 server (not SBS) (192.168.1.122) is configured as a backup to the domain. It is also a DNS, GC and WINS server. Second NIC in server has IP of 192.168.1.121 and router sends all external requests there. The second IP is not registered in DNS or WINS. All office workstations are working fine.

Network 2 (home)  192.168.2.0 / 24
Connected to network 1 via VPN maintained between 2 Linksys routers. 1 workstation, member of servers domain, with static IP configuration as follows:

        Host Name . . . . . . . . . . . . : homepc
        Primary Dns Suffix  . . . . . . . : Domain.local
         Node Type . . . . . . . . . . . . : Hybrid
         IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : Domain.local
                                             domain.local
Ethernet adapter Local Area Connection 2:
        Connection-specific DNS Suffix  . : domain.local
        Description . . . . . . . . . . . : Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
         Physical Address. . . . . . . . . : xxxxxxxxxxxxxx
        Dhcp Enabled. . . . . . . . . . . : No
         IP Address. . . . . . . . . . . . : 192.168.2.10
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . : 192.168.2.1
         DNS Servers . . . . . . . . . . . : 192.168.1.120
                                             <ISP DNS1>
                                             <ISP DNS2>    
        Primary WINS Server . . . . . . . : 192.168.1.120
         Secondary WINS Server . . . . . . : 192.168.1.122

Issues with home PC at remote location:
-      Takes very, very long time to log in
-      Event ID 1054 is logged Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
-      When trying to run netdiag to troubleshoot, the error is The procedure entry point DnsGetPrimaryDomainName_UTF8 could not be located in the dynamic link library DNSAPI.dll.
-      PC canNOT: display http://companyweb (cannot display error), use Outlook to connect to Exchange, use POP to connect to Exchange
-      PC CAN: ping server, telnet to server, browse network, map drives via IP address and NETbios name (although slow), use OWA (but using the public URL is MUCH faster than the internal server name)

Permissions on the companyweb site have been set to allow all IP addresses of both subnets to connect.

What's msising? All suggestions and comments highly appreciated.
0
Comment
Question by:SusanPK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
  • 3
19 Comments
 
LVL 10

Expert Comment

by:cstosgale
ID: 20399452
This is almost certainly a DNS issue, I would confirm this is working correctly as a first step by typing nslookup into the commnd line of the home PC. This should bring up the ip address of the dns server it is using, confirm this is the ip of your SBS server.

Next, in nslookup, type the name of your domain and confirm it comes back with an ip for one of the two domain controllers.

the netdiag error you are getting looks like a red herring: http://www.mcse.ms/message1640481.html

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400454
Why do you have a secondary WINS server configured?

Please post the complete IPCONFIG /ALL from the SBS.

Thanks.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400466
Also, if you only have a single workstation at home, why are you using a Router-to-Router VPN tunnel instead of just using the built-in SBS VPN?

Jeff
TechSoEasy
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 

Author Comment

by:SusanPK
ID: 20402971
Yes, I am suspecting DNS too. Here is the result of the nslookup:

C:\>nslookup
Default Server:  sulfur1.domain.local
Address:  192.168.1.120

> domain.local
Server:  sulfur1.domain.local
Address:  192.168.1.120

Name:    domain.local
Address:  192.168.1.122

>

Should this not display both DNS servers? And if not, why only the BDC?

Next question, there are two WINS servers for the same reason there are two DNS servers, backup. They are push/pull partners.

I have no idea why IPv6 is enabled on this box. I will speak to the on-site admin to see about disabling this.

Finally, we are using router VPN here instead of client VPN on account of there being an IP phone at the home office that also needs to connect back to the office and the phone system there. This, by the way, is working perfectly. Also, there may be another workstation there in the future.

Im going to try and attach all the ipconfig and route table information as a code snippet. Maybe it will format better that way.

Hope something in the above will point out an obvious issue to someone. I myself and starting to go cross-eyed looking at it all so long.


Here is the routing information on the PC:
 
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.10       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.2.0    255.255.255.0     192.168.2.10    192.168.2.10       20
     192.168.2.10  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.2.255  255.255.255.255     192.168.2.10    192.168.2.10       20
        224.0.0.0        240.0.0.0     192.168.2.10    192.168.2.10       20
  255.255.255.255  255.255.255.255     192.168.2.10    192.168.2.10       1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None      
 
The ipconfig /all of the SBS server is as follows:
 
Windows IP Configuration 
   Host Name . . . . . . . . . . . . : SULFUR1    Primary Dns Suffix  . . . . . . . : Domain.local    Node Type . . . . . . . . . . . . : Unknown    IP Routing Enabled. . . . . . . . : Yes    WINS Proxy Enabled. . . . . . . . : Yes    DNS Suffix Search List. . . . . . : Domain.local 
PPP adapter RAS Server (Dial In) Interface: 
   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface    Physical Address. . . . . . . . . : 00-53-45-00-00-00    DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 0.0.0.0    Subnet Mask . . . . . . . . . . . : 0.0.0.0    Default Gateway . . . . . . . . . :     NetBIOS over Tcpip. . . . . . . . : Disabled 
Ethernet adapter Internet: 
   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2    Physical Address. . . . . . . . . : xxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 192.168.1.121    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : 192.168.1.1    DNS Servers . . . . . . . . . . . : 192.168.1.120                                        192.168.1.122    NetBIOS over Tcpip. . . . . . . . : Disabled 
Ethernet adapter LAN: 
   Connection-specific DNS Suffix  . : domain.local    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)    Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx    DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 192.168.1.120    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . :     DNS Servers . . . . . . . . . . . : 192.168.1.120                                        192.168.1.122    Primary WINS Server . . . . . . . : 192.168.1.120    Secondary WINS Server . . . . . . : 192.168.1.122 
 
And the route table just for grins:
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...xxxxxxxxxxxxxx ...... WAN (PPP/SLIP) Interface
0x20004 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS
D Client) #2
0x30003 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS
D Client)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.121     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10
      192.168.1.0    255.255.255.0    192.168.1.121    192.168.1.121     10
    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.121  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10
    192.168.1.255  255.255.255.255    192.168.1.121    192.168.1.121     10
      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1
        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10
        224.0.0.0        240.0.0.0    192.168.1.121    192.168.1.121     10
  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1
  255.255.255.255  255.255.255.255    192.168.1.121    192.168.1.121      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
Here is the ipconfig /all for the BDC:
 
C:\>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : CHLORINE1
   Primary Dns Suffix  . . . . . . . : Domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Domain.local
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : Broadcom NetXtreme 5721 Gigabit Controll
r
   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.122
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : fe80::20f:1fff:fef8:8022%4
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.122
                                       192.168.1.120
                                       fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   Primary WINS Server . . . . . . . : 192.168.1.122
   Secondary WINS Server . . . . . . : 192.168.1.120
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : C0-A8-01-7A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.122%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
And the route table:
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.122     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.122    192.168.1.122     10
    192.168.1.122  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.255  255.255.255.255    192.168.1.122    192.168.1.122     10
        224.0.0.0        240.0.0.0    192.168.1.122    192.168.1.122     10
  255.255.255.255  255.255.255.255    192.168.1.122    192.168.1.122      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Interface List
  4 ...00 0f 1f f8 80 22 ...... Broadcom NetXtreme 5721 Gigabit Controller
  3 ...00 0f 1f f8 ............ 6to4 Pseudo-Interface
  2 ...c0 a8 01 7a ............ Automatic Tunneling Pseudo-Interface
  1 ........................... Loopback Pseudo-Interface
===========================================================================
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2   1004 fe80::5efe:192.168.1.122/128
                                    fe80::5efe:192.168.1.122
  4   1008 ff00::/8                 On-link
  4   1004 fe80::20f:1fff:fef8:8022/128
                                    fe80::20f:1fff:fef8:8022
  1   1004 ::1/128                  ::1
  1   1008 ff00::/8                 On-link
  1   1004 fe80::1/128              fe80::1
===========================================================================
Persistent Routes:
  None

Open in new window

0
 

Author Comment

by:SusanPK
ID: 20403020
Ooops. One more try on the config info:

Here is the routing information on the PC:
 
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.10       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.2.0    255.255.255.0     192.168.2.10    192.168.2.10       20
     192.168.2.10  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.2.255  255.255.255.255     192.168.2.10    192.168.2.10       20
        224.0.0.0        240.0.0.0     192.168.2.10    192.168.2.10       20
  255.255.255.255  255.255.255.255     192.168.2.10    192.168.2.10       1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None      
 
The ipconfig /all of the SBS server is as follows:
 
Windows IP Configuration 
   Host Name . . . . . . . . . . . . : SULFUR1
    Primary Dns Suffix  . . . . . . . : Domain.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes 
    DNS Suffix Search List. . . . . . : Domain.local
    
PPP adapter RAS Server (Dial In) Interface: 
   Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . . . . . : 00-53-45-00-00-00
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 0.0.0.0
    Subnet Mask . . . . . . . . . . . : 0.0.0.0
    Default Gateway . . . . . . . . . :
     NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter Internet: 
   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2    
Physical Address. . . . . . . . . : xxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.121
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.120
                                        192.168.1.122
    NetBIOS over Tcpip. . . . . . . . : Disabled
 
Ethernet adapter LAN: 
   Connection-specific DNS Suffix  . : domain.local
    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.120
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :
     DNS Servers . . . . . . . . . . . : 192.168.1.120
                                        192.168.1.122
    Primary WINS Server . . . . . . . : 192.168.1.120
    Secondary WINS Server . . . . . . : 192.168.1.122 
 
And the route table just for grins:
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...xxxxxxxxxxxxxx ...... WAN (PPP/SLIP) Interface
0x20004 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS
D Client) #2
0x30003 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS
D Client)
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.121     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10
      192.168.1.0    255.255.255.0    192.168.1.121    192.168.1.121     10
    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.121  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10
    192.168.1.255  255.255.255.255    192.168.1.121    192.168.1.121     10
      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1
        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10
        224.0.0.0        240.0.0.0    192.168.1.121    192.168.1.121     10
  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1
  255.255.255.255  255.255.255.255    192.168.1.121    192.168.1.121      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
Here is the ipconfig /all for the BDC:
 
C:\>ipconfig /all
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : CHLORINE1
   Primary Dns Suffix  . . . . . . . : Domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Domain.local
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : Broadcom NetXtreme 5721 Gigabit Controll
r
   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.122
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IP Address. . . . . . . . . . . . : fe80::20f:1fff:fef8:8022%4
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.122
                                       192.168.1.120
                                       fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   Primary WINS Server . . . . . . . : 192.168.1.122
   Secondary WINS Server . . . . . . : 192.168.1.120
 
Tunnel adapter Automatic Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : C0-A8-01-7A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.122%2
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
 
And the route table:
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.122     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.122    192.168.1.122     10
    192.168.1.122  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.255  255.255.255.255    192.168.1.122    192.168.1.122     10
        224.0.0.0        240.0.0.0    192.168.1.122    192.168.1.122     10
  255.255.255.255  255.255.255.255    192.168.1.122    192.168.1.122      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Interface List
  4 ...00 0f 1f f8 80 22 ...... Broadcom NetXtreme 5721 Gigabit Controller
  3 ...00 0f 1f f8 ............ 6to4 Pseudo-Interface
  2 ...c0 a8 01 7a ............ Automatic Tunneling Pseudo-Interface
  1 ........................... Loopback Pseudo-Interface
===========================================================================
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  2   1004 fe80::5efe:192.168.1.122/128
                                    fe80::5efe:192.168.1.122
  4   1008 ff00::/8                 On-link
  4   1004 fe80::20f:1fff:fef8:8022/128
                                    fe80::20f:1fff:fef8:8022
  1   1004 ::1/128                  ::1
  1   1008 ff00::/8                 On-link
  1   1004 fe80::1/128              fe80::1
===========================================================================
Persistent Routes:
  None

Open in new window

0
 

Author Comment

by:SusanPK
ID: 20406711
Im going to add a few more items to the list of symptoms here:

a) When connecting to this server via RWW and trying to install the sbspackage.exe file, a page cannot be displayed error appears. However, when manually copying the file to an external workstation and executing it, everything works fine and the VPN connection establishes without incident.
b) When attempting to RDP to the home workstation or from it to one of the servers, the connection appears to establish sort of half way, producing a blank blue screen for a while and then disconnecting. Error 50 is logged in the event log: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
c) Doing a gpupdate /force from the workstation results in error 1054 in the event log.

I went ahead and installed wire shark on the server and the workstation and did packet captures for RDP, gpupdate and Exchange events. After the initial handshake there are always numerous packets marked with checksum incorrect in connection with the DCERPC protocol.

This rabbit hole is getting deeper by the moment. Any thoughts anyone?
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 20407348
I think I see your problem, you've got two nics on the SBS server in the same subnet. This is probably resulting in traffic from remote subnets being load balanced between the two nics. This means that when requests are sent to one NIC, some of the reply packets are being sent from the wrong source address, causing them to be ignored by the remote host.

Disabling one of the NICs in the SBS server should resolve the problem. Why do you currently have two NICs enabled on the SBS server? Are you aware you can bind both IP addresses to the same NIC? you can add an extra IP through the advanced config of the NIC.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20408465
That's just one of the problems...  but it certainly needs to be fixed.
An example of a TWO NIC configuration is here:  http://sbsurl.com/twonics

Disabling one of the NICs would require changing the topology of the setup, because I'd guess that's something like this:

Internet ----  Router/Firewall ----  SBS Internet NIC - SBS - SBS LAN NIC ---- Switch ---- LAN Computers
(or as shown here:  http://snipr.com/1ungl)

The best thing to do to correct this would be to change the Router/Firewall's IP Address to some other IP Subnet, ie 192.168.200.1 for the router and 192.168.200.2 for the SBS Internet NIC.  

After changing this, rerun the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).

Then, I still wonder why your additional DC is running WINS, which isn't necessary.  WINS is only used for Exchange in an SBS-based network and if your SBS is down, so is Exchange so WINS isn't needed.  But speaking of the SBS being down... a properly provisioned, configured, and managed SBS will RARELY go down.  Also, there's no real reason to be running an additional DNS server in an SBS-based network.  Perhaps you can explain your reasoning for doing this?

Overall... running a second DC is fine, but I see only a few situations where it is helpful in the same office.  I deploy them in branch offices all the time though.  But in a single office, if the SBS goes down, you need to get it back up and running ASAP because there's not much that the additional DC is going to help with.  The workstations themselves have cached credentials and don't really need a DC to have users log on to them, and since you are using a two NIC config on the SBS, they won't be able to access the Internet until you get that server back up.

In any event, you should definitely remove DNS and WINS from the second DC and then only use a single DNS Server and WINS Server in your network configurations.

Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20410916
Thank you all so much for all the good feedback. I will work on making these changes today as far as possible without disrupting this client's operation too much and make the rest tonight. Will let you know what happens.
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 20414545
I would recommend keeping the second DNS server because it is not doing any harm and will provide redundancy in the case that the SBS fails. It is also possible that say only the DNS service on the SBS server fails, but the rest of the server stays up, in which case the backup is useful. In addition, the second DNS server provides a physical copy of what's in DNS so it is also providing a backup.

there isn't really any need to remove the WINS and DNS roles from your second DC. they're not doing any harm but are providing a bit more resiliancy. Without DNS your second DC won't be able to do anything anyway so if you remove the dns role from it you may as well remove the entire server!

Also, you might be better off taking the SBS out of the internet path altogether, unless you are using it as a firewall.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20415353
The second DC CAN be running DNS, but it shouldn't be used on the SBS's NIC configuration, nor should it be propagated through DHCP.

cstosgale...  how many SBS networks do you work with?  Because really... you don't want a secondary WINS and DNS server in the LAN in most cases.  They CAN cause problems because the SBS configuration wizards won't recognize the additional servers.

Keeping it Simple is always a better way to go.

Switching the SBS to a single NIC configuration might be possible if the router in place is also a decent firewall... but without knowing that, it's best to do as I advised.

Jeff
TechSoEasy

0
 

Author Comment

by:SusanPK
ID: 20423317
Putting the WAN NIC into a different subnet all sounds easy enough until you realize youre working with a router thats not going to let you have more than one subnet. This would be a Linksys WRV200, one at each end, managing the tunnel between them. The Linksys is attached to a Netopia DSL router thats been configured to allow direct and unfiltered access to the public IP addresses of the devices attached to it. The addresses at the office are static. The one at the home office is dynamic.

I pulled a Netgear FVS114 off the shelf, and used it between the Netopia and the servers WAN NIC, giving it the public IP address of the DNS registered host and changing the Linksys public IP to another available address. After changing the peer IP address of the other Linksys as well, the tunnel popped back up and the IP phone is working fine.

Then I re-ran the connect to Internet and configure remote access wizards. All went swimmingly until we went back to the remote workstation. Were still having the same issues there, but now we can use the SBS Connector. The moment we connect the workstation that way, Outlook connects up with Exchange fine and we can browse and map to the SBS. But we can not map to the other server, nor can we surf the Internet for as long as the SBS connection is in place. (I know thats a setting somewhere in RRAS, but its been a while since I had to configure it; any hints?)  Once disconnected, we can map to both servers using IP addresses, but data access is very slow. We can then also browse the Internet.

Also, this server has 4 NICs, two of which are disabled. Originally we used the Broadcom NICs, but have switched to the Intel ones to see if this would help. It did not.

And, yes, we still get TCP checksum errors on packets as well.

As for the issue of multiple DNS/WINS servers, yes, thats for backup, especially the DNS. If the SBS goes down, they do still want to be able to get to the Internet as well as the other server. I have taken reference to the secondary device out of the IP config for the SBS, however. I have attached the new ipconfig and route table from the SBS server for your review.

I should also add that the remote Linksys router has defaulted itself twice this week for no apparent reason. Barring any insights from anyone here, my next step will be to make these people buy real routers and rule out flaky (and cheap) equipment.

And, yes, I have set up a number of SBS networks, including the one we run at our own office thats happily servicing 3 remote sites (one of which containing a BDC) and a number of remote users. I have never had this much grief doing this.

Thanks for your help.


Windows IP Configuration 
   Host Name . . . . . . . . . . . . : SULFUR1
    Primary Dns Suffix  . . . . . . . : Domain.local
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : Domain.local
 
PPP adapter RAS Server (Dial In) Interface: 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.50
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Disabled 
 
Ethernet adapter LAN 2: 
   Connection-specific DNS Suffix  . : domain.local
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter
   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.120
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :     
   DNS Servers . . . . . . . . . . . : 192.168.1.120
   Primary WINS Server . . . . . . . : 192.168.1.120 
 
Ethernet adapter Internet 2: 
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter #2
   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.10.10.11
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.10
   DNS Servers . . . . . . . . . . . : 192.168.1.120
   NetBIOS over Tcpip. . . . . . . . : Disabled 
 
 
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...xxxxxxxxx ...... WAN (PPP/SLIP) Interface
0x10003 ...xxxxxxxxx ...... Intel(R) PRO/1000 PT Dual Port Server Adapter
0x30004 ...xxxxxxxxx ...... Intel(R) PRO/1000 PT Dual Port Server Adapter #2
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      10.10.10.10      10.10.10.11     10
       10.10.10.0    255.255.255.0      10.10.10.11      10.10.10.11     10
      10.10.10.11  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255      10.10.10.11      10.10.10.11     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10
     192.168.1.50  255.255.255.255        127.0.0.1        127.0.0.1     50
    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10
    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10
      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1
        224.0.0.0        240.0.0.0      10.10.10.11      10.10.10.11     10
        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10
  255.255.255.255  255.255.255.255      10.10.10.11      10.10.10.11      1
  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1
Default Gateway:       10.10.10.10
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      192.168.2.0    255.255.255.0      192.168.1.1       1

Open in new window

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 20431972
Boy... I think you may have almost lost me on this...

I think that because you left it out of your initial question I wasn't focused on the fact that you had an IP-Phone at the remote location.  So, for a moment I couldn't understand why you were needing to have two subnets on your WAN.  I'm sorry that I didn't respond directly to that earlier... it might have saved you some time.

It would help to know exactly what kind of VoIP system you are using... but I would highly suspect that the voice and data streams aren't compatible running on the same VPN Connection.

It's no problem at all having separate connections.  Use a router-to-router VPN tunnel for VoIP, and let the computer make it's own VPN connection.  It kinda sounds like that's what you were doing with using the SBS Connector... but it still wasn't clear to me how you were doing that.  What I think you were doing was trying to layer a VPN connection (Computer to SBS) over your Router-to-Router VPN Tunnel, which might actually work... but not if you configure it all at the same time.

You really need to simplify your approach here.  Start by getting the computer VPN working FIRST... then you can deal with the VoIP VPN.  

So... remove the persistent route setting and the IP Phone for a moment and prove that you can use the SBS Connector without any errors or routing problems.

If you have any... please do your best to provide a map of how you have this configured.  If you have an actual Visio map you can upload that to http://www.ee-stuff.com/Expert/Upload/upload.php?Question=22998818 

"If the SBS goes down, they do still want to be able to get to the Internet as well as the other server."

Are you saying that you have the other server plugged directly into your router as well?  Or is it plugged into the switch?  FYI, it doesn't need to be running DNS for Internet access to be available if the SBS goes down, and it won't really help much since the workstations all have the SBS configured as their gateway.  You'd have to configure a secondary gateway with a higher metric, which can be done through DHCP, but honestly I think it's hardly worth it, because it can cause more problems than it will cure.

"we still get TCP checksum errors on packets as well"
Those are probably okay: http://www.ethereal.com/faq.html#q11.1

"And, yes, I have set up a number of SBS networks, including the one we run at our own office ... ... I have never had this much grief..."
Do the others have VoIP systems as well?  :-)

Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20444090
Thanks for the thoughtful response, Jeff. We had that same idea regarding the VoIP phone and unplugged it to see what would happen. No change.

The SBS connection works so long as the user only wants to go to the SBS server. Internet connectivity drops once he is connected. The other server is also not available to him.

There is really nothing complicated about the configuration, so there are no Visio maps I can provide. Two basic networks as described earlier connected by a VPN tunnel thats maintained by two identical Linksys routers. One of these, as I mentioned, seems a bit flaky though. Routing is obviously fine as pings and trace routes back and forth complete successfully.

Over the weekend, I went ahead and demoted the BDC, removed DNS and WINS servers on that box and also removed the IPv6 option from its TCPIP configuration. No change.

I also updated the driver on the Intel dual port NIC. No change.

As Im doing most of this remotely, I hesitated to reapply Server 2003 SP2. So that has not yet been attempted.

Thanks for the link to the Ethereal FAQ. Thats one thing I can take out of this problem at least.

We will replace the VPN routers this afternoon with two different units to see if that might be the issue.

Stay tuned....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20452699
Unless you just left it out... it doesn't sound like you followed my recommendation to just let the remote PC make it's own connection without using the VPN Tunnel.

Also, you didn't confirm how your secondary DC was located within your LAN.  I'm still unclear how you have things configured... so even without the Visio map please at least provide something like I did above, but with the IP addresses you've used:

Internet ----  Router/Firewall ----  SBS Internet NIC - SBS - SBS LAN NIC ---- Switch ---- LAN Computers
 
Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20544068
Thanks again for everyone's input. This turned out to be a router issue. Please close this question.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20551849
Closing a question is your responsibility.  

I must tell you though... this is the second or third time you've pulled me through such a long ordeal, and suddenly determining that a specific issue that hasn't been raised yet is the solution.  There is no question to me that the issues I identified above are at least a part of your problem, if not a cause of other related problems.

Let me be clear here... I'm not just looking for you to award points, but rather for you to recognize that not having a proper base configuration for your SBS will ultimately cause problems that are difficult to diagnose.  I've offered a number of suggestions on how to get to a good, working base configuration, and your sudden epiphany that a router was to blame is a rather unrealistic way to look at the situation.

If you want my participation in future questions, please consider these points.

Jeff
TechSoEasy

0
 

Author Comment

by:SusanPK
ID: 20554727
My apologies. You are right, of course. There is more going on here every day than just this one issue, so its easy to loose sight of loose ends like this. I did make all the configuration changes you suggested and additionally switched out the routers involved as well as one of the DSL modems. Everything was working until one of the new routers started locking up. As we are in the process of procuring new equipment, I have configured the SBS server to be the router for the office and all is well (except that there is no tunnel for the VoIP phone).

So let me correct myself by awarding the points to you with gratitude. Thanks again.
0
 

Author Closing Comment

by:SusanPK
ID: 31418018
Jeff, I dont know how you do it pouring this much energy and talent into providing this level of support for all us clueless SBS souls. Youre a saint!
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question