Solved

Remote office connectivity problem with SBS 2003

Posted on 2007-12-03
19
1,577 Views
Last Modified: 2012-08-13
I suspect this is going to be simple, but simple seems to elude me for some reason. Here is the scenario:

Network 1 (office)  192.168.1.0 / 24
Brand new SBS 2003 server (192.168.1.120) with everything working so far as we can tell. Had some issues after Server 2003 SP2 but re-installing SBS SP1 apparently solved this. Server is a DNS, GC and WINS server. Another 2003 server (not SBS) (192.168.1.122) is configured as a backup to the domain. It is also a DNS, GC and WINS server. Second NIC in server has IP of 192.168.1.121 and router sends all external requests there. The second IP is not registered in DNS or WINS. All office workstations are working fine.

Network 2 (home)  192.168.2.0 / 24
Connected to network 1 via VPN maintained between 2 Linksys routers. 1 workstation, member of servers domain, with static IP configuration as follows:

        Host Name . . . . . . . . . . . . : homepc
        Primary Dns Suffix  . . . . . . . : Domain.local
         Node Type . . . . . . . . . . . . : Hybrid
         IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : Domain.local
                                             domain.local
Ethernet adapter Local Area Connection 2:
        Connection-specific DNS Suffix  . : domain.local
        Description . . . . . . . . . . . : Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45
         Physical Address. . . . . . . . . : xxxxxxxxxxxxxx
        Dhcp Enabled. . . . . . . . . . . : No
         IP Address. . . . . . . . . . . . : 192.168.2.10
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . : 192.168.2.1
         DNS Servers . . . . . . . . . . . : 192.168.1.120
                                             <ISP DNS1>
                                             <ISP DNS2>    
        Primary WINS Server . . . . . . . : 192.168.1.120
         Secondary WINS Server . . . . . . : 192.168.1.122

Issues with home PC at remote location:
-      Takes very, very long time to log in
-      Event ID 1054 is logged Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.
-      When trying to run netdiag to troubleshoot, the error is The procedure entry point DnsGetPrimaryDomainName_UTF8 could not be located in the dynamic link library DNSAPI.dll.
-      PC canNOT: display http://companyweb (cannot display error), use Outlook to connect to Exchange, use POP to connect to Exchange
-      PC CAN: ping server, telnet to server, browse network, map drives via IP address and NETbios name (although slow), use OWA (but using the public URL is MUCH faster than the internal server name)

Permissions on the companyweb site have been set to allow all IP addresses of both subnets to connect.

What's msising? All suggestions and comments highly appreciated.
0
Comment
Question by:SusanPK
  • 9
  • 7
  • 3
19 Comments
 
LVL 10

Expert Comment

by:cstosgale
ID: 20399452
This is almost certainly a DNS issue, I would confirm this is working correctly as a first step by typing nslookup into the commnd line of the home PC. This should bring up the ip address of the dns server it is using, confirm this is the ip of your SBS server.

Next, in nslookup, type the name of your domain and confirm it comes back with an ip for one of the two domain controllers.

the netdiag error you are getting looks like a red herring: http://www.mcse.ms/message1640481.html

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400454
Why do you have a secondary WINS server configured?

Please post the complete IPCONFIG /ALL from the SBS.

Thanks.

Jeff
TechSoEasy
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20400466
Also, if you only have a single workstation at home, why are you using a Router-to-Router VPN tunnel instead of just using the built-in SBS VPN?

Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20402971
Yes, I am suspecting DNS too. Here is the result of the nslookup:

C:\>nslookup
Default Server:  sulfur1.domain.local
Address:  192.168.1.120

> domain.local
Server:  sulfur1.domain.local
Address:  192.168.1.120

Name:    domain.local
Address:  192.168.1.122

>

Should this not display both DNS servers? And if not, why only the BDC?

Next question, there are two WINS servers for the same reason there are two DNS servers, backup. They are push/pull partners.

I have no idea why IPv6 is enabled on this box. I will speak to the on-site admin to see about disabling this.

Finally, we are using router VPN here instead of client VPN on account of there being an IP phone at the home office that also needs to connect back to the office and the phone system there. This, by the way, is working perfectly. Also, there may be another workstation there in the future.

Im going to try and attach all the ipconfig and route table information as a code snippet. Maybe it will format better that way.

Hope something in the above will point out an obvious issue to someone. I myself and starting to go cross-eyed looking at it all so long.



Here is the routing information on the PC:
 

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.10       20

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

      192.168.2.0    255.255.255.0     192.168.2.10    192.168.2.10       20

     192.168.2.10  255.255.255.255        127.0.0.1       127.0.0.1       20

    192.168.2.255  255.255.255.255     192.168.2.10    192.168.2.10       20

        224.0.0.0        240.0.0.0     192.168.2.10    192.168.2.10       20

  255.255.255.255  255.255.255.255     192.168.2.10    192.168.2.10       1

Default Gateway:       192.168.2.1

===========================================================================

Persistent Routes:

  None      
 

The ipconfig /all of the SBS server is as follows:
 

Windows IP Configuration 

   Host Name . . . . . . . . . . . . : SULFUR1    Primary Dns Suffix  . . . . . . . : Domain.local    Node Type . . . . . . . . . . . . : Unknown    IP Routing Enabled. . . . . . . . : Yes    WINS Proxy Enabled. . . . . . . . : Yes    DNS Suffix Search List. . . . . . : Domain.local 

PPP adapter RAS Server (Dial In) Interface: 

   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface    Physical Address. . . . . . . . . : 00-53-45-00-00-00    DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 0.0.0.0    Subnet Mask . . . . . . . . . . . : 0.0.0.0    Default Gateway . . . . . . . . . :     NetBIOS over Tcpip. . . . . . . . : Disabled 

Ethernet adapter Internet: 

   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2    Physical Address. . . . . . . . . : xxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 192.168.1.121    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : 192.168.1.1    DNS Servers . . . . . . . . . . . : 192.168.1.120                                        192.168.1.122    NetBIOS over Tcpip. . . . . . . . : Disabled 

Ethernet adapter LAN: 

   Connection-specific DNS Suffix  . : domain.local    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)    Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx    DHCP Enabled. . . . . . . . . . . : No    IP Address. . . . . . . . . . . . : 192.168.1.120    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . :     DNS Servers . . . . . . . . . . . : 192.168.1.120                                        192.168.1.122    Primary WINS Server . . . . . . . : 192.168.1.120    Secondary WINS Server . . . . . . : 192.168.1.122 
 

And the route table just for grins:
 

IPv4 Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10002 ...xxxxxxxxxxxxxx ...... WAN (PPP/SLIP) Interface

0x20004 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS

D Client) #2

0x30003 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS

D Client)

===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.121     10

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10

      192.168.1.0    255.255.255.0    192.168.1.121    192.168.1.121     10

    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.121  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10

    192.168.1.255  255.255.255.255    192.168.1.121    192.168.1.121     10

      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1

        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10

        224.0.0.0        240.0.0.0    192.168.1.121    192.168.1.121     10

  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1

  255.255.255.255  255.255.255.255    192.168.1.121    192.168.1.121      1

Default Gateway:       192.168.1.1

===========================================================================

Persistent Routes:

  None
 

Here is the ipconfig /all for the BDC:
 

C:\>ipconfig /all
 

Windows IP Configuration
 

   Host Name . . . . . . . . . . . . : CHLORINE1

   Primary Dns Suffix  . . . . . . . : Domain.local

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : Domain.local
 

Ethernet adapter Local Area Connection:
 

   Connection-specific DNS Suffix  . : domain.local

   Description . . . . . . . . . . . : Broadcom NetXtreme 5721 Gigabit Controll

r

   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.122

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   IP Address. . . . . . . . . . . . : fe80::20f:1fff:fef8:8022%4

   Default Gateway . . . . . . . . . : 192.168.1.1

   DNS Servers . . . . . . . . . . . : 192.168.1.122

                                       192.168.1.120

                                       fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   Primary WINS Server . . . . . . . : 192.168.1.122

   Secondary WINS Server . . . . . . : 192.168.1.120
 

Tunnel adapter Automatic Tunneling Pseudo-Interface:
 

   Connection-specific DNS Suffix  . : domain.local

   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : C0-A8-01-7A

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.122%2

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   NetBIOS over Tcpip. . . . . . . . : Disabled
 
 

And the route table:
 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.122     10

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

      192.168.1.0    255.255.255.0    192.168.1.122    192.168.1.122     10

    192.168.1.122  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.255  255.255.255.255    192.168.1.122    192.168.1.122     10

        224.0.0.0        240.0.0.0    192.168.1.122    192.168.1.122     10

  255.255.255.255  255.255.255.255    192.168.1.122    192.168.1.122      1

Default Gateway:       192.168.1.1

===========================================================================

Persistent Routes:

  None
 

IPv6 Route Table

===========================================================================

Interface List

  4 ...00 0f 1f f8 80 22 ...... Broadcom NetXtreme 5721 Gigabit Controller

  3 ...00 0f 1f f8 ............ 6to4 Pseudo-Interface

  2 ...c0 a8 01 7a ............ Automatic Tunneling Pseudo-Interface

  1 ........................... Loopback Pseudo-Interface

===========================================================================

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  2   1004 fe80::5efe:192.168.1.122/128

                                    fe80::5efe:192.168.1.122

  4   1008 ff00::/8                 On-link

  4   1004 fe80::20f:1fff:fef8:8022/128

                                    fe80::20f:1fff:fef8:8022

  1   1004 ::1/128                  ::1

  1   1008 ff00::/8                 On-link

  1   1004 fe80::1/128              fe80::1

===========================================================================

Persistent Routes:

  None

Open in new window

0
 

Author Comment

by:SusanPK
ID: 20403020
Ooops. One more try on the config info:


Here is the routing information on the PC:
 

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.10       20

        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1

      192.168.2.0    255.255.255.0     192.168.2.10    192.168.2.10       20

     192.168.2.10  255.255.255.255        127.0.0.1       127.0.0.1       20

    192.168.2.255  255.255.255.255     192.168.2.10    192.168.2.10       20

        224.0.0.0        240.0.0.0     192.168.2.10    192.168.2.10       20

  255.255.255.255  255.255.255.255     192.168.2.10    192.168.2.10       1

Default Gateway:       192.168.2.1

===========================================================================

Persistent Routes:

  None      
 

The ipconfig /all of the SBS server is as follows:
 

Windows IP Configuration 

   Host Name . . . . . . . . . . . . : SULFUR1

    Primary Dns Suffix  . . . . . . . : Domain.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : Yes

    WINS Proxy Enabled. . . . . . . . : Yes 

    DNS Suffix Search List. . . . . . : Domain.local

    

PPP adapter RAS Server (Dial In) Interface: 

   Connection-specific DNS Suffix  . :

     Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

    Physical Address. . . . . . . . . : 00-53-45-00-00-00

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

     NetBIOS over Tcpip. . . . . . . . : Disabled

 

Ethernet adapter Internet: 

   Connection-specific DNS Suffix  . :     Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2    

Physical Address. . . . . . . . . : xxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.1.121

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.120

                                        192.168.1.122

    NetBIOS over Tcpip. . . . . . . . : Disabled

 

Ethernet adapter LAN: 

   Connection-specific DNS Suffix  . : domain.local

    Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

    Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.1.120

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

     DNS Servers . . . . . . . . . . . : 192.168.1.120

                                        192.168.1.122

    Primary WINS Server . . . . . . . : 192.168.1.120

    Secondary WINS Server . . . . . . : 192.168.1.122 
 

And the route table just for grins:
 

IPv4 Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10002 ...xxxxxxxxxxxxxx ...... WAN (PPP/SLIP) Interface

0x20004 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS

D Client) #2

0x30003 ...xxxxxxxxxxxxxx ...... Broadcom BCM5708C NetXtreme II GigE (NDIS

D Client)

===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.121     10

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10

      192.168.1.0    255.255.255.0    192.168.1.121    192.168.1.121     10

    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.121  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10

    192.168.1.255  255.255.255.255    192.168.1.121    192.168.1.121     10

      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1

        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10

        224.0.0.0        240.0.0.0    192.168.1.121    192.168.1.121     10

  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1

  255.255.255.255  255.255.255.255    192.168.1.121    192.168.1.121      1

Default Gateway:       192.168.1.1

===========================================================================

Persistent Routes:

  None
 

Here is the ipconfig /all for the BDC:
 

C:\>ipconfig /all
 

Windows IP Configuration
 

   Host Name . . . . . . . . . . . . : CHLORINE1

   Primary Dns Suffix  . . . . . . . : Domain.local

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : Domain.local
 

Ethernet adapter Local Area Connection:
 

   Connection-specific DNS Suffix  . : domain.local

   Description . . . . . . . . . . . : Broadcom NetXtreme 5721 Gigabit Controll

r

   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.122

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   IP Address. . . . . . . . . . . . : fe80::20f:1fff:fef8:8022%4

   Default Gateway . . . . . . . . . : 192.168.1.1

   DNS Servers . . . . . . . . . . . : 192.168.1.122

                                       192.168.1.120

                                       fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   Primary WINS Server . . . . . . . : 192.168.1.122

   Secondary WINS Server . . . . . . : 192.168.1.120
 

Tunnel adapter Automatic Tunneling Pseudo-Interface:
 

   Connection-specific DNS Suffix  . : domain.local

   Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : C0-A8-01-7A

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.122%2

   Default Gateway . . . . . . . . . :

   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

                                       fec0:0:0:ffff::2%1

                                       fec0:0:0:ffff::3%1

   NetBIOS over Tcpip. . . . . . . . : Disabled
 
 

And the route table:
 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.122     10

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

      192.168.1.0    255.255.255.0    192.168.1.122    192.168.1.122     10

    192.168.1.122  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.255  255.255.255.255    192.168.1.122    192.168.1.122     10

        224.0.0.0        240.0.0.0    192.168.1.122    192.168.1.122     10

  255.255.255.255  255.255.255.255    192.168.1.122    192.168.1.122      1

Default Gateway:       192.168.1.1

===========================================================================

Persistent Routes:

  None
 

IPv6 Route Table

===========================================================================

Interface List

  4 ...00 0f 1f f8 80 22 ...... Broadcom NetXtreme 5721 Gigabit Controller

  3 ...00 0f 1f f8 ............ 6to4 Pseudo-Interface

  2 ...c0 a8 01 7a ............ Automatic Tunneling Pseudo-Interface

  1 ........................... Loopback Pseudo-Interface

===========================================================================

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

  2   1004 fe80::5efe:192.168.1.122/128

                                    fe80::5efe:192.168.1.122

  4   1008 ff00::/8                 On-link

  4   1004 fe80::20f:1fff:fef8:8022/128

                                    fe80::20f:1fff:fef8:8022

  1   1004 ::1/128                  ::1

  1   1008 ff00::/8                 On-link

  1   1004 fe80::1/128              fe80::1

===========================================================================

Persistent Routes:

  None

Open in new window

0
 

Author Comment

by:SusanPK
ID: 20406711
Im going to add a few more items to the list of symptoms here:

a) When connecting to this server via RWW and trying to install the sbspackage.exe file, a page cannot be displayed error appears. However, when manually copying the file to an external workstation and executing it, everything works fine and the VPN connection establishes without incident.
b) When attempting to RDP to the home workstation or from it to one of the servers, the connection appears to establish sort of half way, producing a blank blue screen for a while and then disconnecting. Error 50 is logged in the event log: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
c) Doing a gpupdate /force from the workstation results in error 1054 in the event log.

I went ahead and installed wire shark on the server and the workstation and did packet captures for RDP, gpupdate and Exchange events. After the initial handshake there are always numerous packets marked with checksum incorrect in connection with the DCERPC protocol.

This rabbit hole is getting deeper by the moment. Any thoughts anyone?
0
 
LVL 10

Expert Comment

by:cstosgale
ID: 20407348
I think I see your problem, you've got two nics on the SBS server in the same subnet. This is probably resulting in traffic from remote subnets being load balanced between the two nics. This means that when requests are sent to one NIC, some of the reply packets are being sent from the wrong source address, causing them to be ignored by the remote host.

Disabling one of the NICs in the SBS server should resolve the problem. Why do you currently have two NICs enabled on the SBS server? Are you aware you can bind both IP addresses to the same NIC? you can add an extra IP through the advanced config of the NIC.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20408465
That's just one of the problems...  but it certainly needs to be fixed.
An example of a TWO NIC configuration is here:  http://sbsurl.com/twonics

Disabling one of the NICs would require changing the topology of the setup, because I'd guess that's something like this:

Internet ----  Router/Firewall ----  SBS Internet NIC - SBS - SBS LAN NIC ---- Switch ---- LAN Computers
(or as shown here:  http://snipr.com/1ungl)

The best thing to do to correct this would be to change the Router/Firewall's IP Address to some other IP Subnet, ie 192.168.200.1 for the router and 192.168.200.2 for the SBS Internet NIC.  

After changing this, rerun the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email).

Then, I still wonder why your additional DC is running WINS, which isn't necessary.  WINS is only used for Exchange in an SBS-based network and if your SBS is down, so is Exchange so WINS isn't needed.  But speaking of the SBS being down... a properly provisioned, configured, and managed SBS will RARELY go down.  Also, there's no real reason to be running an additional DNS server in an SBS-based network.  Perhaps you can explain your reasoning for doing this?

Overall... running a second DC is fine, but I see only a few situations where it is helpful in the same office.  I deploy them in branch offices all the time though.  But in a single office, if the SBS goes down, you need to get it back up and running ASAP because there's not much that the additional DC is going to help with.  The workstations themselves have cached credentials and don't really need a DC to have users log on to them, and since you are using a two NIC config on the SBS, they won't be able to access the Internet until you get that server back up.

In any event, you should definitely remove DNS and WINS from the second DC and then only use a single DNS Server and WINS Server in your network configurations.

Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20410916
Thank you all so much for all the good feedback. I will work on making these changes today as far as possible without disrupting this client's operation too much and make the rest tonight. Will let you know what happens.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 10

Expert Comment

by:cstosgale
ID: 20414545
I would recommend keeping the second DNS server because it is not doing any harm and will provide redundancy in the case that the SBS fails. It is also possible that say only the DNS service on the SBS server fails, but the rest of the server stays up, in which case the backup is useful. In addition, the second DNS server provides a physical copy of what's in DNS so it is also providing a backup.

there isn't really any need to remove the WINS and DNS roles from your second DC. they're not doing any harm but are providing a bit more resiliancy. Without DNS your second DC won't be able to do anything anyway so if you remove the dns role from it you may as well remove the entire server!

Also, you might be better off taking the SBS out of the internet path altogether, unless you are using it as a firewall.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20415353
The second DC CAN be running DNS, but it shouldn't be used on the SBS's NIC configuration, nor should it be propagated through DHCP.

cstosgale...  how many SBS networks do you work with?  Because really... you don't want a secondary WINS and DNS server in the LAN in most cases.  They CAN cause problems because the SBS configuration wizards won't recognize the additional servers.

Keeping it Simple is always a better way to go.

Switching the SBS to a single NIC configuration might be possible if the router in place is also a decent firewall... but without knowing that, it's best to do as I advised.

Jeff
TechSoEasy

0
 

Author Comment

by:SusanPK
ID: 20423317
Putting the WAN NIC into a different subnet all sounds easy enough until you realize youre working with a router thats not going to let you have more than one subnet. This would be a Linksys WRV200, one at each end, managing the tunnel between them. The Linksys is attached to a Netopia DSL router thats been configured to allow direct and unfiltered access to the public IP addresses of the devices attached to it. The addresses at the office are static. The one at the home office is dynamic.

I pulled a Netgear FVS114 off the shelf, and used it between the Netopia and the servers WAN NIC, giving it the public IP address of the DNS registered host and changing the Linksys public IP to another available address. After changing the peer IP address of the other Linksys as well, the tunnel popped back up and the IP phone is working fine.

Then I re-ran the connect to Internet and configure remote access wizards. All went swimmingly until we went back to the remote workstation. Were still having the same issues there, but now we can use the SBS Connector. The moment we connect the workstation that way, Outlook connects up with Exchange fine and we can browse and map to the SBS. But we can not map to the other server, nor can we surf the Internet for as long as the SBS connection is in place. (I know thats a setting somewhere in RRAS, but its been a while since I had to configure it; any hints?)  Once disconnected, we can map to both servers using IP addresses, but data access is very slow. We can then also browse the Internet.

Also, this server has 4 NICs, two of which are disabled. Originally we used the Broadcom NICs, but have switched to the Intel ones to see if this would help. It did not.

And, yes, we still get TCP checksum errors on packets as well.

As for the issue of multiple DNS/WINS servers, yes, thats for backup, especially the DNS. If the SBS goes down, they do still want to be able to get to the Internet as well as the other server. I have taken reference to the secondary device out of the IP config for the SBS, however. I have attached the new ipconfig and route table from the SBS server for your review.

I should also add that the remote Linksys router has defaulted itself twice this week for no apparent reason. Barring any insights from anyone here, my next step will be to make these people buy real routers and rule out flaky (and cheap) equipment.

And, yes, I have set up a number of SBS networks, including the one we run at our own office thats happily servicing 3 remote sites (one of which containing a BDC) and a number of remote users. I have never had this much grief doing this.

Thanks for your help.



Windows IP Configuration 

   Host Name . . . . . . . . . . . . : SULFUR1

    Primary Dns Suffix  . . . . . . . : Domain.local

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : Yes

    WINS Proxy Enabled. . . . . . . . : Yes

    DNS Suffix Search List. . . . . . : Domain.local

 

PPP adapter RAS Server (Dial In) Interface: 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.50

   Subnet Mask . . . . . . . . . . . : 255.255.255.255

   Default Gateway . . . . . . . . . :

   NetBIOS over Tcpip. . . . . . . . : Disabled 
 

Ethernet adapter LAN 2: 

   Connection-specific DNS Suffix  . : domain.local

   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter

   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 192.168.1.120

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . :     

   DNS Servers . . . . . . . . . . . : 192.168.1.120

   Primary WINS Server . . . . . . . : 192.168.1.120 
 

Ethernet adapter Internet 2: 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Adapter #2

   Physical Address. . . . . . . . . : xxxxxxxxxxxxxxxxx

   DHCP Enabled. . . . . . . . . . . : No

   IP Address. . . . . . . . . . . . : 10.10.10.11

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : 10.10.10.10

   DNS Servers . . . . . . . . . . . : 192.168.1.120

   NetBIOS over Tcpip. . . . . . . . : Disabled 
 
 

IPv4 Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10002 ...xxxxxxxxx ...... WAN (PPP/SLIP) Interface

0x10003 ...xxxxxxxxx ...... Intel(R) PRO/1000 PT Dual Port Server Adapter

0x30004 ...xxxxxxxxx ...... Intel(R) PRO/1000 PT Dual Port Server Adapter #2

===========================================================================

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      10.10.10.10      10.10.10.11     10

       10.10.10.0    255.255.255.0      10.10.10.11      10.10.10.11     10

      10.10.10.11  255.255.255.255        127.0.0.1        127.0.0.1     10

   10.255.255.255  255.255.255.255      10.10.10.11      10.10.10.11     10

        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1

      192.168.1.0    255.255.255.0    192.168.1.120    192.168.1.120     10

     192.168.1.50  255.255.255.255        127.0.0.1        127.0.0.1     50

    192.168.1.120  255.255.255.255        127.0.0.1        127.0.0.1     10

    192.168.1.255  255.255.255.255    192.168.1.120    192.168.1.120     10

      192.168.2.0    255.255.255.0      192.168.1.1    192.168.1.120      1

        224.0.0.0        240.0.0.0      10.10.10.11      10.10.10.11     10

        224.0.0.0        240.0.0.0    192.168.1.120    192.168.1.120     10

  255.255.255.255  255.255.255.255      10.10.10.11      10.10.10.11      1

  255.255.255.255  255.255.255.255    192.168.1.120    192.168.1.120      1

Default Gateway:       10.10.10.10

===========================================================================

Persistent Routes:

  Network Address          Netmask  Gateway Address  Metric

      192.168.2.0    255.255.255.0      192.168.1.1       1

Open in new window

0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 20431972
Boy... I think you may have almost lost me on this...

I think that because you left it out of your initial question I wasn't focused on the fact that you had an IP-Phone at the remote location.  So, for a moment I couldn't understand why you were needing to have two subnets on your WAN.  I'm sorry that I didn't respond directly to that earlier... it might have saved you some time.

It would help to know exactly what kind of VoIP system you are using... but I would highly suspect that the voice and data streams aren't compatible running on the same VPN Connection.

It's no problem at all having separate connections.  Use a router-to-router VPN tunnel for VoIP, and let the computer make it's own VPN connection.  It kinda sounds like that's what you were doing with using the SBS Connector... but it still wasn't clear to me how you were doing that.  What I think you were doing was trying to layer a VPN connection (Computer to SBS) over your Router-to-Router VPN Tunnel, which might actually work... but not if you configure it all at the same time.

You really need to simplify your approach here.  Start by getting the computer VPN working FIRST... then you can deal with the VoIP VPN.  

So... remove the persistent route setting and the IP Phone for a moment and prove that you can use the SBS Connector without any errors or routing problems.

If you have any... please do your best to provide a map of how you have this configured.  If you have an actual Visio map you can upload that to http://www.ee-stuff.com/Expert/Upload/upload.php?Question=22998818

"If the SBS goes down, they do still want to be able to get to the Internet as well as the other server."

Are you saying that you have the other server plugged directly into your router as well?  Or is it plugged into the switch?  FYI, it doesn't need to be running DNS for Internet access to be available if the SBS goes down, and it won't really help much since the workstations all have the SBS configured as their gateway.  You'd have to configure a secondary gateway with a higher metric, which can be done through DHCP, but honestly I think it's hardly worth it, because it can cause more problems than it will cure.

"we still get TCP checksum errors on packets as well"
Those are probably okay: http://www.ethereal.com/faq.html#q11.1

"And, yes, I have set up a number of SBS networks, including the one we run at our own office ... ... I have never had this much grief..."
Do the others have VoIP systems as well?  :-)

Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20444090
Thanks for the thoughtful response, Jeff. We had that same idea regarding the VoIP phone and unplugged it to see what would happen. No change.

The SBS connection works so long as the user only wants to go to the SBS server. Internet connectivity drops once he is connected. The other server is also not available to him.

There is really nothing complicated about the configuration, so there are no Visio maps I can provide. Two basic networks as described earlier connected by a VPN tunnel thats maintained by two identical Linksys routers. One of these, as I mentioned, seems a bit flaky though. Routing is obviously fine as pings and trace routes back and forth complete successfully.

Over the weekend, I went ahead and demoted the BDC, removed DNS and WINS servers on that box and also removed the IPv6 option from its TCPIP configuration. No change.

I also updated the driver on the Intel dual port NIC. No change.

As Im doing most of this remotely, I hesitated to reapply Server 2003 SP2. So that has not yet been attempted.

Thanks for the link to the Ethereal FAQ. Thats one thing I can take out of this problem at least.

We will replace the VPN routers this afternoon with two different units to see if that might be the issue.

Stay tuned....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20452699
Unless you just left it out... it doesn't sound like you followed my recommendation to just let the remote PC make it's own connection without using the VPN Tunnel.

Also, you didn't confirm how your secondary DC was located within your LAN.  I'm still unclear how you have things configured... so even without the Visio map please at least provide something like I did above, but with the IP addresses you've used:

Internet ----  Router/Firewall ----  SBS Internet NIC - SBS - SBS LAN NIC ---- Switch ---- LAN Computers
 
Jeff
TechSoEasy
0
 

Author Comment

by:SusanPK
ID: 20544068
Thanks again for everyone's input. This turned out to be a router issue. Please close this question.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 20551849
Closing a question is your responsibility.  

I must tell you though... this is the second or third time you've pulled me through such a long ordeal, and suddenly determining that a specific issue that hasn't been raised yet is the solution.  There is no question to me that the issues I identified above are at least a part of your problem, if not a cause of other related problems.

Let me be clear here... I'm not just looking for you to award points, but rather for you to recognize that not having a proper base configuration for your SBS will ultimately cause problems that are difficult to diagnose.  I've offered a number of suggestions on how to get to a good, working base configuration, and your sudden epiphany that a router was to blame is a rather unrealistic way to look at the situation.

If you want my participation in future questions, please consider these points.

Jeff
TechSoEasy

0
 

Author Comment

by:SusanPK
ID: 20554727
My apologies. You are right, of course. There is more going on here every day than just this one issue, so its easy to loose sight of loose ends like this. I did make all the configuration changes you suggested and additionally switched out the routers involved as well as one of the DSL modems. Everything was working until one of the new routers started locking up. As we are in the process of procuring new equipment, I have configured the SBS server to be the router for the office and all is well (except that there is no tunnel for the VoIP phone).

So let me correct myself by awarding the points to you with gratitude. Thanks again.
0
 

Author Closing Comment

by:SusanPK
ID: 31418018
Jeff, I dont know how you do it pouring this much energy and talent into providing this level of support for all us clueless SBS souls. Youre a saint!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now