Link to home
Create AccountLog in
Avatar of 10sion
10sionFlag for United States of America

asked on

addressing near and far... why do some work and some not?

i am setting up an 2003 sbs server, about 10 clients, and wireless. the internet supplier is att (bell south) which is bridged to a belkin n1 wireless n router, to a rack containing an hp dl360, procurve 1800 switch, terastation 2Tb NAS, APC ups. Ok, dhcp works to wired clients, not to wireless, and dns is not right - they can't see their own web page without the att dns in the config on their card... (this was done by the att guy on the phone before i got here when they did a help call)... the router points to the att modem (again, which is bridged), and has the att dns as primary and the local server as secondary. the local server does dhcp, dns, and is the domain server... all the server helpers were used in setting this puppy up, but we are not getting any dns resolutions... i'm sure i'm missing it here, but cannot see the forest for the trees. please enlighten me. The idea that wired gets dhcp and wireless does not is kinda freaky... so the router does not know where the dhcp server is?
Avatar of Rob Williams
Rob Williams
Flag of Canada image

A windows domain requires that all PC's and the server itself point only to the server for DNS. The ISP's DNS gets added as a forwarder in the DNS management console. Also the server should be the DHCP server. Where you are running SBS these are not options but absolute requirements.
You must use the CEICW (Configure E-mail and Internet Conection Wizard) on the SBS located under Server management | Internet and E-mail | connect to the Internet to configure this.
If you change the server's LAN IP you must use the "change server IP" wizard on the same page. If DHCP is currently on the router see the following article up DHCP on existing SBS
See "Configuring Settings for an Existing DHCP Server Service on Your Network" 1/2 way down the page.
http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx

Also, does your SBS have 1 or 2 network adapters? I would recommend based on your current configuration, you use 1. If not, the Belkin router will be on the WAN/firewalled side of the SBS, and although wireless users will have Internet access, they will not have LAN access. It's possible to add the Belkin to the LAN side as a wireless access point, but the server will need to be assigned a public IP address on the WAN NIC or another wired router added, and in either case some cable connections changed. Using a single NIC simplifies all of this.
Avatar of 10sion

ASKER

ok, here are responses/answers (sorry, ate lunch). if i remove the isp's dns from client tcp config, local users cannot get to their own web domain web site. how often do they need that? don't know, but it freaks them out. i guess i understand that. on the server, the following is configured for dns(was done with helper apps, not manually) - listens to itself (only address), forwards to the isp dns address (only address). there is only one net adapter in use on the server. btw, i put the two dns references on the router in an attempt to see if that would resolve the issue with my dhcp working wired but not wirelessly (wireless provided by router, and there is no reference to the server elsewhere... thought it couldn't hurt... oh well, that's what i get for thinking!!) it doesn't seem as though dns is resolving, however, and in evidence, there is only one root hint response on the list...hmmm
Assuming DNS is configured properly, if you add the ISP's DNS, even as a secondary/alternate, you will have very slow logons.

>>"local users cannot get to their own web domain web site"
Not sure what you mean by this. You have a company web site and they cannot access? If so is your external and internal domain name the same, such as domain.com?

SBS requires you use the wizards to configure the following, but perhaps review all the following options to see if they are configured properly:
Assuming you have completed the server installation, installed Active Directory, and joined the workstations to the Domain, make sure DNS is configured as follows, assuming a single network adapter:
-The server's NIC should be configured with a static IP, the Internet router as the gateway, and only the server itself as the DNS server. Do not use an ISP DNS server here
-Each workstation should be configured using DHCP (obtain and IP address and DNS automatically) or if configured with static addresses; a static IP in the same subnet as the server, same subnet mask as the server, the gateway pointing to your Internet router, and the DNS server pointing ONLY to the server/domain controller. Again do not put an ISP's DNS server here
-In the DNS management console under Administrative tools, right click on the server name and choose properties. On the Forwarders tab add your ISP's DNS servers
-If the workstations are using DHCP, open the DHCP management console on the server under Administrative tools and click on the server name to expand it, click on the scope to expand it, right click on scope options and choose configure options. On the general tab add the Internet router's IP in #003 router, the server's IP in #006 DNS Servers, and the domain name and suffix under #015 such as mydomain.local
-If  DHCP is enabled on the router, rather than the server, it should really be disabled on the router and configured on the server. Enabling DHCP on the server assists with dynamic updates to DNS for older clients, allows for central management, and far more scope options.
-The DHCP client service should be running on servers and workstations even where you are not using DHCP assignments. The DHCP client service controls the dynamic DNS updates
 
If you have been having DNS problems, on the workstations that have been having problems you should clear the DNS cache by entering at a command line  
  ipconfig  /flushdns
and then
  ipconfig  /registerdns
Avatar of 10sion

ASKER

1) the entire sbs server was configured using the wiz applets - nothing manual (we were warned against this with sbs)
 
2) active dir, dhcp, dns domain, all exist on this server already (one and only server, with dedicated ip - which IS removed from dhcp list) all were there from the get-go... this is a  new server, that has lived for a very short time, and is not production yet - for this reason... dns seems to be eluding it!!!

3) dynamic addressing on clients - we are/were doing that - can't on boxes if users want "their own site" - that's one of the reasons why i'm here (doing the question) -> to provide example, site is www.domainname.org except of course with a real domain name....of course i/we realize this is not a solution, but a band aid.

4)" if having dns problems..." it was all setup via the wizards when win2003sbs was /installed.... server is server; isp provides dns, and we are not getting the dns resolutions... there is NO exchange server; this is too simple an installation to have such issues...

if you want to see the server config, i do have a webconnection method of doing so. i really think we are having an issue with the dns communications betwixt the server and provider/isp... and i've never had such issues on a server like this before...  i can get out, can get web sites, and this bizarre issue where i can get dhcp addresses on hard wire, cannot on wireless... just  some weird issues...  
>>"if users want "their own site" - that's one of the reasons why i'm here (doing the question) -> to provide example, site is www.domainname.org"
I don't follow this. are users publish web sites on their PC's ? And, if so are these local or public domain names/suffixes?

Regardless if the wizards were used or not, there seems to be a DNS problem as you agreed. This is why I was suggesting verifying all settings such as the forwarders in the DNS management console.This is the link that ties the server to the ISP.

The wireless issue would be different. Have you tried removing all security options for wireless clients just as a test? Is there any MAC filtering enabled for wireless clients.

Two tools that are very useful in diagnosing DNS issues are DCDiag and NetDiag. You might want to see if running them on the server returns any errors. Would be good to run NetDiag on one of the PC's as well
http://www.computerperformance.co.uk/w2k3/utilities/windows_dcdiag.htm
http://www.computerperformance.co.uk/w2k3/utilities/windows_netdiag.htm
http://www.lan-2-wan.com/Diag-FAQ.htm#q1

Avatar of 10sion

ASKER

ok, i'll try to clear up the site issue.. lets say this was a car dealer (it is not, this is an analogy), and the dealer had a web site for selling his cars that was hosted outside his network... let's say by yahoo...(yahoo is not an analogy) indeed, this same place offers them a package deal and provides them pop email too!! all the car employees work on - contribute to - this site... this is their "own site," or "home site" which is named after their car lot (paid for domain... in our case, an .org domain - seems weird to pay for an org domain)

back to the past - at this stage of the game, they were doing peer to peer on a dozen home version what-evers, and all trying to get data/services from one poor soul's desktop 'till it ran out of memory... ok, we digress (sorry, TMI). back to now... and now there is a server. a server that doesn't like dns.

ran dcdiag, and the only error i get is that IsmServ Service is off, and it should be... netdiag passed, both itself and DNS tests, although it had a weird warning "Global results:
    [WARNING] You don't have a single interface with the <00>Workstation Service', <03> 'Messenger Service', <20> 'WINS' names defined.  

btw, no errors on the DNS log, (or other logs) that relate to this or i would have reported them.
Avatar of 10sion

ASKER

btw, i am not on site today, but can connect remotely...
ASKER CERTIFIED SOLUTION
Avatar of Rob Williams
Rob Williams
Flag of Canada image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of 10sion

ASKER

All servers like DNS :-)
-- i used to think so as well ;~(  i have another client with an sbs server configured as close to this one so as you could not notice the difference, and it has no issues... major differences being cox vs att, and linksys vs belkin router... neither SHOULD make a difference, but, were i to choose betwixt the two, it would be the att and bridged router/modem issue... i have seen these cause issues before... let's step back, and think outside the box for a sec... perhaps the server is not the issue, although i agree we are not forwarding correctly... perhaps it's the other side - at the router/modem (att) and router connection?
 
You have a forwarder configuration error somewhere, but unfortunately not able to tell from above.
i agree with this, but again, if it's on the server, wouldn't i pull an error? again, might it be at the connection end? just trying to inject some new thought into it, since i've been banging on the other end to no avail...
Avatar of 10sion

ASKER

btw, i would be more than happy to provide/attach output from anything you like;  i very much appreciate your time here - i come to this site when i reach the point of diminishing returns. just let me know - or, for the sake of security, if you need or configuration screenshots and the like, give me an email address. again, thanks for your time and attention to this matter... it really has me stumped.
I know you have stated this above, but to confirm:
1) 1 NIC on the SBS ?
2) DHCP is disabled on the router ?

>>"dynamic addressing on clients - we are/were doing that - can't on boxes if users want "their own site""
This confuses me, though at this point not terribly important. What does their private IP have to do with accessing the yahoo/org site?

Perhaps go back to basics. Could you provide the results from Ipconfig /all  from both the server and one problematic client.

Are you running Symantec on this server?
Avatar of 10sion

ASKER

yes, 1 NIC on the SBS server; DHCP is disabled on the router, enabled on the SBS server

they are using dynamic addressing, but to reach their domain web site (not intranet, but a site representing their business), which is hosted by yahoo (as is their email - not important for this, but worth mentioning), the only way they can get a route to this from this network is to have the att dns in the primary position on the tcp properties page of their network config - else, no route to this page... routes to everywhere else but there...

oh, geezum... ok, the dns forwarding that is not correct is right in front of my face!! the local domain is cccnola.local (.local always put on- recommended- by sbs)... their domain site is cccnola.org; and i'll bet that's where the confusion lies. i am on a site today where i cannot provide you with your requested info, will do so this evening.
.local for internal and .com/net/org as external is typical and fine. cccnola.org would still be dependent on forwarders.
Avatar of 10sion

ASKER

thank you again for your patience! i was looking right at the solution all along and didn't see it...DOH!! but i suppose that is the case more often than not. anyway, thanks again, you were great... sorry that my communications were difficult to understand
Thanks 10sion. Glad to hear it is working.
Cheers !
--Rob