Server 2008 connected clients cannot surf the Internet

Hello,
Please check the DNS entry for your external Side NIC. Please enter the proper DNS address for your NIC 2 and it will resolve your issue.

rgds/mahesh

scout,

Do you mean the network connections IPv4 TCP properites where I have the DNS as 192.168.10.2 should be something different?  I've always put the first NIC's IP (internal side) because the DHCP, DNS, etc are all being serviced by that NIC card.

Regards,
Torrey

Not sure if this helps anyone with my problem but here is my "route print" from the command prompt.

===========================================================================
Interface List
 10 ...00 30 48 98 2a 64 ...... Intel(R) 82566DM Gigabit Network Connection
 11 ...00 30 48 98 2a 65 ...... Intel(R) PRO/1000 PL Network Connection
  1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0  isatap.{DC1B9BEC-E493-40B0-A632-21A3DF8C7931}
13 ...00 00 00 00 00 00 00 e0  isatap.{4DCC0E38-7D44-41BA-8EAB-127D0B4590AF}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.3    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.3    276
      192.168.2.3  255.255.255.255         On-link       192.168.2.3    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.3    276
     192.168.10.0    255.255.255.0         On-link      192.168.10.2    281
     192.168.10.2  255.255.255.255         On-link      192.168.10.2    281
   192.168.10.255  255.255.255.255         On-link      192.168.10.2    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.3    276
        224.0.0.0        240.0.0.0         On-link      192.168.10.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.3    276
  255.255.255.255  255.255.255.255         On-link      192.168.10.2    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.2.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    276 fe80::/64                On-link
 10    281 fe80::/64                On-link
 11    276 fe80::8c98:cf9b:35b:82d4/128
                                    On-link
 10    281 fe80::9444:d1ee:5291:1078/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

The server will not act as a router unless you have installed and correctly configured the Routing and Remote Access component of the Network Policy and Access Services role. When you install this in Server Manager's Add Role wizard, you are given the option to just install Routing and Remote Access services, as opposed to messing with Network Policy Server and all the rest of it, which can cause problems.

Because the server is effectively acting as a software router - it is routing packets of data between two interfaces, you have to ensure that the two NICs and the two networks are on different subnets (so the server knows where to route packets to). From your details it would appear you have done this correctly.

Firstly, I would get RRAS installed and following the configuration wizard to set it up to do LAN Routing. Then see if you have any joy.

Failing that, you will need to ensure that DHCP and DNS are correctly bound to the correct IP addresses. In your environment they should only be bound to the internal NIC, and not to the external.

Thirdly, I would remove the WINS server from the WAN NIC and switch off NetBIOS over TCP/IP on that NIC too.

-tigermatt

I've tried disabling Network Policy and Access Services to see if the clients can then get the Internet and they cannot.

Do you know if that is required for RRAS to work properly now where as prior with 2000 and 2003 server if you didn't have ISA the RRAS still worked?

Regads,
Torrey

As mentioned above, the Server 2008 is acting as a router because you want to route the packets between 2 NIC interfaces. At present, the Server 2008 should be able to speak to both networks quite happily, but no clients on either side of the NIC will be able to pass through the server to the other network (LAN to WAN, or WAN to LAN). This is because there is no software on the server to facilitate this.

At present, your configuration could be detailed as follows. Notice that there is no connection between the WAN and LAN interfaces.
   
Server 2008
 -- Internet
 -- LAN

What you want is:

Internet -- Server 2008 -- LAN

What you need to be able to achieve that routing is the RRAS role service, part of the NPAS role. If you configure this correctly for LAN Routing (follow the RRAS configuration wizard), you do not need ISA Server. It can quite happily route traffic - although as with all Microsoft software, if there is both a free and paid-for equivalent, the paid-for equivalent does have more functionality.

-tigermatt

If I understand correctly ISA 2006 and lower does not work on 2008 Server, it has been replaced with (NPS) Network Policy Services.  You can just install RRAS with the NPS but will that help me solve my problem?

Regards,
Torrey

SORRY meant can you just install RRAS AND NOT INSTALL NPS.  I've just tried that but still no internet on clients.

Regards,
Torrey

ISA Server 2006 is not supported on Windows Server 2008. The RRAS role service is all that is required from the NP&AS role in order to get LAN routing working, as far as I can see.

The Network Policy Server role service allows you to support dial-in clients via RADIUS authentication and helps perform authentication for VPN connections.

-tigermatt

Yes you can install RRAS without NPS - just uncheck all roles but RRAS in the role install wizard.

After installing, did you open the RRAS console and configure the RRAS server using the Configuration wizard? If not, it won't know what services it is providing for the network.

-tigermatt

Yes, removed both NPS and RRAS.  Restarted Server, then reinstalled RRAS ONLY and configured with wizard, rebooted Server and clients, still no internet access.

Reagards,
Torrey

Can I have an ipconfig /all from a workstation?

I'm still convinced that it's got something to do with RRAS and that NPS thing, which is a pain. Either way, I'm glad it's now fixed!