Server 2003 Domain Controller two nics setup

this is a new setup and I have some questions.
I have two server 2003 computers.
One is a domain controller with active directory.
Second is just 2003 member server , but it will have exchange 2007 after these questions are answered.

Domain server has  external nic getting ip(dhcp 192.168.1.8) from verizon modem(it has static ip address).
Domain server internal nic was give an ip of 192.168.16.2 and is hooked to a switch.

Second 2003 server is hooked to the switch.

Questions:
#1 How do I setup the ip info for the second server, remembering it will be the exchange server? dhcp or put in ip like 192.168.16.x with gateway and and dns pointing to the first servers ip?

#2 will I need to give workstations attached to the switch ip's like 192.168.16.x with gateways and dns pointing to domain controller?

I have been using :
http://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView&articleId=77
as my guide, but haven't done the additional setup part yet.
emumasterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

flyingskyCommented:
Question #1
Yes. You'd better give your exchange server an static IP address, 192.168.16.x, configure the dns and default gateway pointing to the first server.
Q #2.
Most often your workstations should be configured to use DHCP, which means you need to have a DHCP server on the network. You can use your first server to serve as a DHCP server.
0
shahsejalCommented:
Exchange server should always have static IP address. Never use DHCP for Exchange server. If the Internal DNs uses External DNS (provided by your ISP) in the forwarders list, then that will do. Workstations would be a part of your internal domain so should have internal IP addresses.
0
emumasterAuthor Commented:
Will I have an issue with the domain controller having an address ip of 192.168.1.8 on the external nic and Its internal having an ip of 192.168.16.x when it comes to making the exchange sever having a static ip? Especially putting in the gateway address of 192.168.1.2?
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

MesthaCommented:
Exchange really does not like being dual homed. It causes no end of problems. Is there any reason why you cannot flatten the network and have a single NIC and gateway?
Domain controllers also will have problems with it.

Simon.
0
OriNetworksCommented:
In order for everything to communicate properly, it sounds like you will need to install RRAS on the domain controller so everyhing on the 192.168.16.x network can communicate with the internet.

Here is the configuration it sounds like you will need some of which you already completed.

Domain Controller
-DNS and setup forwarders to list external DNS servers
-RRAS to forward traffic between internal 192.168.16.x network and the internet
-DHCP Server service on the internal NIC and connect this NIC to internal switch. Setup DHCP service to only listen on the internal NIC.
-Configure DHCP scope for 192.168.16.x addreses and use this domain controllers ip address as the gateway and DNS server for the scope.
-External NIC will get DHCP lease from modem

Exchange Server
-Set static ip address from 192.168.16.x network with the domain controllers ip address as the gateway and DNS server
-Exchange Server

Workstations connected to the switch
-Get DHCP ip addresses from domain controllers DHCP service.

Can I ask why you have the domain controller between the modem and the switch? Why not just connect the switch directly to the modem and turn off the modems DHCP service? That way the domain controller will control all ip addresses leased and you dont have to install RRAS on the domain controller.
0
OriNetworksCommented:
In short,

#1 correct!
#2 correct!
0
emumasterAuthor Commented:
ok.. Let's try it this way
Tell me (detailed) what the ideal way is to set everything up considering the two servers that I detailed.
0
OriNetworksCommented:
I believe i have explained details in my previous post.
0
emumasterAuthor Commented:
Those details were for RRAS.
What about without RRAS and no dhcp from modem.
Can you give me detailed setup for the two servers without using RRAS?
Sorry but I'm getting confused...





0
ChiefITCommented:
I would listen to Methsa/Simon on Exchange related questions. For forty dollars, you could get yourself a simple DSL router and avoid routing over the server, and multihoming the server.

Domain services and Exchange do NOT like multihomed servers.

I have helped folks with setting up the communications to a multihomed server and I have also see a LOT of errors as a result of Multihoming a server.

Here is one that explains how to get your communications right, without the explanation of how to set up RRAS connection to route over the server.

These are just some of the issues you will see with a multihomed server:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23806816.html

It really is best to use a router to route with and forgo the issues with multihoming an exchange and/or domain server.



 
0
emumasterAuthor Commented:
ChiefIT,

So are you saying to just use the router and let it give all the computers and both servers their ip addresses?? Doesn't the member exchange server or the domain controller need a static ip??
0
ChiefITCommented:
That's not quite what I had in mind to help you out.

Some servers come from the manufacturer with two nics, like the dell poweredge servers. This has led many astray from the configuration of the server that most administrators use. The best way to configure any LAN is to use one nic for the server UNLESS in one of three predicaments. Dual nics on servers are detrimental to communicating with them.

The second nic should only be used in one of three scenarios:
1) network load balancing (this option is used for a domain with let's say 250 nodes or more with few servers on the domain)
2) a VPN connection to an outside source (this option can usually be created with a router) so a VPN connection (hence a multiple nic) may not be needed to the server or resources.
3) for a specific connection to a sublan that you don't want others to see. Even then, resources can be blocked using permissions level.

If you read the follow up notes on the article I provided. It explains that dual nics interfere with communicating to the server. It confuses the server as to which nic is supplying NETBIOS translation, DNS, DHCP, Email, and can also confuse the clients to what gateway to use to the outside world. That was the intent of my point.

As Mestha/SAMBEE/Simon was pointing out, Exchange doesn't like dual nics. So expect consiquences with them on your domain and email services.

The best way to forgo any confusion on the servers is to allow the router to route for you. (NO RRAS {that stands for Routing and Remote Access Service}, and no dual nics). Let your DC provide DNS and DHCP, then configure your Mail server without dual nics if a separate server. Give all your servers fixed IPs, and use DHCP services on your DC to provide your clients with IP addresses. If you need outside access, your router probably has the ability to grant a VPN connection to your server.

So, instead of this:
WWW>>outside nic of the server>>inside nic of the server>>clients and other nodes

think about this:
WWW>>outside nic of the router>>inside nic of the router>>domain controller, mail server, clients and other nodes.

The router option will prevent a lot of problems with communications, give you a NAT firewall to the outside, give you a gateway to the outside world, and prevent you from taking up domain controller resources to route over the DC.
0
OriNetworksCommented:
Thanks for clarifying that for him ChiefIT. I was simply suggesting RRAS as the workaround for the topology he was trying to use. But I definitely agree with all of the above in not dual homing any of those servers and letting the router do the routing as I suggested in the bottom of my first post.
0
emumasterAuthor Commented:
Final question on this.

My DSL is via a Westell 6100 which is a "single line out" - DSL Modem/Router. The address that comes to the modem is a static ip line. The Modem/Router is currently providing DHCP.

I assume I need change it to NOT provide DHCP and then run that single cable out to where?
A multiport switch that feeds everything?

How do I setup the single nic on the DC considering the Static IP and dns info in the modem?
0
MesthaCommented:
Keep it simple.
Just plus the modem's internal network side in to a switch. Then set the devices (server, workstations etc) default gateway as the router's internal IP address. DHCP can be done by a domain controller, giving out the DC only as DNS.

Simon.
0
ChiefITCommented:
@Simon:

Disabling the second NIC will probably temporarily knock outside contact with Exchange and other domain services\shares, until its configured to go through the router. Do you have recommendations. I know you are the BEST at exchange for securing connections, I have ever seen.

emumaster:
What do you want access to from outside your LAN for your clients? Please provide that to Simon. He has shown the best way to secure exchange.

Also, since I have been more of a mediator than the fixer of these. I don't wish for credit for this question.


0
OriNetworksCommented:
enumaster:
I'm not sure if this modem from verizon has any firewalls features so i'm going to suggest you purchase a common router from Linksys, Netgear, DLink, etc. If you choose not to, you can simply remove router from the recommended config below. Basically we are saying for the modem to just forward traffic to a routers WAN port so we have better control over port forwarding, firewall settings, etc. The other ports on the Router can connect to servers or a regular switch to expand to more clients.


                    Modem(Leave DHCP On to give IP to WAN port of router.)
                        ||
                   Router (192.168.0.1)(Linksys, Netgear, DLink, etc.) (Modem Connects to this WAN Port)
                        ||
       ______Switch______
      /                  |                 \
ExchSvr       DC(DHCP)      Client1

DC
-Static IP: 192.168.0.2
-Mask: 255.255.255.0
-Gateway: 192.168.0.1
-DNS Server: 127.0.0.1
DHCP SCOPE CONFIG:
     192.168.0.0/24 excluding 192.168.0.1-10 Assuming you will use 1-10 for servers/static IPs
     Gateway: 192.168.0.1
     DNS: 192.168.0.2

ExchSvr
-Static IP: 192.168.0.3
-Mask: 255.255.255.0
-Gateway: 192.168.0.1
-DNS Server: 192.168.0.2

Client1 (DHCP)
-DHCP IP From DC: 192.168.0.51
-Mask: 255.255.255.0
-Gateway: 192.168.0.1
-DNS Server: 192.168.0.2

Anyone who disagrees, feel free to offer other suggestions but this is a general layout, IP addresses can be changed of course.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OriNetworksCommented:
Oh and by the way, for the internal network my example gives 192.168.0.x but you can change those ip addresses to use your existing 192.168.16.x so you can try to prevent completely wiping out your current configuration.
0
emumasterAuthor Commented:
OriNetworks.

Thank you VERY much!!!!!!
That's was EXACTLY what I needed!!!!!!

Honestly, that detailed explanation really helps.

No wonder your ranked as MASTER.
0
MesthaCommented:
The only thing I would say is to avoid 192.168.0.x and 192.168.1.x. I just find that causes problems with remote access. Every other router is using one of those two subnets and it is far easier if you are going to re-ip a network to use something else. 16.x is common, I also frequently use 11.x, 22.x etc.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.