Solved

Set up SBS 2011 using router to run DHCP

Posted on 2011-09-10
11
1,812 Views
Last Modified: 2013-12-02
I am setting up a SBS 2011 Std machine for the very first time; no prior experience setting up a server OS other than Windows Home Server.

When the CTIW runs it sees that I have a router (LINKSYS WRT310n) running DHCP and wants me to disable it on the router. When I click 'Postpone' to doing that, if I try to move forward in setting up the server it tells me I have no internet connection, even though I obviously do.

My main question is: Do I have to let SBS 2011 do DHCP on the network? At this point there are no plans to set up Exchange email on this server, it is basically going to be used in a small office environment as an application and file server. I also have a remote location that will need to access it.

Also, if I must run DHCP on the server, I keep seeing information that it only supports 1 NIC; but wouldn't it need to support 2? 1 for the LAN and 1 for the WAN?
0
Comment
Question by:coptechs
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 36516653
Its far better to have SBS do the DHCP - for a start it will give the clients the SBS server as the DHCP server which is essential for you domain to function properly (typically is a pain or impossible to get router based DHCP to do this). Windows hased DHCP also can give out other domain specific info to the clients (such as domain name), and it integrates much better with the other windows domain components.
0
 
LVL 10

Assisted Solution

by:CSIPComputing
CSIPComputing earned 250 total points
ID: 36516678
And no, you don't need dual NICs any more.

The router acts as a gateway on your internal LAN, rather than the server acting as the gateway, and ISA server doing the routing.

Suggest you follow best practices as KCTS suggests, and let the server sort the DHCP.  
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36516707
Running DHCP on the server has nothing to do with Exchange (although, on a tangent, running SBS 2011 without Exchange is also a recipe for disaster and usually means you are running the wrong product for your needs.)

When DHCP runs on a router such as a consumer router, it's DHCP service is all about getting the connected machines Internet service, nothing more. In a domain environment, a machine needs to know more about the network. Kerberos, the default authentication, for example, is sensitive to time discrepancies to prevent replay attacks, so all machines must be close in clock sync.

The SBS DHCP service knows this and sets several DHCP options that a router would not, and therefore helps prevent common workstation issues. There IS a reason the SBS wizard is stubborn. Don't try to out-think it.

Regarding NICs, SBS 2011 is a LAN only topology designed OS. it dies not proxy ir filter Internet access. You must use a router or (preferably) a business security device for that. So yes, only one NIC is supported, and SBS ahold never have a direct WAN connection.

-Cliff
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36516710
Running DHCP on the server has nothing to do with Exchange (although, on a tangent, running SBS 2011 without Exchange is also a recipe for disaster and usually means you are running the wrong product for your needs.)

When DHCP runs on a router such as a consumer router, it's DHCP service is all about getting the connected machines Internet service, nothing more. In a domain environment, a machine needs to know more about the network. Kerberos, the default authentication, for example, is sensitive to time discrepancies to prevent replay attacks, so all machines must be close in clock sync.

The SBS DHCP service knows this and sets several DHCP options that a router would not, and therefore helps prevent common workstation issues. There IS a reason the SBS wizard is stubborn. Don't try to out-think it.

Regarding NICs, SBS 2011 is a LAN only topology designed OS. it dies not proxy ir filter Internet access. You must use a router or (preferably) a business security device for that. So yes, only one NIC is supported, and SBS ahold never have a direct WAN connection.

-Cliff
0
 
LVL 1

Author Comment

by:coptechs
ID: 36516714
I'm all for best practice so I will let the server do DHCP.

So I'll turn off DHCP on the router but still leave the WAN connection plugged in to the router, right?

Some follow up questions:

Most of the clients on the network are static IP's, do I have to/should I change them? Will my routers firewall still protect the network or do I need another piece of hardware or software to be a firewall?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36516726
It would be best to change them (see above on DHCP Options for why) and a consumer router is rarely adequate network protection for a business. Look at a security appliance such as watchguard, sonicwall, Calyptix, cisco ASA series, or similar. Many security appliances have small business versions.

And apologies fir the double post earlier. iPad is being stubborn about 3G today.

-Cliff
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 36516730
I would recommend changing those clients to DHCP so you get the benefit of the extra scope options dealt by the server. If the clients MUST stay on a particular IP address, create a DHCP reservation for them.

Assuming you have a good firewall (draytek vigorous 2820n being a favourite of mine) it will protect your network. You also MUST protect workstations from user-invoked attacks (malware etc) by installing business class anti virus throughout.

I'm unsure what you mean by plugging the wan connection into the router... But assuming your router is on the same ip range as your server, and you have only one NIC on the server, plug the server, pcs, router, etc ALL  into the switch, and away you go.
0
 
LVL 10

Expert Comment

by:SuperTaco
ID: 36517221
SBS best practice dictates to use the SBS as DHCP
0
 
LVL 70

Expert Comment

by:KCTS
ID: 36517376
Your setup will look something like this
SBS.gif
0
 
LVL 7

Expert Comment

by:D_Vante
ID: 36518960
Turn off dhcp on the router
Point your server to the router by giving it a static ip
Verify Internet access
Setup your dhcp on your server
Remember to exclude any static IPs such as printers
Reboot one if your workstations that are dynamic and see if gets the appropriate info
0
 
LVL 1

Author Closing Comment

by:coptechs
ID: 36520404
Thank you all so very much for your input on this. All of the information will be helpful.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dell Poweredge Server - Fault detected 8 158
Alternative access for remote users 6 100
FInd Local Administrators 6 40
web surfing slughish 4 24
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question