?
Solved

SBS2011 with 2 Nics

Posted on 2012-08-25
26
Medium Priority
?
3,487 Views
Last Modified: 2012-10-15
We have competed a fresh install of SBS 2011 STD and now are struggling with exactly how to configure the two NIC's. SBS is required to control both DNS and DHCP. We have a static IP from our ISP.

We set static IP's on both NICs they can ping each other and the server can see the internet. LAN clients can ping the server but they are not picking up a gateway that enables them to see the internet.

Static ISP IP 211.26.26.179
Internal gateway to modem/router 192.168.1.1
WAN NIC 192.168.1.10
LAN NIC 192.168.16.2  

Any advice or guidedance on how to configure the NICs?
0
Comment
Question by:ynot8669
  • 11
  • 5
  • 5
  • +3
26 Comments
 
LVL 6

Expert Comment

by:SebastianAbbinanti
ID: 38333105
You have to install the Routing and Remote Access Server Role (RRAS). The you have to configure NAT between the interfaces.

However, I trully recommend a hardware firewall like a Cisco ASA5505. It's much more secure than using your primary windows server. Basically, your are taking your server and putting it directly on the Internet. Generally not a good idea.

Thanks,
S.
0
 
LVL 60

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1300 total points
ID: 38333157
SBS 2011 can NOT be used with two NICs. This is a significant cha ge from SBS 2003 and is stated throughout the product FAQs,  migration guides, and other places. You must disable one NIC and use an independent gateway/edge device. A business class security/UTM device is strongly recommended.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38333168
Agreed you can only have 1 NIC.  Adding a second NIC will 'break' some services such as DHCP.  If it is of some help the supported networking options are included in the following link,  It is for SBS 2008 but it is the same for SBS 2011 (non-Essentials version)
http://blogs.technet.com/b/sbs/archive/2008/09/16/sbs-2008-supported-networking-topology.aspx
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:ynot8669
ID: 38333596
we have disabled all but one NIC, Established DHCP and DNS on the Server but no clients could see the internet.

we then set up DHCP on the modem/router and DNS this allowed the clients internet access but now they cannot see the server.

How should we proceed with one NIC. I assume disable DHCP on the modem/router LAN side, but what do I do on the server to permit it and its clients to see the internet?
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 1300 total points
ID: 38333745
DHCP can be on the router or the SBS server, but I recommend the SBS server.

DNS, however, MUST point to the SBS server. Regardless of where you have DHCP, make sure the DHCP server ONLY lists SBS as the DNS server when it hands out leases.

You will also want to make sure the default gateway in DHCP and statically assigned on the server's enabled NIC is the INTERNAL address of the router. Otherwise SBS will not be able to forward external DNS requests and lookups will fail. That could explain your issue.

Finally, because you initially set up the server with two NICs, it is even possible the DNS service on SBS is bound to the wrong NIC. Run the "fix my network wizard" and download and run the SBS BPA to resolve any lingering issues from having two NICs enabled, including a misconfiguration such as this.

With those three steps, you should see your issues dissipate.

-Cliff
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38334305
As it's a fresh install, presumably it hasn't started working for its living yet. If this is so, in view of the problems you've had with connectivity at such an early stage which might well cause issues that will haunt you for a long time to come, I would suggest a new clean installation of your SBS 2011, keeping the following points in mind:

Choose one NIC for your single network connection and disable the other one in the BIOS, to make sure that it isn't detected during the install.

Give your modem/router device a static IP in the LAN subnet (this will be the default gateway address that you will define in the SBS installation later on) and turn off its DHCP server. Make sure that the address you choose is outside the range of the DHCP scope that you will set up during the installation. As a convention, I use an address above .250 in the last octet of the IPv4 address, as I always set the DHCP scope range much lower; however, you can set it to whatever suits you provided there is no conflict with the DHCP scope.

SBS expects to have all the server roles including DHCP and DNS, and not giving it all the roles it expects is a fruitful source of problems later on. The SBS DHCP server will, among other things, hand out the default gateway address to the network clients, and likewise its own static IP address (which you will have previously configured during the SBS installation) as the DNS server for the network. This latter point is crucial for SBS installations, because if the DNS isn't right then SBS won't be right either.

If you stick to these guidelines then your installation should proceed as planned.

The previous contributors have already referred to these points, so I'm simply assembling them in a logical order (at least to me) and adding a couple of caveats of my own.
0
 

Author Comment

by:ynot8669
ID: 38335741
Thanks experts ... we'll get to it ....starting from a fresh install as all the issues we experienced over the weekend seemed to point to a flacky install. Work thru as advised and award points accordingly when done.

Thanks once again to all contributors.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38336008
You may wish to review the following which has many helpful tips and tweaks:
Small Business Server 2011 Standard Build document (standard)
http://social.technet.microsoft.com/wiki/contents/articles/1709.sbs-2011-standard-build-info-en-us.aspx
0
 
LVL 5

Assisted Solution

by:Meultje
Meultje earned 300 total points
ID: 38344105
Also make sure you put in your forwarders to your ISP or public DNS server(s). Public could be the Google DNS servers (see https://developers.google.com/speed/public-dns/docs/using).

You can set / check this with DNS | Select Server name | right click and choose properties | select Tab "Forwarders" and put in your ISP dns servers or some public.

Also make sure you have the right scope options set up at your DHCP. F.I. the "003 Router" option is important to set it up (or chteck if it is) with the ip-address of your routers LAN ip-address.

That way the clients wil have no trouble accessing the Internet.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38344121
The SBS networking wizards should automatically configure DNS, forwarders, DHCP scope options and more, but always good to verify.
0
 

Author Comment

by:ynot8669
ID: 38382612
Only just got back to this problem as I had top procure a modem router for use off site...... And have failed at the first hurdle.... the server wont/cant see the router when running set up internet wizard as the first stage before any Fix networks or BPA's. The router can be seen when connected to my laptop directly and using 192.168.0.1 to bring up the admin pages. But this doesnt work when connected to the solo NIc in the server either.

Any ideas folks or has it been so badly corrupted that the only way forward is a re-install?
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 38382759
The Internet wizard in SBS attempts to open ports on the router via a protocol called UPnP. Some routers don't support it. Others have it off by default as a security measure. As such, SBS presents this as a warning so you know to open ports manually. This is not an error necessarily and therefor is not a hard  "block." you should be able to continue on. It is not uncommon to get this warning in most secure networks.

-Cliff
0
 

Author Comment

by:ynot8669
ID: 38384880
Thanks Cliff I'll take a look into the router ...it is an older Netgear SG814. However the message from SBS is more along the lines af cannot find a router ...it does say  you can continue but words to the effect it may not work. That's why I tried to contatct the router from IE directly which also failed to fing the "page"
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 400 total points
ID: 38385118
If you completed the wizard (skip when it doesn’t find router) I assume the warning is in the final window of the internet address wizard and you have a yellow yield sign saying "warning - Internet router"?

If so that is fine, as Cliff said, it just doesn't see UPnP enabled on the router, which is actually safer. You will need to manually configure port forwarding on the router as per below.  However that is not necessary to connect to the Internet with IE so something else is wrong.  Is the IP assigned to the server in the same subnet as the routers LAN configuration?  i.e both 192.168.0.x ?  (You mention 192.168.0.x in a recent post, but in your question you mention 192.168.1.x)  and does the SBS's Gateway point to the LAN IP of the router?  If so you should at least be able to connect to something like Goggle using its IP:  http://74.125.226.50 .   If that woks, but ggole.com does not, you may need to add your IP’s DNS servers SBS configuration.  Do not add these to the NIC.  The NIC should point only to itself for DNS.  To manually add; open the DNS management console, click on your server name, in the right hand window double click on forwarders (not forward lookup zone) and add your ISP’s DNS servers.

Port forwards to add:
25 for SMTP mail delivery (Exchange)
443 for RWA, OWA, Sharepoint
987 for Sharepoint
1723 for PPTP VPN (if used)
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38385908
I assume that you have a Netgear DG814 - there isn't an SG814...
In which case the device is probably eight years old or more. It does support UPnP but as has been noted in other comments it's a security hole that's best left disabled.

One reason for the router being invisible on the network would be that it's still set to the default IP address of 192.168.0.1; your question refers to subnets of 192.168.1.x and 192.168.16.x, so if either of those subnets is the one that you're using for your LAN then a device on the 192.168.0.x subnet isn't going to be found. Another possibility is that the Netgear has an entirely different IP address because it was pulled from a different network.

Using another computer (not connected to the LAN), set it to use DHCP and connect it to the DG814. If the latter's DHCP server is turned on then it will hand out an IP address to the computer, and the default gateway address shown in the output of the ipconfig command is the router's IP address. Once you have this you can connect to the router and (assuming that the password is still the default of  password  ) log on and configure it as required. If the DHCP server on the router is turned off, or the password has been changed from the default, the quickest way to get into the unit would be to do a factory reset (administered by poking a straightened paper clip into the tiny hole in the device's back panel and holding it in until the front panel lights flash). This will reset the unit to the default IP address of 192.168.0.1 and the password to   password  . You can then proceed as above.
0
 

Author Comment

by:ynot8669
ID: 38446695
Apologies for the delay in getting back to this. It is a part-time project and I have been on vacation. The modem router I obtained has broke. I now have a new TP-Link  W8960N.

The default IP was 192.168.1.1 but I have changed this to 192.168.16.1 as the office has printer configured in the 16 range.

I deleted the DNS and DHCP entries in the roles as these were wrong from previous attempts.

The connect to the Internet Wizard still does not see the router and UPnP is enabled. It pops up with a Message along the lines of 'A Router was not found on a local area network. Server cannot verify' and allows me to enter the router address manually 192.168.16.1 and the server address of 192.168.16.2.

This then attempts to detect and terminates with Internet Connection incomplete as it cannot find/set up the DNS. So I have run the set up DNS wizard adding my ISP's DNS as forwarders. I then added a new scope to the DHCP 192.168.16.10 - 192.168.16.240 with exclusions for printers of 192.168.16.200 - 192.168.16.230.

Next I re-ran the connect to internet wizard - hoping this would detect everything ...it still didnt see the router so once again I have keyed the details but this time the wizard stops responding after confirming I want it to continue without identifying the router - CTIW.exe fails. Re-boot the Server but this has now trashed all my DHCP entries with no option to re-create so I delete it again. Check the DNS setup seems intact.

Re-run the CTIW   - Internet Connection incomplete cannot configure DNS restart service or run Fix network Wizard - checked DNS events and it is trying to use TCp 192.168.255.2 so I changed the interfaces tab in the DNS server to only use 192.168.16.2 (itself) but left the forwarders IP's in the forward tab to my ISP.

DHCP server name has been created but cannot be seen as there is no scope etc been created. Try CTIW again .... still cannot connect to DNS.

Any ideas what to try next
0
 

Author Comment

by:ynot8669
ID: 38446712
I have also tried to access the modem/router from IE using 192.168.16.1 it cannot be found, but my Laptop can connect that way. So I still seem to have a deep rooted issue is seeing the Modem router from SBS.

I looked at the event logs and the DNS has  a warning saying it configured to accept updates but a record for the primary server in the zones SOA record is not available. I've looked the DNS Admin and the SOA tab has a Ser# of 1 and the Primary Server contains the name of the of the server as an FQDN ....the tab to use WINS therein is not ticked?

DHCP is also still playing up the service is started but there is no scope and the add buttons are greyed out the event here says DHCP has no credentials for use with the DNS registration.

I am guessing these issues are also to do with the fact that the router cannot be contatced from SBS for some reason .... if I can get that happening with some advise I might be able to move forward.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38450039
The issues that you're experiencing suggest that something deep within SBS isn't feeling at all well and is getting worse. Would I be right in thinking that you've not yet got around to doing a clean re-install of SBS 2011? I ask because in your comment ID:38335741 you say that you'll do a fresh install, but in comment ID: 38382612 you ask if the only way forward is a re-install; this implies that a clean re-install hasn't been done.

If my guess is correct, it really would save you a lot of time and trouble to bite the bullet and do the re-install, using the information that has been provided by the various contributors to this question in order to avoid the circumstances that have caused the problems in the first place.

Forgive me if my thinking does you a disservice, but I don't see in your comments a statement to the effect, "I re-installed SBS, but this, that, and the other still isn't working properly/at all, what's gone wrong this time?", so I just wondered...
0
 

Author Comment

by:ynot8669
ID: 38453552
I have one last thing to try ... I suspect the switch to be the issue, it is a Netgear 24port ProSafe, as the last thing I tried over the weekend was to connect my laptop to the switch instead of directly to the modem/router and it also could not see the modem/router.

Access to the site is limited to weekends so I'll give it one more try before a re-install. The reluctance to do that is that I have created all the accounts and transfered a heap of static information to the server already as I really didnt expect any connection issues .... Assumption the mother of all stuff ups.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38453648
Have you tried different ports in the Netgear switch? It may be that the one you used is faulty, and the others are OK.

However, I'm not optimistic that your troubles will be over if the switch is indeed kaput, as many of the errors that SBS is returning indicate deeper problems than just no external connectivity.
0
 

Author Comment

by:ynot8669
ID: 38458155
The switch is working fine with the existing SBS2003 server. It seems the Netgear has a DHCP capability and the Gateway is pointing back to the New Server IP Address 192.168.16.2  so it never gets beyond the switch. This must have been enabled by the outfit that installed the new telephone system I think.

I'll connect directly to the modem and see if I can see it from the server. I can't try the CTIW until the weekend as I need to shut down the old server and disconnect the existing modem to test properly.
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 38458447
Normally the SBS DHCP server would let you know if another DHCP server is active on the network and then turn itself off. This means that the DNS server will not be the SBS box, but rather whatever the switch is pointing to, and so DNS won't work properly in the domain. Either the message was missed, or it never appeared, but it might go some way to explaining the problems that you're experiencing.

If your switch has a DHCP server then it will have at least basic management capability, so you can log onto its web interface and turn the server off. However, this will impact the phones if they are expecting the IP information to come from the switch (I'm assuming that they are VoIP phones) and so they may not be able to register with their SIP server. It will be necessary to either include them in your LAN addressing, or to set up another scope just for them; the latter is better from the management point of view.

This situation underlines the need to allow SBS to do the DHCP and DNS on your LAN, as it was designed and intended to do. It does these jobs very well, and doesn't play nice if it doesn't get them.

It seems that you've not only met the mother of stuff-ups - assumption - but now the father as well - non-communication.
0
 

Author Comment

by:ynot8669
ID: 38476577
Finally bit the bullet and re-installed .... went like a dream just left the modem router connected, but not online to the ISP. Went back to the client office, connected the new modem/router and the server to the netgear switch and .... yes you have guessed the server could not see the modem or out to the web.
I did some more digging around on the switch and it seems it must have an IP either dynamic from the server or statically assigned, it then forwards to the modem gateway.

This it seems is an issue for SBS2011. I'm guess it's a handshaking type issue because the server is asking "what's the time" and the switch is saying "it's raining". Disconnected from the switch and re-ran the CTIW with the server connected directly to the modem which was connect to the ISP this time and everything worked just fine.

So I now have an un-managed TP-Link switch on order hoping this connection issue will be finally resolved and I can assign some points.

I did check a few of the settings contributors have suggested and everything looks fine within SBS, I have also set up the forwarding in the modem and ISP's DNS in the Server DNS forwarders for when I eventually get to connect a client PC.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38477068
Sounds like either the switch is actually a router or a managed switch configured with VLANs.
0
 

Author Comment

by:ynot8669
ID: 38496494
New TP-Link unmanaged switch and Hey Presto I connection.  It seems that most of the problems encountered can be attributed to the previous Netgear switch needing an IP addr either assigned by the DHCP controller or manually assigned and forwarding traffic to the modem/router. SBS2011 doesn't like this set-up as it seems needs to handshake transparently with the router and the above doesnt permit this.  

Many thanks to all those who have contributed ... some great tips and pointers.
0
 

Author Closing Comment

by:ynot8669
ID: 38496502
MANY Thanks to all who contributed.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question