• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

Windows 2008 R2 DHCP Service Won't assign IPs

So I'm setting up a new network infrastructure, based on Windows 2008 R2.  I have configured the first machine in the organization to serve the following roles:

Machine Name: ABQ
1. Active Directory Controller
2. DHCP Server
3. DNS Server
4. Static IP Machine assigned from ISP

My second Server in the ORG is going to be our exchange server.

The first machine in the ORG as 1 NIC -  it's statically assigned IP address.  All of this is IP4.

I have setup the internal scope as 10.1.25.xxx.   None of my other machine in the ORG can see the DC or get a IP from it.

Do I need a second NIC? Am I missing something in the configuration?
0
OrderlyChoas
Asked:
OrderlyChoas
  • 5
  • 3
  • 3
  • +3
3 Solutions
 
Neil RussellTechnical Development LeadCommented:
How is the network configured? are there multiple switches between the clients and the DHCP/AD Server?
Is windows firewall disabled on the server, do so for testing.
0
 
James HaywoodCommented:
Is the scope bound to the NIC?
Is the DHCP server authorised in AD?
0
 
OrderlyChoasAuthor Commented:
There is 5 port switch that the servers and the comcast gateway all plug into. Firewall is off.

The scope is bound to the NIC and shows the correct static IP, and the DHCP server is authorized.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
James HaywoodCommented:
Can you list  all IP and scope config please?
0
 
Sikhumbuzo NtsadaCommented:
Why not set up the IP provided by ISP on your comcast gateway? Then disable the NIC on the server, leave the one you bound DNS and DHCP on, which is the local IP. The test.

Point your client to comcast gateway as gate way to internet via DHCP.

...of course the gateway should be on the same network, otherwise the clients won't see it.
0
 
OrderlyChoasAuthor Commented:
173.163.246.XX  (XX is for security reasons). This IP has been statically assigned by the ISP.  

Scope 1 -
10.1.25.1 - 10.1.25.200.  IP Address 10.1.25.1 is excluded. Remaining assignable ip's begin at x.x.x.2.

Subnet 255.255.255.0

Primary DNS is 173.163.246.XX with 75.75.76.76 as backup.
0
 
BillBondoCommented:
Yes you need a second nic. Comcast to server. Server to another switch so workstations can connect. Enable lan routing/nat on the server interfaces. I have it like that at my house with 4 nics and works great.
0
 
OrderlyChoasAuthor Commented:
So, I removed the DHCP service from the DC, assigned the ISP Static IP (173.163.246.xx) to one NIC, configured the second NIC with the first IP in my new scope --  10.1.25.1, re-installed DHCP and setup a new scope: 10.1.25.100 to 10.1.25.253, pointed the DNS of the scope to the loop back IP 127.0.0.1 and the Static IP 173.163.246.XX, I bound it to the 10.1.25.1 IP, then made sure I had DNS A Records for 10.1.25.1, 127.0.0.1, & 173.163.246.XX in my AD container on the DNS Services, and then added an A host record for the exchange server 10.1.25.2.  I statically assigned 10.1.25.2 to the exchange server and rejoined it to the domain.  

Before assigning the IP though, the Exchange machine did pickup a DHCP address from the DC. YAY

Now my problem is, I can work on the "intranet" from my exchange server (10.1.25.2), but it reports no connection to the internet, and when  try to access web pages it times out.
0
 
James HaywoodCommented:
You have no connection to the internet from your internal (10.1.25) network. Your server will not pass traffic through from one NIC to another unless you install something like RRAS or create a network bridge.
0
 
BillBondoCommented:
To add to my comment and hhaywood000, I meant to install rras w/ lan routing and nat
0
 
DrDave242Commented:
Am I correct in assuming that you don't have a NAT router?  It would simplify matters considerably, as you'd only have to configure one NIC on the DC and wouldn't have to worry about the possible security risks of connecting a domain controller directly to the Internet.
0
 
Neil RussellTechnical Development LeadCommented:
The last thing I would do is to multihome your DC! (Two NIC's) It can cause all kinds of problems.

You would be far better off, if your router does NAT'ing, to just publish the Router IP for default gateway via DHCP. Option 003 Router.
0
 
OrderlyChoasAuthor Commented:
So here's an update.  I've changed somethings and added a piece of hardware.  

At this feeds recommendation, installed the RASS service, it has provided intenet access across my network, and I will need the VPN option anyways.

I've added a hardwall firewall http://www.newegg.com/Product/Product.aspx?Item=N82E16833181137 --- I believe this supports the NATing that you are referring to.
0
 
DrDave242Commented:
Yep, it does.  You won't need RRAS on your DC with the router installed.  Configure the external interface of the router with the IP address, subnet mask, and gateway address that the ISP gave you (they should be able to give you any further info you need to configure that part).  Since your DC uses 10.1.25.1 for its IP, configure the router's private interface to be within that range (10.1.25.254 may be a good choice).  Assuming everything else on your network has an address within the 10.1.25.x range, use the router's address as their gateway.
0
 
DrDave242Commented:
Oh, and disable that second NIC on the DC.
0
 
BillBondoCommented:
In my defense, the author asked how he could get his network working with the equipment in place.
@ Neilsr, I have been using windows 2003 as my router for many years without any visible problems. Either directly connected to my isp or with a simple linksys as my gateway. Ive had AD, Exchange, SQL you name it with 4 nics and never an issue. Just wanted to put that out there.
0
 
OrderlyChoasAuthor Commented:
All of these were great answers and helped point me in the right direction.  I ended up going with a Zywall NAT solution.   It seemed to be the least complicated, and offered a wider range of defense then what I had originally configured/planned.  In-fact, I've even noticed some marked performance increases.

In working through this, I found that removing the DHCP service completely, and then re-installing/re-configuring it worked out the best.  

Thanks to all!
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now