Tim_Lazer
asked on
SBS 2011 DCHP & Certificate issues
HI
This is a new SBS 2011 Std installation - not migration. Running since 16th October 2012
The server was fine with DNS and DHCP configured and working but the prefered router was not present (out of stock)
Have now added Cisco Small Business RV042G router and configured ports and firewall etc. But wanted to move the DHCP from router to Server to conform to Microsoft recommended config and also the computers can be added to the domain, see all the services on the server etc
1/11/2012 15:00 started the amendment
Disabled the DHCP on the router.
Ran "Connect to the Internet" (for the first time from the SBS console) it worked through picked up the Default router x.x.x.1 and SBS server x.x.x.2 ok
But when I checked the DHCP it was not running.
DNS working ok - little changed except additional IPv6 addresses added.
When tried to activate the DHCP server it failed.
Action - Manage authorised servers - found two entries
127.0.0.1
x.x.x.2
deactivated both and activated the x.x.x.2 which appeared to work.
started the DHCP from the DHCP console, but this stopped after a few seconds.
See attached for the error Cannot find the DHCP Server
I ran the >Network >Connectivity >Fix My Network (from SBS console)
this works through 1. (fails to connect to router) 2. DHCP not started - says it has fixed it but still the same.
In AD site & services
viewing the NetServices
shows up two entries
DhcpRoot dHCPClass (type)
server.domain.local dHCPClass (type)
I reviewed a number of searched sites and microsoft manuals on the issue but found nothing that matched this issue and situation exactly.
I rebooted the server to see if this would clear anything but still the same but other issues raised when checking the logs there are a number of error that where not present before running connect to the Internet.
VSS 8230 errors -
Log Name: Application
Source: VSS
Event ID: 8230
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: server.domain.local
Description:
Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key.
Operation:
Initializing Writer
Context:
Writer Class Id: {be9ac81e-3619-421f-920f-4 c6fea9e93a d}
Writer Name: Dhcp Jet Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(s psearch), 0x80070560, The specified local group does not exist.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8230</Event ID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000 </Keywords >
<TimeCreated SystemTime="2012-11-02T10: 17:13.0000 00000Z" />
<EventRecordID>14185</Even tRecordID>
<Channel>Application</Chan nel>
<Computer>servername.domai n.local</C omputer>
<Security />
</System>
<EventData>
<Data>spsearch</Data>
<Data>1376</Data>
<Data>
Operation:
Initializing Writer
Context:
Writer Class Id: {be9ac81e-3619-421f-920f-4 c6fea9e93a d}
Writer Name: Dhcp Jet Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(s psearch), 0x80070560, The specified local group does not exist.
</Data>
Administrator account profile error
Sharepoint 6398 not ready error
Certificate 99 error - could not create cross certificate (0-1) to certify its own root certificate
Certification Authority 91 - Could not connect to Active Directory
Looking for some pointers on how to resolve and fix the route of this so everything come backs to function and moves on with DHCP working on the SBS 2011.
The server has live data and is in production.
I do have a full backup with windows backup so could restore to 31/10/2012 if that is the best option. The Business Data is on a seperate drive so could be left alone.
DHCPerror.JPG
This is a new SBS 2011 Std installation - not migration. Running since 16th October 2012
The server was fine with DNS and DHCP configured and working but the prefered router was not present (out of stock)
Have now added Cisco Small Business RV042G router and configured ports and firewall etc. But wanted to move the DHCP from router to Server to conform to Microsoft recommended config and also the computers can be added to the domain, see all the services on the server etc
1/11/2012 15:00 started the amendment
Disabled the DHCP on the router.
Ran "Connect to the Internet" (for the first time from the SBS console) it worked through picked up the Default router x.x.x.1 and SBS server x.x.x.2 ok
But when I checked the DHCP it was not running.
DNS working ok - little changed except additional IPv6 addresses added.
When tried to activate the DHCP server it failed.
Action - Manage authorised servers - found two entries
127.0.0.1
x.x.x.2
deactivated both and activated the x.x.x.2 which appeared to work.
started the DHCP from the DHCP console, but this stopped after a few seconds.
See attached for the error Cannot find the DHCP Server
I ran the >Network >Connectivity >Fix My Network (from SBS console)
this works through 1. (fails to connect to router) 2. DHCP not started - says it has fixed it but still the same.
In AD site & services
viewing the NetServices
shows up two entries
DhcpRoot dHCPClass (type)
server.domain.local dHCPClass (type)
I reviewed a number of searched sites and microsoft manuals on the issue but found nothing that matched this issue and situation exactly.
I rebooted the server to see if this would clear anything but still the same but other issues raised when checking the logs there are a number of error that where not present before running connect to the Internet.
VSS 8230 errors -
Log Name: Application
Source: VSS
Event ID: 8230
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: server.domain.local
Description:
Volume Shadow Copy Service error: Failed resolving account spsearch with status 1376. Check connection to domain controller and VssAccessControl registry key.
Operation:
Initializing Writer
Context:
Writer Class Id: {be9ac81e-3619-421f-920f-4
Writer Name: Dhcp Jet Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(s
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="VSS" />
<EventID Qualifiers="0">8230</Event
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-11-02T10:
<EventRecordID>14185</Even
<Channel>Application</Chan
<Computer>servername.domai
<Security />
</System>
<EventData>
<Data>spsearch</Data>
<Data>1376</Data>
<Data>
Operation:
Initializing Writer
Context:
Writer Class Id: {be9ac81e-3619-421f-920f-4
Writer Name: Dhcp Jet Writer
Error-specific details:
Error: NetLocalGroupGetMemebers(s
</Data>
Administrator account profile error
Sharepoint 6398 not ready error
Certificate 99 error - could not create cross certificate (0-1) to certify its own root certificate
Certification Authority 91 - Could not connect to Active Directory
Looking for some pointers on how to resolve and fix the route of this so everything come backs to function and moves on with DHCP working on the SBS 2011.
The server has live data and is in production.
I do have a full backup with windows backup so could restore to 31/10/2012 if that is the best option. The Business Data is on a seperate drive so could be left alone.
DHCPerror.JPG
This sounds like a DNS issue. An IPConfig /all could be helpful.
ASKER
Hi Here is the dcdiag output - the server name has been replaced with SERVER and the domain name with DOMAIN
All tests passed !!!
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: FrsEvent
......................... SERVER passed test FrsEvent
Starting test: DFSREvent
......................... SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER passed test SysVolCheck
Starting test: KccEvent
......................... SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: Replications
......................... SERVER passed test Replications
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: Services
......................... SERVER passed test Services
Starting test: SystemLog
......................... SERVER passed test SystemLog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: LocatorCheck
......................... DOMAIN.local passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
All tests passed !!!
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: FrsEvent
......................... SERVER passed test FrsEvent
Starting test: DFSREvent
......................... SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER passed test SysVolCheck
Starting test: KccEvent
......................... SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: Replications
......................... SERVER passed test Replications
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: Services
......................... SERVER passed test Services
Starting test: SystemLog
......................... SERVER passed test SystemLog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: LocatorCheck
......................... DOMAIN.local passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
and the ipconfig /all output?
ASKER
IPCONFIG
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter #2
Physical Address. . . . . . . . . : A0-B3-CC-E7-31-48
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb :21ec:f916 (Preferred )
IPv6 Address. . . . . . . . . . . : fc00::171(Preferred)
Lease Obtained. . . . . . . . . . : 02 November 2012 10:16:33
Lease Expires . . . . . . . . . . : 03 November 2012 09:10:10
IPv6 Address. . . . . . . . . . . : fc00::9cf3:51eb:21ec:f916( Preferred)
Link-local IPv6 Address . . . . . : fe80::3bf5:9f8:409e:c91f%1 3(Preferre d)
Link-local IPv6 Address . . . . . : fe80::9cf3:51eb:21ec:f916% 13(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.88.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0% 13
192.168.88.1
DHCPv6 IAID . . . . . . . . . . . : 228635596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-60-36-F5-A0 -B3-CC-E7- 31-49
DNS Servers . . . . . . . . . . . : fe80::3bf5:9f8:409e:c91f%1 3
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{7E3B45BE-23D4-4DAB -BD60-BEF0 87598D55}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter #2
Physical Address. . . . . . . . . : A0-B3-CC-E7-31-48
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb
IPv6 Address. . . . . . . . . . . : fc00::171(Preferred)
Lease Obtained. . . . . . . . . . : 02 November 2012 10:16:33
Lease Expires . . . . . . . . . . : 03 November 2012 09:10:10
IPv6 Address. . . . . . . . . . . : fc00::9cf3:51eb:21ec:f916(
Link-local IPv6 Address . . . . . : fe80::3bf5:9f8:409e:c91f%1
Link-local IPv6 Address . . . . . : fe80::9cf3:51eb:21ec:f916%
IPv4 Address. . . . . . . . . . . : 192.168.88.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0%
192.168.88.1
DHCPv6 IAID . . . . . . . . . . . : 228635596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-60-36-F5-A0
DNS Servers . . . . . . . . . . . : fe80::3bf5:9f8:409e:c91f%1
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{7E3B45BE-23D4-4DAB
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
the certification services role is ok? have a look in server management
Is there any chance a second NIC is enabled, even if not connected, or the hyper-V role installed? Both will cause these issues.
ASKER
Should not be but will check
ASKER
It is disabled but now seems to have been configured for use by the OS.
I will have to access the BIOS and make sure it is disabled - not sure if the lights out feature has enabled it by mistake.
Not onsite today will have to do this later or Monday.
I will have to access the BIOS and make sure it is disabled - not sure if the lights out feature has enabled it by mistake.
Not onsite today will have to do this later or Monday.
If you right click on it you can choose disable and should not affect the iLO. You do not need to disable in the BIOS. Once disabled run the fix my network wizard. Afterward check the DNS management console under interfaces ((properties of DNS server name) and verify ONLY the LAN IP of the server and 2 IPv6 addresses are checked.
ASKER
It is disabled already.
The interfaces only have the LAN IP and one IPv6 ticked
the one ending 171 is not ticked! I have ticked this one and saved.
Checking the forward lookup zone and the domain.local there are four IPv6 addresses used as same as parent and Companyweb, connect, server name, Sites.
the GC has one IPv4 and 3 IPv6 addresses
2002...f916
and
fc00.....f916
in additon to the IPv4 and the fc00....0171
Checked and it has not resolved the DHCP issue.
I have had to restore the router with active DHCP as the user lost internet connection.
I have run Fix My Network again
An external DHCP server was found
DHCP service is stopped
The DNS server is not listening to the IP address of the primary network adaptor
not had the last error before
The interfaces only have the LAN IP and one IPv6 ticked
the one ending 171 is not ticked! I have ticked this one and saved.
Checking the forward lookup zone and the domain.local there are four IPv6 addresses used as same as parent and Companyweb, connect, server name, Sites.
the GC has one IPv4 and 3 IPv6 addresses
2002...f916
and
fc00.....f916
in additon to the IPv4 and the fc00....0171
Checked and it has not resolved the DHCP issue.
I have had to restore the router with active DHCP as the user lost internet connection.
I have run Fix My Network again
An external DHCP server was found
DHCP service is stopped
The DNS server is not listening to the IP address of the primary network adaptor
not had the last error before
ASKER
The DNS interface has been changed after the Fix My Network completed to
fe80...f916
192.168.88.2
fe80...f916
192.168.88.2
Is the VPN configured on the server?
If so:
-open the RRAS console
-disable the VPN in RRAS by right click on server name and choose disable
- (you have done this but you could double check) open the DNS management console, right click on the server name and choose properties, under the interfaces tab make sure only the IPv4 LAN IP of the server and 2 IPv6 addresses are checked
-Open the DHCP console and under address leases remove any IP's with RAS as the "type"
-run the fix my network wizard again
-if you want to re-enable the VPN make sure you use the wizard under SBS console | network | connectivity. Do not configure within RRAS. However I would recommend resolving the primary issues before enabling the VPN
If so:
-open the RRAS console
-disable the VPN in RRAS by right click on server name and choose disable
- (you have done this but you could double check) open the DNS management console, right click on the server name and choose properties, under the interfaces tab make sure only the IPv4 LAN IP of the server and 2 IPv6 addresses are checked
-Open the DHCP console and under address leases remove any IP's with RAS as the "type"
-run the fix my network wizard again
-if you want to re-enable the VPN make sure you use the wizard under SBS console | network | connectivity. Do not configure within RRAS. However I would recommend resolving the primary issues before enabling the VPN
ASKER
No VPN
In RRAS not configured - VPN and RRAS already disabled.
No RAS type in DHCP console.
In the setup process I ran the Setup Internet Address but this does not have an external setting for it so is blind at the moment. Doubt this is causing the problem, but could delete this from DNS to rule it out.
Could there be a rights issue somewhere?
In RRAS not configured - VPN and RRAS already disabled.
No RAS type in DHCP console.
In the setup process I ran the Setup Internet Address but this does not have an external setting for it so is blind at the moment. Doubt this is causing the problem, but could delete this from DNS to rule it out.
Could there be a rights issue somewhere?
Very odd.
I don't see anything you have posted to indicate a rights issue.
Another long shot, IPv6 has not been disabled on the NIC has it?
I know you stated you disabled DHCP on the router when trying to configure DHCP on the SBS, but are you certain? It will not start on the SBS if another DHCP server is enabled anywhere (which is why I mentioned RRAS).
What reported; "The DNS server is not listening to the IP address of the primary network adaptor" The fix my network wizard or the BPA? Though it is a concern there are numerous posts in forums where that is returned by the BPA on working systems and can be ignored.
Have you run the BPA? It will often point out multiple configuration issues.
I am also concerned about your initial IPconfig. Has that changed with re-running the fix my network wizard?
I am not that familiar with IPv6 but my specific concern is
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb:21e c:f916(Pre ferred)
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0% 13
It is normal to have 2 IPv6 addresses but they should be private/internal addressing starting with 'f', 2002 is a 6to4 address which is used to route traffic between an Ipv4 network and an IPv6 network, often a WAN network.
Also normally there is no IPv6 gateway address on SBS.
My concern is it possible there is an application or malware connecting to a public IPv6 service and complicating the network configuration.
I don't see anything you have posted to indicate a rights issue.
Another long shot, IPv6 has not been disabled on the NIC has it?
I know you stated you disabled DHCP on the router when trying to configure DHCP on the SBS, but are you certain? It will not start on the SBS if another DHCP server is enabled anywhere (which is why I mentioned RRAS).
What reported; "The DNS server is not listening to the IP address of the primary network adaptor" The fix my network wizard or the BPA? Though it is a concern there are numerous posts in forums where that is returned by the BPA on working systems and can be ignored.
Have you run the BPA? It will often point out multiple configuration issues.
I am also concerned about your initial IPconfig. Has that changed with re-running the fix my network wizard?
I am not that familiar with IPv6 but my specific concern is
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb:21e
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0%
It is normal to have 2 IPv6 addresses but they should be private/internal addressing starting with 'f', 2002 is a 6to4 address which is used to route traffic between an Ipv4 network and an IPv6 network, often a WAN network.
Also normally there is no IPv6 gateway address on SBS.
My concern is it possible there is an application or malware connecting to a public IPv6 service and complicating the network configuration.
ASKER
Thanks for this.
the DNS is not listening is from the fix my network
I will download the lastest BPA and try this.
The cisco router had the dhcp off, but I had to turn it on because the users could not access the internet without it.
I will disable the router DHCP and reboot it now they are off.
I will try the fix my network again.
the 6to4 is active on the cisco router by default so this has been picked up by the SBS, I will disable this as well on the cisco so it is not interfering.
NIC - v6 is not disabled it is static address to fe80::3bf5:9f8:409e:c91f subnet 8
ESET antivirus is running on the server, may be need to disable this while the fix it done.
I have had problems with dual nics and SBS in the past with migrations and had to disable the 2nd nic in BIOS to allow the migration to work so will sort this on Monday when back onsite to make sure.
I have checked the netservice permissions and the dhcp servers are being created and local service has permission, changed to administrator and that wold not work so it does not appear to be permission based.
I have another router (netgear) that seems to work well with SBS network config and have used this in the past to sort out this problems on the SBS server and then link them up to the other router. Will try this if the 2nd nic does not resolve it.
Will run the BPA and advise you on the results
the latest ipconfig
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter #2
Physical Address. . . . . . . . . : A0-B3-CC-E7-31-48
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb :21ec:f916 (Preferred )
IPv6 Address. . . . . . . . . . . : fc00::171(Preferred)
Lease Obtained. . . . . . . . . . : 02 November 2012 14:38:34
Lease Expires . . . . . . . . . . : 03 November 2012 14:38:34
IPv6 Address. . . . . . . . . . . : fc00::9cf3:51eb:21ec:f916( Preferred)
Link-local IPv6 Address . . . . . : fe80::3bf5:9f8:409e:c91f%1 3(Preferre d)
Link-local IPv6 Address . . . . . : fe80::9cf3:51eb:21ec:f916% 13(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.88.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0% 13
192.168.88.1
DHCPv6 IAID . . . . . . . . . . . : 228635596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-60-36-F5-A0 -B3-CC-E7- 31-49
DNS Servers . . . . . . . . . . . : fe80::3bf5:9f8:409e:c91f%1 3
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{7E3B45BE-23D4-4DAB -BD60-BEF0 87598D55}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
the DNS is not listening is from the fix my network
I will download the lastest BPA and try this.
The cisco router had the dhcp off, but I had to turn it on because the users could not access the internet without it.
I will disable the router DHCP and reboot it now they are off.
I will try the fix my network again.
the 6to4 is active on the cisco router by default so this has been picked up by the SBS, I will disable this as well on the cisco so it is not interfering.
NIC - v6 is not disabled it is static address to fe80::3bf5:9f8:409e:c91f subnet 8
ESET antivirus is running on the server, may be need to disable this while the fix it done.
I have had problems with dual nics and SBS in the past with migrations and had to disable the 2nd nic in BIOS to allow the migration to work so will sort this on Monday when back onsite to make sure.
I have checked the netservice permissions and the dhcp servers are being created and local service has permission, changed to administrator and that wold not work so it does not appear to be permission based.
I have another router (netgear) that seems to work well with SBS network config and have used this in the past to sort out this problems on the SBS server and then link them up to the other router. Will try this if the 2nd nic does not resolve it.
Will run the BPA and advise you on the results
the latest ipconfig
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter #2
Physical Address. . . . . . . . . : A0-B3-CC-E7-31-48
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4df6:1714:0:9cf3:51eb
IPv6 Address. . . . . . . . . . . : fc00::171(Preferred)
Lease Obtained. . . . . . . . . . : 02 November 2012 14:38:34
Lease Expires . . . . . . . . . . : 03 November 2012 14:38:34
IPv6 Address. . . . . . . . . . . : fc00::9cf3:51eb:21ec:f916(
Link-local IPv6 Address . . . . . : fe80::3bf5:9f8:409e:c91f%1
Link-local IPv6 Address . . . . . : fe80::9cf3:51eb:21ec:f916%
IPv4 Address. . . . . . . . . . . : 192.168.88.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::a693:4cff:fef7:afe0%
192.168.88.1
DHCPv6 IAID . . . . . . . . . . . : 228635596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-60-36-F5-A0
DNS Servers . . . . . . . . . . . : fe80::3bf5:9f8:409e:c91f%1
192.168.88.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{7E3B45BE-23D4-4DAB
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Good idea to disable 6to4 on the router, at least for now while troubleshooting.
I can't see ESET causing issues with enabling DHCP, but A/V on SBS has been known to cause all sorts of odd problems.
I have never had to disable additional NIC's in the BIOS but it certainly cannot hurt.
Shouldn't need to use the Netgear. I have used many RV042's without issue, though none were RV042G's not had IPv6 capabilities.
Let us know how you make out.
I can't see ESET causing issues with enabling DHCP, but A/V on SBS has been known to cause all sorts of odd problems.
I have never had to disable additional NIC's in the BIOS but it certainly cannot hurt.
Shouldn't need to use the Netgear. I have used many RV042's without issue, though none were RV042G's not had IPv6 capabilities.
Let us know how you make out.
ASKER
Update. I have not disabled the 2nd nic the keyboard would not work on reboot, something unlelated.
have turned off the dhcp on the router and rebooted the router.
Running the Configure Internet it worked through the process ok but errored at the end - The DHCP Server did not restart.
I tried to restart manually as it said but it keeps stopping.
I accessed the roles management section and reviewed DHCP and in here are DHCP errors 1056, 1053, 1054
The basis of it is no credencials to use dynamic DNS
Also found a Distributed Com error 10016 (may be connected)
Here are the three errors
Log Name: System
Source: Microsoft-Windows-DHCP-Ser ver
Date: 05/11/2012 12:25:33
Event ID: 1056
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH CP-Server" Guid="{6D64F02C-A125-4DAC- 9A01-F0555 B41CA84}" EventSourceName="DhcpServe r" />
<EventID Qualifiers="0">1056</Event ID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000 </Keywords >
<TimeCreated SystemTime="2012-11-05T12: 25:33.0000 00000Z" />
<EventRecordID>27008</Even tRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo cal</Compu ter>
<Security />
</System>
<EventData>
<Data>The operation completed successfully.
</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
========================== ========== ======
Log Name: System
Source: Microsoft-Windows-DHCP-Ser ver
Date: 05/11/2012 12:25:49
Event ID: 1053
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP/BINL service has encountered another server on this network with IP Address, fe80::a693:4cff:fef7:afe0, belonging to the domain: .
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH CP-Server" Guid="{6D64F02C-A125-4DAC- 9A01-F0555 B41CA84}" EventSourceName="DhcpServe r" />
<EventID Qualifiers="0">1053</Event ID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000 </Keywords >
<TimeCreated SystemTime="2012-11-05T12: 25:49.0000 00000Z" />
<EventRecordID>27010</Even tRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo cal</Compu ter>
<Security />
</System>
<EventData>
<Data>fe80::a693:4cff:fef7 :afe0</Dat a>
<Data>
</Data>
<Data>0</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
========================== ==
Log Name: System
Source: Microsoft-Windows-DHCP-Ser ver
Date: 05/11/2012 12:25:49
Event ID: 1054
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH CP-Server" Guid="{6D64F02C-A125-4DAC- 9A01-F0555 B41CA84}" EventSourceName="DhcpServe r" />
<EventID Qualifiers="0">1054</Event ID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000 </Keywords >
<TimeCreated SystemTime="2012-11-05T12: 25:49.0000 00000Z" />
<EventRecordID>27011</Even tRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo cal</Compu ter>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>0</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
========================== ========== ========== =======
1053 Relates only to the IPv6, not sure how relevant this is.
not sure is deleting and re adding the DHCP server will help, or looking for the location of the credentials that are missing.
have turned off the dhcp on the router and rebooted the router.
Running the Configure Internet it worked through the process ok but errored at the end - The DHCP Server did not restart.
I tried to restart manually as it said but it keeps stopping.
I accessed the roles management section and reviewed DHCP and in here are DHCP errors 1056, 1053, 1054
The basis of it is no credencials to use dynamic DNS
Also found a Distributed Com error 10016 (may be connected)
Here are the three errors
Log Name: System
Source: Microsoft-Windows-DHCP-Ser
Date: 05/11/2012 12:25:33
Event ID: 1056
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH
<EventID Qualifiers="0">1056</Event
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-11-05T12:
<EventRecordID>27008</Even
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo
<Security />
</System>
<EventData>
<Data>The operation completed successfully.
</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
==========================
Log Name: System
Source: Microsoft-Windows-DHCP-Ser
Date: 05/11/2012 12:25:49
Event ID: 1053
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP/BINL service has encountered another server on this network with IP Address, fe80::a693:4cff:fef7:afe0,
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH
<EventID Qualifiers="0">1053</Event
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-11-05T12:
<EventRecordID>27010</Even
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo
<Security />
</System>
<EventData>
<Data>fe80::a693:4cff:fef7
<Data>
</Data>
<Data>0</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
==========================
Log Name: System
Source: Microsoft-Windows-DHCP-Ser
Date: 05/11/2012 12:25:49
Event ID: 1054
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER.DOMAIN.local
Description:
The DHCP/BINL service on this computer is shutting down. See the previous event log messages for reasons.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DH
<EventID Qualifiers="0">1054</Event
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2012-11-05T12:
<EventRecordID>27011</Even
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>SERVER.DOMAIN.lo
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>0</Data>
<Binary>00000000</Binary>
</EventData>
</Event>
==========================
1053 Relates only to the IPv6, not sure how relevant this is.
not sure is deleting and re adding the DHCP server will help, or looking for the location of the credentials that are missing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ps-to add: I was just looking at the on-line manual. This has newer firmware than I am familiar with but I see it has full IPv6 configurability. I suspect your primary problem is the router is acting as an IPv6 DHCP server. One setting which may 'kill' it is under setup/network select "IPv4 only"
ASKER
Thank you.
The 6to4 has been diabled on the Cisco. I have disabled the Cisco DHCP so should have none active.
The NIC on the server has static IPv6 as expected.
I think the DHCP Server is corrupted. The credentials are blank and every method of setting them comes to nothing. The DHCP server starts and then stops, the three errors are generated each time.
I am on site.
In AD sites and services
the Services < NetServices show two dHCP class entries
DhcpRoot
server.domain.local
the Dchproot seems ok but the SERVER.DOMAIN.local entry has no security settings and gives an error.
I believe in all the re configuration something has messed up these settings and they are no longer part of / or authorised by the Active Domain and this is the problem why the DHCP server fails.
Question is how to fix this.
Looked around online but everything tried fails because the DHCP Server will not run.
I could try the null network you suggest but I don't think this is it.
The 6to4 has been diabled on the Cisco. I have disabled the Cisco DHCP so should have none active.
The NIC on the server has static IPv6 as expected.
I think the DHCP Server is corrupted. The credentials are blank and every method of setting them comes to nothing. The DHCP server starts and then stops, the three errors are generated each time.
I am on site.
In AD sites and services
the Services < NetServices show two dHCP class entries
DhcpRoot
server.domain.local
the Dchproot seems ok but the SERVER.DOMAIN.local entry has no security settings and gives an error.
I believe in all the re configuration something has messed up these settings and they are no longer part of / or authorised by the Active Domain and this is the problem why the DHCP server fails.
Question is how to fix this.
Looked around online but everything tried fails because the DHCP Server will not run.
I could try the null network you suggest but I don't think this is it.
PPS- It seems the culprit may be under Setup DHCP > DHCP Setup > Router Advertisement > Enable Router Advertisement. MAke sure this is unchecked. If "IPv4 only" is set the Router Advertisement page should not even be available.
Just saw your other comments, I'll looking to the credentials.
Just saw your other comments, I'll looking to the credentials.
ASKER
I have added a fresh authorised ip address / server and it is added to the DHCP list but when you click on it is says unable to find DHCP Server.
ASKER
Checking in the DHCP settings now the authorised is in place and showing although inactive.
IPv6 has Server Options
00023 DNS Recursive Name Service IPV6 Address List fe80....c91f
00024 Domain Search List DOMAIN.local
could clear this all back to nothing and try again with connect network or fix my network
IPv6 has Server Options
00023 DNS Recursive Name Service IPV6 Address List fe80....c91f
00024 Domain Search List DOMAIN.local
could clear this all back to nothing and try again with connect network or fix my network
Not sure to what you are referring "In AD sites and services "
>>"SERVER.DOMAIN.local entry has no security settings"
Is this in the DHCP console? Typically the credentials are blank on an SBS though they can be added. However how are you seeing this if the DHCP service is not started
>>"says unable to find DHCP Server"
It will say that f DHCp is not started
>>"IPv6 has Server Options
00023 DNS Recursive Name Service IPV6 Address List fe80....c91f
00024 Domain Search List DOMAIN.local"
That is typical/normal
If an SBS is set up using the wizard most, but of course not all issues are due to something simple. Try not to manually reconfigure or uninstall/reinstall to much manually as folk often dig themselves into a deeper hole.
If the SBS sees a DHCP server, such as the IPv6, it will positively cause these problems, which is why I am dwelling on that issue.
>>"SERVER.DOMAIN.local entry has no security settings"
Is this in the DHCP console? Typically the credentials are blank on an SBS though they can be added. However how are you seeing this if the DHCP service is not started
>>"says unable to find DHCP Server"
It will say that f DHCp is not started
>>"IPv6 has Server Options
00023 DNS Recursive Name Service IPV6 Address List fe80....c91f
00024 Domain Search List DOMAIN.local"
That is typical/normal
If an SBS is set up using the wizard most, but of course not all issues are due to something simple. Try not to manually reconfigure or uninstall/reinstall to much manually as folk often dig themselves into a deeper hole.
If the SBS sees a DHCP server, such as the IPv6, it will positively cause these problems, which is why I am dwelling on that issue.
To add a corrupted DHCP database usually results in different errors, most often a 1014 error.
ASKER
Hi
searched on the specified servers are already present. found http://support.microsoft.com/kb/306925
looking into the DHCP server of the dHCProot most of the settings are blank which is strange and not was expected.
Question is how to get the dHCProot to point to the authorised entry.
searched on the specified servers are already present. found http://support.microsoft.com/kb/306925
looking into the DHCP server of the dHCProot most of the settings are blank which is strange and not was expected.
Question is how to get the dHCProot to point to the authorised entry.
ASKER
I have deleted the DHCP server, rebooted server.
Re installed the DHCP Server role and setup a new scope all seemed well until the final message -
Attempt to configure DHCP Server failed with error code 0x80074E54. The scope parameters are incorrect.
Either the scope already exisits or its subnet address and mask is inconsistent with the subnet address and mask of an existing scope.
So this suggests the issue is with the scope!!
cannot delete the scope without the DHCP server running - but will not run long enough to delete it......!!!!!!!!!!!!!
Will see if I can remove the scoep some how.
Re installed the DHCP Server role and setup a new scope all seemed well until the final message -
Attempt to configure DHCP Server failed with error code 0x80074E54. The scope parameters are incorrect.
Either the scope already exisits or its subnet address and mask is inconsistent with the subnet address and mask of an existing scope.
So this suggests the issue is with the scope!!
cannot delete the scope without the DHCP server running - but will not run long enough to delete it......!!!!!!!!!!!!!
Will see if I can remove the scoep some how.
You may need to delete the existing database. I would rename or move it rather than deleting. It is under C:\Windows\System32\DHCP\
The following advises how to restore a database, but you may need to remove the database and then re-install DHCP to create a new one.
http://technet.microsoft.com/en-us/library/cc726907(v=ws.10).aspx
Make sure you have a full system backup before making changes and re-installing service. ABA has many interrelated components and often tweaking one you break another.
Were you able to try isolating the router/SBS or disable the IPv6 functions as recommended? not just the 6to4.
The following advises how to restore a database, but you may need to remove the database and then re-install DHCP to create a new one.
http://technet.microsoft.com/en-us/library/cc726907(v=ws.10).aspx
Make sure you have a full system backup before making changes and re-installing service. ABA has many interrelated components and often tweaking one you break another.
Were you able to try isolating the router/SBS or disable the IPv6 functions as recommended? not just the 6to4.
ASKER
Found it at last - thank you for your help - and direction about IPv6.
I can see from the dates on the DHCP that when the Connect to the internet was first run it changed the static IPv6 address for the server NIC and as DHCP had previously configured manually this caused the problem that stopped the DHCP Server working with a different IPv6 address. The configuration is still IPv4 based and fails to show the IPv6.
I am not sure what the original was before but after exhausting other options, changed it to dynamic - this raised a warning as expected but when I tried the DHCP Server start it worked ok.
Frustrating.
The question is what was the original IPv6 so I can put it back otherwise I suppose putting the new one back in will result in the same issue.
Reviewing the settings of DHCP, the IPv4 settings are clear but the IPv6 are not shown in NetServices. Nor are they in the registry along side the IPv4.
The good thing is the server is now in control of DHCP and DNS for the client pcs and they are performing faster and finding resources on the server much quicker.
--------------------------
On the certificate side - when I first powered up the server on the client site the date had changed on the server to 1900 and then due to a damaged keyboard the date was accidentally set to 16 December 2012 and changed back to 16 October 2012 within 15 minutes once a good keyboard was connected.
In reviewing the credentials I found that the Master CA is set to start 16 Decemner 2012 and some of the other certificates are set to 17 December 2012.
Thus these certificates are not valid for the current date.
I don't know who to correct these other than to re create them, do you know how to trigger this safely?
I can see from the dates on the DHCP that when the Connect to the internet was first run it changed the static IPv6 address for the server NIC and as DHCP had previously configured manually this caused the problem that stopped the DHCP Server working with a different IPv6 address. The configuration is still IPv4 based and fails to show the IPv6.
I am not sure what the original was before but after exhausting other options, changed it to dynamic - this raised a warning as expected but when I tried the DHCP Server start it worked ok.
Frustrating.
The question is what was the original IPv6 so I can put it back otherwise I suppose putting the new one back in will result in the same issue.
Reviewing the settings of DHCP, the IPv4 settings are clear but the IPv6 are not shown in NetServices. Nor are they in the registry along side the IPv4.
The good thing is the server is now in control of DHCP and DNS for the client pcs and they are performing faster and finding resources on the server much quicker.
--------------------------
On the certificate side - when I first powered up the server on the client site the date had changed on the server to 1900 and then due to a damaged keyboard the date was accidentally set to 16 December 2012 and changed back to 16 October 2012 within 15 minutes once a good keyboard was connected.
In reviewing the credentials I found that the Master CA is set to start 16 Decemner 2012 and some of the other certificates are set to 17 December 2012.
Thus these certificates are not valid for the current date.
I don't know who to correct these other than to re create them, do you know how to trigger this safely?
I would be tempted to take the DHCP assigned IP and use it as static. If there is no 3rd party DHCP server then it cannot be assigned to another client as DHCP pings to see if an IP is in use before assigning it.
Running the Fix My Network wizard at this point may do it automatically for you.
However there is no defined DHCP scope in SBS, and thus no entries in ADSIedit either which is why you don't see them. I would not set it up either unless you intend to run a fully IPv6 network (not always possible, yet).
As for fixing the certificate dates, I am sorry that is not a strong point of mine. You might be best to post another question.
Running The Best Practice Analyzer may pick up the certificate issues and if it does it usually suggests how to fix the problem:
http://www.sbslinks.com/sbsbpa.htm
If the Dec 2012 certificates have not expired you can leave them, or is that the expiry date, rather than creation date?
The following are two common articles on repairing a couple of the built-in certs that may be of some help:
http://msmvps.com/blogs/bradley/archive/2011/10/27/fixing-a-bit-of-thumbprints.aspx
http://titlerequired.com/2011/12/07/quick-fix-sbs-2008-sites-self-signed-certificate-expired/
Running the Fix My Network wizard at this point may do it automatically for you.
However there is no defined DHCP scope in SBS, and thus no entries in ADSIedit either which is why you don't see them. I would not set it up either unless you intend to run a fully IPv6 network (not always possible, yet).
As for fixing the certificate dates, I am sorry that is not a strong point of mine. You might be best to post another question.
Running The Best Practice Analyzer may pick up the certificate issues and if it does it usually suggests how to fix the problem:
http://www.sbslinks.com/sbsbpa.htm
If the Dec 2012 certificates have not expired you can leave them, or is that the expiry date, rather than creation date?
The following are two common articles on repairing a couple of the built-in certs that may be of some help:
http://msmvps.com/blogs/bradley/archive/2011/10/27/fixing-a-bit-of-thumbprints.aspx
http://titlerequired.com/2011/12/07/quick-fix-sbs-2008-sites-self-signed-certificate-expired/
ASKER
This was a tricky problem to introduce a new router and move dhcp back to the SBS. The problem was that the Connect to Internet tool within SBS console replaced the IPv6 static address and this produced a conflict within the Server DHCP Server settings. Because the IPv6 settings are hidden from the general DHCP configuration settings it was not obvious.
The Expert highlighted the area but it took time to identify what was the exact cause.
Helpful and kept going throughout the resolution.
The Expert highlighted the area but it took time to identify what was the exact cause.
Helpful and kept going throughout the resolution.
run dcdiag and paste output here