Solved

Is it ok to have 2 DCHP servers on an SBS network?

Posted on 2013-06-12
19
1,228 Views
Last Modified: 2013-06-13
I hope this doesn't sound like a stupid question, but I have always believed that the SBS server should be the only DHCP server on the network. Any sign of another and off goes the DHCP server service.

However, there are many cases where offices may be happy to allow "visitors" wifi internet access without wanting to grant Intenet access to their network and the router needs to be able to issue IP addresses.

Am I missing something obvious or is it ok to edit the registry of the SBS server to allow extra DHCP servers?

Many thanks.
0
Comment
Question by:carolinems
  • 8
  • 5
  • 2
  • +4
19 Comments
 
LVL 21

Expert Comment

by:Haresh Nikumbh
ID: 39240484
The issues of two DHCP servers in the same LAN

If you have two DHCP servers running in the same LAN, you may experience some issues.

Case 1: The client has been using as router as DHCP server for two years. After the client installed a Windows SBS. 2003. Some computers have problem to access the Internet.

Cause: the SBS has DHCP enable but not DNS. If a computer is assigned IP by the SBS DHCP without DNS.

Resolution: Disable the DHCP on the router and install DNS on the SBS. Reconfigure the DHCP option to setup DNS.

Case 2: The administrators was told that some computers cannot access the file server.

Cause: one technician added a wireless router and enabled the DHCP using different subnet. When some computers renew the IP, they may receive different IP addresses.

Resolution: Disable DHCP on the wireless router.

Case 3: Some of computers receive The system has detected a conflict for IP address  message.

Cause: The client just add another wireless router which is also DHCP server. Disabling the DHCP on the wireless router fixed the probelm.

Source:

http://www.chicagotech.net/troubleshooting/2dhcp.htm
0
 
LVL 17

Expert Comment

by:sgsm81
ID: 39240486
We have the main network with its DHCP server then admittadly we have a number of wifi routers configured with the same SSID placed around the office to allow a "blanket" approach to wireless coverage.

All wifi routers plug into a separate port on our firewall which provides DHCP/IP Pool/DNS etc.

This way wifi visitors can not gain any level of access to our corporate network.
0
 
LVL 10

Expert Comment

by:Senthil Kumar
ID: 39240514
You can also create different scope for separate subnets for Wi-Fi clients.
0
 

Author Comment

by:carolinems
ID: 39240529
The network I am looking at definately needs tidying, IPs all over the place.

I was thinking of allowing the SBS server to issue 10.0.0.101 to120 and the Draytek router issue 10.0.0.121 to 130.

Would this work ok? They do lose the Internet on the PCs/server a couple of times a month, but all the IPs are fixed! While this is down (and rebooting the Draytek resolves it), the wifi devices remain on the Internet.
0
 
LVL 10

Expert Comment

by:Senthil Kumar
ID: 39240534
Looks fine if you have lesser number of devices in the network. And make sure the scope does not clash with the fixed IP
0
 

Author Comment

by:carolinems
ID: 39240774
One issue, a laptop that connects to the wifi of the Draytek router and then logs onto the server to join the network currently picks up the router as it's DNS server. Could this lead to problems connecting to the server?

I'd don't really like the idea of giving a portable device a fixed IP and would there be wifi problems if this was changed?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39241808
Your final comment illustrates the underlying issue with your current architecture. Ultimately you do *not* want multiple DHCP servers on an SBS network if you want to keep SBS as a DHCP server. The solution isn't to edit registry to keep the SBS DHCP server running, but is to redesign your network in such a way that the non-SBS DHCP server isn't on the same LAN at all.

The proper setup here is to separate the LANs. The simplest solution is to create a separate LAN for WiFi. Put a DHCP server on that LAN, SBS will never see it, and all will work. Your corporate network is fully isolated (if your router is properly configured) and all is well.

This falls apart, however, if you have BYOD or corporate devices that will be using WiFi to access the server and its resources. Since the above scenario has the WiFi network fully separated, this would clearly not allow access to the server. If *this* is your situation, the appropriate approach is to use business-class wireless access points that support multiple SSIDs and VLANs. With a VLAN setup, you can have one SSID on the SBS VLAN for corporate access. When a wireless device joins this wireless network, it will get its address from the SBS DHCP server. The second VLAN would be the "guest" network, on a totally separate VLAN, and that VLAN would have its own DHCP server. Since it is a different VLAN, SBS would never see that second DHCP server. But when a client joins *that* network, it'd get its address not from SBS, but from that DHCP server, and then it'd work as above, where the VLANs act at separate LAN segments, keeping the two networks isolated and thus protecting your network.

Many WAPs even offer allow you to turn on DHCP per VLAN, so you can have SBS as the DHCP server on one VLAN and the WAP itself as the DHCP server on the other VLAN, and that DHCP server won't conflict with SBS.

This is really the way to offer guest WiFi while properly protecting your SBS server.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 39241868
It's fine as long as the second SBS server isn't running its own domain.  You can easily use DHCP in an 80/20 or 50/50 configuration on the same subnet, for example, with no issues.  This is a recommended redundancy solution.

If you want to offer 'secure' WiFi you need a different VLAN and subnet.  That is still ok to use a second DHCP server though as you can use multiple IP helpers (or DHCP relays).
0
 

Author Comment

by:carolinems
ID: 39242442
Thanks cgaliher, it's a good idea but the network is tiny and I feel it is a question of the end user making some compromises. I'm trying to find the easiest acceptable route between A and B. Let me explain the setup.

An SBS2003 with five XP/w7 PCs are on the wired LAN along with 3 network printers. All have fixed IPs. They are joined on the LAN by one wireless notebook that is picking up its IP from the Draytek 2830 router. As I understand it, it is seldom used and stays in the same location. I am going to suggest this becomes wired.

Various iPads and iPhones (and guest devices) can connect to the Internet without upsetting anything.

A Sonos soundbar and skybox have wired connections to the router.

Occasionally the Internet will be lost by the server and PCs - this is resolved by rebooting the Draytek. During this period the Sonos and iPads (half wifi only) continue to get Internet and this is what I am helping resolve.

 Thanks,

Caroline
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 500 total points
ID: 39242525
The fact that rebooting the Draytek fixes things but that the wifi stuff continues to work....it *could* be DHCP, but I doubt it because, as you mentioned, right now the other stuff is statically assigned. The DHCP issue sounds like a red herring to me. I'd be more inclined to suspect something with DNS and an interaction with the ISP DNS servers and the SBS DNS Server which would explain why devices not using SBS for DNS would continue to work.
0
 

Author Comment

by:carolinems
ID: 39242849
I agree the DHCP will not resolve the issue but it's something that needs sorting.

Interesting point about the DNS - the PCs point to the server which points to the Draytek, so they are using the same BT servers surely? So it is something breaking down between the server and router until the latter is rebooted?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39242883
Likely. First, just in case there is any potential misunderstanding, the SBS NIC settings should *only* have DNS settings for itself (or another domain controller if you do have multiple DCs.) The NIC settings should not point at the Draytek, BT, or any other public DNS servers.

Now, the DNS server on SBS can be configured with fowarders. You *could* point them at the Draytek, but I'm guessing that is the problem. It is likely that the Draytek DHCP server is handing out the BT DNS servers to the clients.  Which means DHCP clients are using BT, not the Draytek, for DNS. But the SBS DNS server is trying to use the Draytek. So if the Draytek DNS service is freezing, DHCP clients will work (as they are using BT directly) but SBS (and any client quering SBS) will stop working.

The easy fix is to change the fowarders on SBS to use BT DNS servers, or other DNS servers of your choosing (google DNS, openDNS, etc) or not use forwarders at all. Either way, it removes the dependency for the Draytek DNS service, which is apparently the root of the problem.

-Cliff
0
 

Author Comment

by:carolinems
ID: 39243556
Thanks Cliff. The single DNS server on the SBS server is itself, the gateway the Draytek router. I will check the DNS on the server for any current forwarding and set up new ones to the BT servers.
0
 

Author Comment

by:carolinems
ID: 39243630
I checked online where BT list 8 DNS servers. Although the 2 the server is currently using are on the list, I have changed these to the primary and secondary ones.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39243636
On your SBS server's NIC settings?  Don't do that! The primary should be the SBS server itself, and the secondary should be empty.

If BT lists 8 servers, you can add all 8 as forwarders in the DNS Server MMC and remove any other entries that may be gumming up the works.
0
 

Author Comment

by:carolinems
ID: 39243647
On your SBS server's NIC settings?  Don't do that! The primary should be the SBS server itself, and the secondary should be empty.



That's what I said. "The single DNS server on the SBS server is itself"
0
 
LVL 12

Expert Comment

by:Gary Coltharp
ID: 39244465
This is a whatever works type question...but I handle these situations like this:

The SBS server and firewall should be configured to serve the SBS and its clients, period.

If you want to serve guest wifi, use multi SSID access points that permit this. There are several relatively inexpensive ones out there that will get the job done. I prefer Meraki because theirs actually firewalls the guest wifi from the LAN with no special configuration.

HTH

Gary
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39244754
Yep, I knew you said that. But then later you said this: "Although the 2 the server is currently using are on the list, I have changed these to the primary and secondary ones."

The terms "primary" and "secondary" aren't the usual nomenclature when talking about DNS Forwarders and was *just* enough to raise my concern. Just one of those drawbacks of working in a forum situation...one can never really assume anything, so I was just being cautious. Better to repeat the advice than risk a total misunderstanding.  :)
0
 

Author Closing Comment

by:carolinems
ID: 39246687
.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now