Windows 2003 server set up dhcp/dns/route to internet

I need help with configuring a windows 2003 server. I have this server with two nic cards and it causing me nothing but problems.  When the internet goes out, some how the configuration is lost and the clients cannot get connected again.  I would like to configure this server with one nic.  I have a netopia router configured with an internal ip address  - - netopia router - not doing dhcp (basically routing internal clients to the internet)
two nics: and, subnet mask, gateway - (router); dns - (external ATT dns servers)

private:, subnet mask, gateway -, dns

I removed all the RRAS set up because I thought that may have been causing the issue, but I could not get my internal clients to connect at all.  Would not see the internal network, could not get to anything.  The was not sending or receiving packets.

The public nic is plugged directly into the router and I have 3 clients plugged into the router now.  They are working, but I have no more ports on the router and I have about 15 clients.
I also need to set up a vpn remote access to this server as the workers travel and need to connect to the server database.

I basically need to how set this up so that I can route all internal traffic to some internal database servers and out to the internet through one nic card.  This two nic card situation is causing too many issues.  I have not done this in a while, so step by step will be helpful.

Cannot set up the router to do router because there are only 5 addresses.  The server is doing dhcp and dns.  Thank you for any help you can give.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Is this server also acting as domain controller?

Why do you need 2 nics in one the same subnetwork? and in the same subnetwork.
If I had to configure it from the white list, that I would do:
1. Configure router with nat to allow clients to the Internet.
2. Configure vpn on a router to enable clients' access to the internal network.
3. Configure dhcp on the router to internal clients in your private network.
4. Connect switch to the router port and connect all clients and server to the switch.
5. Configure all necessary functions on the server without second NIC. It could be used if you need proxying functions for example.
Gregory MillerGeneral ManagerCommented:
Disable the second NIC in the BIOS on the server and do not use it.

Setup your network to resemble the attached diagram.

Allow your server to remain DNS & DHCP

Make certain your DHCP is giving a gateway address that points at your inside router IP.

Make certain your DHCP is giving out one DNS server that is the IP address of the server. DO NOT include a public DNS server if you use your LAN based server to act as DNS. This breaks local device resolution.

Set a DNS forwarder in the DNS Service on the server to point to the outside Public or your ISP DNS for unknown resolutions.

Get all this working and then set up the RRAS as this is another beast in itself.

Those are the basics... Questions?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

manch03Author Commented:
Yes this is a domain controller.
If you have both IP addresses set to 10. series, your clients must be able to connect to DC
Can you please share ipconfig /all output of one client computer please
Also do you have public IP through which VPN users can connect to server ?

manch03Author Commented:
Travelling today. I will post in a few hours
Gregory MillerGeneral ManagerCommented:
It really makes no difference if this is a DC or not. This could be a stand alone server and the architecture and configuration will be identical, except for the AD configuration.  It should only be using one NIC for connection to the LAN and all workstations and server should be a part of the same network segment. The netmask covers that.
manch03Author Commented:
Ipconfig from workstation ip address  - subnet mask  Gateway (DNS Server)
Netbios enabled over tcp/ip  - Enabled
I really not seen any reason for non connectivity
Are you able to telnet both IPs of Domain controllers from client computer on well known AD Ports
(For ex: TCP 389, 3268, 88, 445, 135, 139, 3269, 53)

I suggest you to disable one NIC and check if you are able to telnet ?
If yes, check client connectivity to domain controller, if you get success, then enable 2nd NIC and then try telnet again to check what may be going wrong ?

manch03Author Commented:
I can connect now, but I had to plug the client into the router directly.  The prior set up was this:

server with two nics - public nic plugged into router, private nic into switches
All clients plugged into switches
Router plugged into switches

The private clients could not connect to the internet, but could get to all internal network resources. (original problem)

The original issue was the isp went down due to an ice storm and there was no internet connectivity for any client.  After that came back, I could get to the internet on the servers, but not on any clients.  Clients were getting ip addresses, etc.  Then they could not connect to any internal resources and the private nic on the server was not sending or receiving.  I tested all the hardware and it said it was good.  I then thought maybe the routing got messed up, so I got rid of the routing set up.  (after many hours of trying to get connected).

Now I want to use one nic and get all internal clients routed to the internet as well as utilize internal resources on other servers and shared folders, etc.  This is a domain controller doing dhcp and dns.

@tednodweeb - I did disable the private nic, leaving the dhcp and dns set up on this server.  Do I not need to plug in the server to the router, but plug the server directly to the switch according to your drawing and plug the router into the switch?

I think this may have been an issue, but it had been working for a long time and then all of a sudden stopped.
As long as your router has connectivity to internet and if you setup DNS default forwarder to public DNS on domain controller as others suggested, you should be able to access internet on client computer provided that client preferred DNS is pointing to DNS server

For internet to work you don't require two NICs

Now the question remains with VPN..
I asked you a question in my earlier comment that do you own public IP address ?
To setup VPN server, you must require public IP at least..
Once you got public IP, you can setup another server as VPN server or can buy simple \ portable chip VPN box to setup VPN connectivity
Personally I do not recommended to setup Domain controller as a VPN server as it will expose the DC to internet

Gregory MillerGeneral ManagerCommented:
Let your switch do what switches do best... They move packets to the destination the most efficiently. There is no need to task the router with extra traffic to contend with.

Your clients should be getting the following settings from DHCP as a minimum to work properly. You can check these setting at the client in a command prompt, type "ipconfig /all" and hit enter. Much info will appear but you are looking for the section that begins like the one shown here:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-41-38-13-E8-8E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4ce8:f09a:92ec:ab2d%11(Preferred)
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : Thursday, December 26, 2013 8:17:12 AM
   Lease Expires . . . . . . . . . . : Sunday, December 29, 2013 8:17:53 AM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 187449656
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D2-0B-43-2C-41-38-13-E8-8E

   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled

You may have more or less lines of detail but you MUST have an IP Address, a Gateway Address, a Subnet Mask and at least one entry for DNS Server. Make certain that the IP address shown for the Gateway is your router IP address and make certain that the DNS IP address is the IP address of your file server. The Subnet Mask should be unless you have some advanced needs.
manch03Author Commented:
@mahesh - I have not set up a default dns forwarder in my dns settings.  I defined the dns settings in the network settings on the domain controller with the two dns servers provided by ATT.  Do I need to do a forwarder in my dns?

Also, I do have 4 public ip addresses.  One I was hoping to use for vpn set up, but someone suggested not to set this up on the domain controller as it exposes it to the internet.  I have another windows 2003 server that I can use for that, but I would need instructions on how to set that up.
manch03Author Commented:
I will not be back at this site until Dec 29.  I will update at that time after trying your recommendations.
Yes, you should setup forwarders on your DNS server pointing to public dns of ISP

I am the one who suggested not to setup VPN server on DC, look my previous comment

Regarding setting up VPN on 2003 member server, refer below links

manch03Author Commented:
@mahesh - the techrepublic site states I need two nic cards to set up the vpn server.  This forum does not recommend two nic cards.  What is the correct way to do this?  Go with the one nic on a member server for vpn?
Previously you wanted to install VPN server on domain controller itself, its not recommended as DC will get exposed to internet and it may create unwanted problems.

If you are installing VPN on 2003 member server, its just fine to have TWO network cards on server, one can be connected to public network and one on private network, that is the standard practise in case of windows VPN servers, also you can setup DHCP IP range for VPN users on this server through VPN role \ console or you can simply use internal DHCP server or you can setup DHCP role on VPN server itself.

If you afford to pay, VPN device will be ideal \ best choice and there are lot of vendors out in market who can give you good deal with competitive prices

manch03Author Commented:
Is VPN device a service or appliance?  I cannot find anything with that specific name.
Check below article for VPN appliances

manch03Author Commented:
Ok, I have more issues.  I could not get connected to the router at all when I returned.  It was giving me a 169.. ip address.  ATT had me reset the router and insist I use it as a dhcp server. I stopped dhcp on my domain controller - I did not uninstall it, I just stopped the service.  I really do not want to use the att router as my dhcp server as I have static ip's set on printers, servers, etc.   Every time I plug the router into my switch it cuts off all internet.  I can only connect directly to the router with a laptop now and/or through wireless.  When I do an ipconfig, the dns server is also the dhcp server - so obviously it is doing everything.  How do I get my domain to communicate with this router? What do I need to change?  Or do I need a new question.

Here is my new wireless ip info: (router ip)  gateway (dhcp server) (dns server)
manch03Author Commented:
I was trying to set up the dns forwarder, but I am not sure I know how.   How should I change my domain controller static network ip address now?,, gateway, router and dns all the same as my client?
It seems that you must be having some issue with ATT router.
You can use only one NIC on domain controller which can connect to switch, one uplink from switch to ATT router and router need to point to ISP for internet.
Not sure if this router functions like typical standard router or it is just router device used to connect to internet just like home router.

I suggest You to ask vendor for supported router configuration and how to configure your desire configuration

DNS forwarder is very simple configuration.
Just open DNS management console, navigate to DNS server, right click and select Properties and on "Forwarders" tab add public DNS servers IP address, apply OK
You need to make sure that you can able to telnet public DNS IPs on tcp port 53 (DNS) from domain controller, otherwise it will not work and there you need to troubleshoot for possible failures, may be router, Public DNS servers itself.

Client computers must point to internal DC \ DNS IP as primary DNS server
On domain controller, it must be having IP in same range as client computers and it should be pointing to itself for primary DNS server.

Once you got correct router device \ configuration, you should be able to authenticate and browse internet on computers by connecting to switch only


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
manch03Author Commented:
@mahesh - I was beginning to think it was my switch, but I brought in a simple hub and connected the router directly to the router (Netopia).  I plugged in my laptop and did not get a 10. ip address, I was getting a 169.. strange address, but the correct gateway.  I accidentally configured the dns in the router and I cannot get rid of it.  The router is hanging onto the external dns server ip addresses.  I do not think that is hurting anything, just annoying.

I did my port forward on my dns server and plugged my laptop into that hub, now I am getting a 10. ip address.  I cannot do anything because people are working and I have them all plugged into the router so they can get their work done.  I still need to direct the netopia router to the internal dhcp server and I am not sure how to do this.  Looking for directions, but I think I did a pinhole to the dhcp server.  Right now I have the router doing dhcp, which I do not want - I want my windows server doing dhcp.  Going to give it a try now.  I will let you know.  If anyone can help with this router set up, that would be great.  I can post my configuration if this helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.