Solved

Windows 2003 server set up dhcp/dns/route to internet

Posted on 2013-12-24
23
1,772 Views
Last Modified: 2013-12-30
I need help with configuring a windows 2003 server. I have this server with two nic cards and it causing me nothing but problems.  When the internet goes out, some how the configuration is lost and the clients cannot get connected again.  I would like to configure this server with one nic.  I have a netopia router configured with an internal ip address  -

10.0.0.254 - netopia router - not doing dhcp (basically routing internal clients to the internet)
two nics:
10.0.0.216 and 10.0.0.10
10.0.0.10, subnet mask 255.255.255.0, gateway - 10.0.0.254 (router); dns - (external ATT dns servers)

private:  10.0.0.216, subnet mask 255.255.0.0, gateway - 10.0.0.254, dns 10.0.0.216

I removed all the RRAS set up because I thought that may have been causing the issue, but I could not get my internal clients to connect at all.  Would not see the internal network, could not get to anything.  The 10.0.0.216 was not sending or receiving packets.

The public nic is plugged directly into the router and I have 3 clients plugged into the router now.  They are working, but I have no more ports on the router and I have about 15 clients.
I also need to set up a vpn remote access to this server as the workers travel and need to connect to the server database.

I basically need to how set this up so that I can route all internal traffic to some internal database servers and out to the internet through one nic card.  This two nic card situation is causing too many issues.  I have not done this in a while, so step by step will be helpful.

Cannot set up the router to do router because there are only 5 addresses.  The server is doing dhcp and dns.  Thank you for any help you can give.
0
Comment
Question by:manch03
  • 11
  • 8
  • 3
  • +1
23 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 39738277
Is this server also acting as domain controller?

Mahesh
0
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39738284
Hello.
Why do you need 2 nics in one the same subnetwork? 10.0.0.10 and 10.0.0.216 in the same subnetwork.
If I had to configure it from the white list, that I would do:
1. Configure router with nat to allow clients to the Internet.
2. Configure vpn on a router to enable clients' access to the internal network.
3. Configure dhcp on the router to internal clients in your private network.
4. Connect switch to the router port and connect all clients and server to the switch.
5. Configure all necessary functions on the server without second NIC. It could be used if you need proxying functions for example.
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39738286
Disable the second NIC in the BIOS on the server and do not use it.

Setup your network to resemble the attached diagram.

Allow your server to remain DNS & DHCP

Make certain your DHCP is giving a gateway address that points at your inside router IP.

Make certain your DHCP is giving out one DNS server that is the IP address of the server. DO NOT include a public DNS server if you use your LAN based server to act as DNS. This breaks local device resolution.

Set a DNS forwarder in the DNS Service on the server to point to the outside Public or your ISP DNS for unknown resolutions.

Get all this working and then set up the RRAS as this is another beast in itself.

Those are the basics... Questions?
Drawing1.jpg
0
 

Author Comment

by:manch03
ID: 39738415
Yes this is a domain controller.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39738478
If you have both IP addresses set to 10. series, your clients must be able to connect to DC
Can you please share ipconfig /all output of one client computer please
Also do you have public IP through which VPN users can connect to server ?

Mahesh
0
 

Author Comment

by:manch03
ID: 39738553
Travelling today. I will post in a few hours
0
 
LVL 11

Expert Comment

by:Technodweeb
ID: 39738563
It really makes no difference if this is a DC or not. This could be a stand alone server and the architecture and configuration will be identical, except for the AD configuration.  It should only be using one NIC for connection to the LAN and all workstations and server should be a part of the same network segment. The 255.255.255.0 netmask covers that.
0
 

Author Comment

by:manch03
ID: 39739545
Ipconfig from workstation

10.0.0.132 ip address
255.255.255.0  - subnet mask
10.0.0.254  Gateway
10.0.0.10 (DNS Server)
Netbios enabled over tcp/ip  - Enabled
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39739734
I really not seen any reason for non connectivity
Are you able to telnet both IPs of Domain controllers from client computer on well known AD Ports
(For ex: TCP 389, 3268, 88, 445, 135, 139, 3269, 53)

I suggest you to disable one NIC and check if you are able to telnet ?
If yes, check client connectivity to domain controller, if you get success, then enable 2nd NIC and then try telnet again to check what may be going wrong ?

Mahesh
0
 

Author Comment

by:manch03
ID: 39740121
I can connect now, but I had to plug the client into the router directly.  The prior set up was this:

server with two nics - public nic plugged into router, private nic into switches
All clients plugged into switches
Router plugged into switches

The private clients could not connect to the internet, but could get to all internal network resources. (original problem)

The original issue was the isp went down due to an ice storm and there was no internet connectivity for any client.  After that came back, I could get to the internet on the servers, but not on any clients.  Clients were getting ip addresses, etc.  Then they could not connect to any internal resources and the private nic on the server was not sending or receiving.  I tested all the hardware and it said it was good.  I then thought maybe the routing got messed up, so I got rid of the routing set up.  (after many hours of trying to get connected).

Now I want to use one nic and get all internal clients routed to the internet as well as utilize internal resources on other servers and shared folders, etc.  This is a domain controller doing dhcp and dns.

@tednodweeb - I did disable the private nic, leaving the dhcp and dns set up on this server.  Do I not need to plug in the server to the router, but plug the server directly to the switch according to your drawing and plug the router into the switch?

I think this may have been an issue, but it had been working for a long time and then all of a sudden stopped.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39740291
As long as your router has connectivity to internet and if you setup DNS default forwarder to public DNS on domain controller as others suggested, you should be able to access internet on client computer provided that client preferred DNS is pointing to DNS server

For internet to work you don't require two NICs

Now the question remains with VPN..
I asked you a question in my earlier comment that do you own public IP address ?
To setup VPN server, you must require public IP at least..
Once you got public IP, you can setup another server as VPN server or can buy simple \ portable chip VPN box to setup VPN connectivity
Personally I do not recommended to setup Domain controller as a VPN server as it will expose the DC to internet

Mahesh
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 11

Assisted Solution

by:Technodweeb
Technodweeb earned 150 total points
ID: 39740339
Let your switch do what switches do best... They move packets to the destination the most efficiently. There is no need to task the router with extra traffic to contend with.

Your clients should be getting the following settings from DHCP as a minimum to work properly. You can check these setting at the client in a command prompt, type "ipconfig /all" and hit enter. Much info will appear but you are looking for the section that begins like the one shown here:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-41-38-13-E8-8E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4ce8:f09a:92ec:ab2d%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.43.3.84(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 26, 2013 8:17:12 AM
   Lease Expires . . . . . . . . . . : Sunday, December 29, 2013 8:17:53 AM
   Default Gateway . . . . . . . . . : 10.43.3.1
   DHCP Server . . . . . . . . . . . : 10.43.3.1
   DHCPv6 IAID . . . . . . . . . . . : 187449656
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D2-0B-43-2C-41-38-13-E8-8E

   DNS Servers . . . . . . . . . . . : 192.168.21.21
                                       192.168.21.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

You may have more or less lines of detail but you MUST have an IP Address, a Gateway Address, a Subnet Mask and at least one entry for DNS Server. Make certain that the IP address shown for the Gateway is your router IP address and make certain that the DNS IP address is the IP address of your file server. The Subnet Mask should be 255.255.255.0 unless you have some advanced needs.
0
 

Author Comment

by:manch03
ID: 39741907
@mahesh - I have not set up a default dns forwarder in my dns settings.  I defined the dns settings in the network settings on the domain controller with the two dns servers provided by ATT.  Do I need to do a forwarder in my dns?

Also, I do have 4 public ip addresses.  One I was hoping to use for vpn set up, but someone suggested not to set this up on the domain controller as it exposes it to the internet.  I have another windows 2003 server that I can use for that, but I would need instructions on how to set that up.
0
 

Author Comment

by:manch03
ID: 39741939
I will not be back at this site until Dec 29.  I will update at that time after trying your recommendations.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39742692
Yes, you should setup forwarders on your DNS server pointing to public dns of ISP

I am the one who suggested not to setup VPN server on DC, look my previous comment

Regarding setting up VPN on 2003 member server, refer below links
http://support.microsoft.com/kb/323441
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/

Mahesh
0
 

Author Comment

by:manch03
ID: 39743586
@mahesh - the techrepublic site states I need two nic cards to set up the vpn server.  This forum does not recommend two nic cards.  What is the correct way to do this?  Go with the one nic on a member server for vpn?
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39743783
Previously you wanted to install VPN server on domain controller itself, its not recommended as DC will get exposed to internet and it may create unwanted problems.

If you are installing VPN on 2003 member server, its just fine to have TWO network cards on server, one can be connected to public network and one on private network, that is the standard practise in case of windows VPN servers, also you can setup DHCP IP range for VPN users on this server through VPN role \ console or you can simply use internal DHCP server or you can setup DHCP role on VPN server itself.

If you afford to pay, VPN device will be ideal \ best choice and there are lot of vendors out in market who can give you good deal with competitive prices

Mahesh
0
 

Author Comment

by:manch03
ID: 39744602
Is VPN device a service or appliance?  I cannot find anything with that specific name.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39744794
Check below article for VPN appliances

http://www.zdnet.com/virtual-privacy-8-vpn-appliances-tested-1139182394/

Mahesh
0
 

Author Comment

by:manch03
ID: 39745314
Ok, I have more issues.  I could not get connected to the router at all when I returned.  It was giving me a 169.. ip address.  ATT had me reset the router and insist I use it as a dhcp server. I stopped dhcp on my domain controller - I did not uninstall it, I just stopped the service.  I really do not want to use the att router as my dhcp server as I have static ip's set on printers, servers, etc.   Every time I plug the router into my switch it cuts off all internet.  I can only connect directly to the router with a laptop now and/or through wireless.  When I do an ipconfig, the dns server is also the dhcp server - so obviously it is doing everything.  How do I get my domain to communicate with this router? What do I need to change?  Or do I need a new question.

Here is my new wireless ip info:

10.0.0.2
255.255.255.0
10.0.0.254 (router ip)  gateway
10.0.0.254 (dhcp server)
10.0.0.254 (dns server)
0
 

Author Comment

by:manch03
ID: 39745318
I was trying to set up the dns forwarder, but I am not sure I know how.   How should I change my domain controller static network ip address now?  10.0.0.10, 255.255.255.0, gateway, router and dns all the same as my client?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 350 total points
ID: 39745578
It seems that you must be having some issue with ATT router.
You can use only one NIC on domain controller which can connect to switch, one uplink from switch to ATT router and router need to point to ISP for internet.
Not sure if this router functions like typical standard router or it is just router device used to connect to internet just like home router.

I suggest You to ask vendor for supported router configuration and how to configure your desire configuration

DNS forwarder is very simple configuration.
Just open DNS management console, navigate to DNS server, right click and select Properties and on "Forwarders" tab add public DNS servers IP address, apply OK
You need to make sure that you can able to telnet public DNS IPs on tcp port 53 (DNS) from domain controller, otherwise it will not work and there you need to troubleshoot for possible failures, may be router, Public DNS servers itself.

Client computers must point to internal DC \ DNS IP as primary DNS server
On domain controller, it must be having IP in same range as client computers and it should be pointing to itself for primary DNS server.

Once you got correct router device \ configuration, you should be able to authenticate and browse internet on computers by connecting to switch only

Mahesh
0
 

Author Comment

by:manch03
ID: 39746918
@mahesh - I was beginning to think it was my switch, but I brought in a simple hub and connected the router directly to the router (Netopia).  I plugged in my laptop and did not get a 10. ip address, I was getting a 169.. strange address, but the correct gateway.  I accidentally configured the dns in the router and I cannot get rid of it.  The router is hanging onto the external dns server ip addresses.  I do not think that is hurting anything, just annoying.

I did my port forward on my dns server and plugged my laptop into that hub, now I am getting a 10. ip address.  I cannot do anything because people are working and I have them all plugged into the router so they can get their work done.  I still need to direct the netopia router to the internal dhcp server and I am not sure how to do this.  Looking for directions, but I think I did a pinhole to the dhcp server.  Right now I have the router doing dhcp, which I do not want - I want my windows server doing dhcp.  Going to give it a try now.  I will let you know.  If anyone can help with this router set up, that would be great.  I can post my configuration if this helps.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now