[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Windows 2003 server set up dhcp/dns/route to internet

Posted on 2013-12-24
23
Medium Priority
?
1,882 Views
Last Modified: 2013-12-30
I need help with configuring a windows 2003 server. I have this server with two nic cards and it causing me nothing but problems.  When the internet goes out, some how the configuration is lost and the clients cannot get connected again.  I would like to configure this server with one nic.  I have a netopia router configured with an internal ip address  -

10.0.0.254 - netopia router - not doing dhcp (basically routing internal clients to the internet)
two nics:
10.0.0.216 and 10.0.0.10
10.0.0.10, subnet mask 255.255.255.0, gateway - 10.0.0.254 (router); dns - (external ATT dns servers)

private:  10.0.0.216, subnet mask 255.255.0.0, gateway - 10.0.0.254, dns 10.0.0.216

I removed all the RRAS set up because I thought that may have been causing the issue, but I could not get my internal clients to connect at all.  Would not see the internal network, could not get to anything.  The 10.0.0.216 was not sending or receiving packets.

The public nic is plugged directly into the router and I have 3 clients plugged into the router now.  They are working, but I have no more ports on the router and I have about 15 clients.
I also need to set up a vpn remote access to this server as the workers travel and need to connect to the server database.

I basically need to how set this up so that I can route all internal traffic to some internal database servers and out to the internet through one nic card.  This two nic card situation is causing too many issues.  I have not done this in a while, so step by step will be helpful.

Cannot set up the router to do router because there are only 5 addresses.  The server is doing dhcp and dns.  Thank you for any help you can give.
0
Comment
Question by:manch03
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
  • 3
  • +1
23 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39738277
Is this server also acting as domain controller?

Mahesh
0
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39738284
Hello.
Why do you need 2 nics in one the same subnetwork? 10.0.0.10 and 10.0.0.216 in the same subnetwork.
If I had to configure it from the white list, that I would do:
1. Configure router with nat to allow clients to the Internet.
2. Configure vpn on a router to enable clients' access to the internal network.
3. Configure dhcp on the router to internal clients in your private network.
4. Connect switch to the router port and connect all clients and server to the switch.
5. Configure all necessary functions on the server without second NIC. It could be used if you need proxying functions for example.
0
 
LVL 12

Expert Comment

by:Gregory Miller
ID: 39738286
Disable the second NIC in the BIOS on the server and do not use it.

Setup your network to resemble the attached diagram.

Allow your server to remain DNS & DHCP

Make certain your DHCP is giving a gateway address that points at your inside router IP.

Make certain your DHCP is giving out one DNS server that is the IP address of the server. DO NOT include a public DNS server if you use your LAN based server to act as DNS. This breaks local device resolution.

Set a DNS forwarder in the DNS Service on the server to point to the outside Public or your ISP DNS for unknown resolutions.

Get all this working and then set up the RRAS as this is another beast in itself.

Those are the basics... Questions?
Drawing1.jpg
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:manch03
ID: 39738415
Yes this is a domain controller.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39738478
If you have both IP addresses set to 10. series, your clients must be able to connect to DC
Can you please share ipconfig /all output of one client computer please
Also do you have public IP through which VPN users can connect to server ?

Mahesh
0
 

Author Comment

by:manch03
ID: 39738553
Travelling today. I will post in a few hours
0
 
LVL 12

Expert Comment

by:Gregory Miller
ID: 39738563
It really makes no difference if this is a DC or not. This could be a stand alone server and the architecture and configuration will be identical, except for the AD configuration.  It should only be using one NIC for connection to the LAN and all workstations and server should be a part of the same network segment. The 255.255.255.0 netmask covers that.
0
 

Author Comment

by:manch03
ID: 39739545
Ipconfig from workstation

10.0.0.132 ip address
255.255.255.0  - subnet mask
10.0.0.254  Gateway
10.0.0.10 (DNS Server)
Netbios enabled over tcp/ip  - Enabled
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39739734
I really not seen any reason for non connectivity
Are you able to telnet both IPs of Domain controllers from client computer on well known AD Ports
(For ex: TCP 389, 3268, 88, 445, 135, 139, 3269, 53)

I suggest you to disable one NIC and check if you are able to telnet ?
If yes, check client connectivity to domain controller, if you get success, then enable 2nd NIC and then try telnet again to check what may be going wrong ?

Mahesh
0
 

Author Comment

by:manch03
ID: 39740121
I can connect now, but I had to plug the client into the router directly.  The prior set up was this:

server with two nics - public nic plugged into router, private nic into switches
All clients plugged into switches
Router plugged into switches

The private clients could not connect to the internet, but could get to all internal network resources. (original problem)

The original issue was the isp went down due to an ice storm and there was no internet connectivity for any client.  After that came back, I could get to the internet on the servers, but not on any clients.  Clients were getting ip addresses, etc.  Then they could not connect to any internal resources and the private nic on the server was not sending or receiving.  I tested all the hardware and it said it was good.  I then thought maybe the routing got messed up, so I got rid of the routing set up.  (after many hours of trying to get connected).

Now I want to use one nic and get all internal clients routed to the internet as well as utilize internal resources on other servers and shared folders, etc.  This is a domain controller doing dhcp and dns.

@tednodweeb - I did disable the private nic, leaving the dhcp and dns set up on this server.  Do I not need to plug in the server to the router, but plug the server directly to the switch according to your drawing and plug the router into the switch?

I think this may have been an issue, but it had been working for a long time and then all of a sudden stopped.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39740291
As long as your router has connectivity to internet and if you setup DNS default forwarder to public DNS on domain controller as others suggested, you should be able to access internet on client computer provided that client preferred DNS is pointing to DNS server

For internet to work you don't require two NICs

Now the question remains with VPN..
I asked you a question in my earlier comment that do you own public IP address ?
To setup VPN server, you must require public IP at least..
Once you got public IP, you can setup another server as VPN server or can buy simple \ portable chip VPN box to setup VPN connectivity
Personally I do not recommended to setup Domain controller as a VPN server as it will expose the DC to internet

Mahesh
0
 
LVL 12

Assisted Solution

by:Gregory Miller
Gregory Miller earned 600 total points
ID: 39740339
Let your switch do what switches do best... They move packets to the destination the most efficiently. There is no need to task the router with extra traffic to contend with.

Your clients should be getting the following settings from DHCP as a minimum to work properly. You can check these setting at the client in a command prompt, type "ipconfig /all" and hit enter. Much info will appear but you are looking for the section that begins like the one shown here:

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 2C-41-38-13-E8-8E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4ce8:f09a:92ec:ab2d%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.43.3.84(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 26, 2013 8:17:12 AM
   Lease Expires . . . . . . . . . . : Sunday, December 29, 2013 8:17:53 AM
   Default Gateway . . . . . . . . . : 10.43.3.1
   DHCP Server . . . . . . . . . . . : 10.43.3.1
   DHCPv6 IAID . . . . . . . . . . . : 187449656
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D2-0B-43-2C-41-38-13-E8-8E

   DNS Servers . . . . . . . . . . . : 192.168.21.21
                                       192.168.21.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

You may have more or less lines of detail but you MUST have an IP Address, a Gateway Address, a Subnet Mask and at least one entry for DNS Server. Make certain that the IP address shown for the Gateway is your router IP address and make certain that the DNS IP address is the IP address of your file server. The Subnet Mask should be 255.255.255.0 unless you have some advanced needs.
0
 

Author Comment

by:manch03
ID: 39741907
@mahesh - I have not set up a default dns forwarder in my dns settings.  I defined the dns settings in the network settings on the domain controller with the two dns servers provided by ATT.  Do I need to do a forwarder in my dns?

Also, I do have 4 public ip addresses.  One I was hoping to use for vpn set up, but someone suggested not to set this up on the domain controller as it exposes it to the internet.  I have another windows 2003 server that I can use for that, but I would need instructions on how to set that up.
0
 

Author Comment

by:manch03
ID: 39741939
I will not be back at this site until Dec 29.  I will update at that time after trying your recommendations.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39742692
Yes, you should setup forwarders on your DNS server pointing to public dns of ISP

I am the one who suggested not to setup VPN server on DC, look my previous comment

Regarding setting up VPN on 2003 member server, refer below links
http://support.microsoft.com/kb/323441
http://www.techrepublic.com/article/configure-a-windows-server-2003-vpn-on-the-server-side/

Mahesh
0
 

Author Comment

by:manch03
ID: 39743586
@mahesh - the techrepublic site states I need two nic cards to set up the vpn server.  This forum does not recommend two nic cards.  What is the correct way to do this?  Go with the one nic on a member server for vpn?
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39743783
Previously you wanted to install VPN server on domain controller itself, its not recommended as DC will get exposed to internet and it may create unwanted problems.

If you are installing VPN on 2003 member server, its just fine to have TWO network cards on server, one can be connected to public network and one on private network, that is the standard practise in case of windows VPN servers, also you can setup DHCP IP range for VPN users on this server through VPN role \ console or you can simply use internal DHCP server or you can setup DHCP role on VPN server itself.

If you afford to pay, VPN device will be ideal \ best choice and there are lot of vendors out in market who can give you good deal with competitive prices

Mahesh
0
 

Author Comment

by:manch03
ID: 39744602
Is VPN device a service or appliance?  I cannot find anything with that specific name.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39744794
Check below article for VPN appliances

http://www.zdnet.com/virtual-privacy-8-vpn-appliances-tested-1139182394/

Mahesh
0
 

Author Comment

by:manch03
ID: 39745314
Ok, I have more issues.  I could not get connected to the router at all when I returned.  It was giving me a 169.. ip address.  ATT had me reset the router and insist I use it as a dhcp server. I stopped dhcp on my domain controller - I did not uninstall it, I just stopped the service.  I really do not want to use the att router as my dhcp server as I have static ip's set on printers, servers, etc.   Every time I plug the router into my switch it cuts off all internet.  I can only connect directly to the router with a laptop now and/or through wireless.  When I do an ipconfig, the dns server is also the dhcp server - so obviously it is doing everything.  How do I get my domain to communicate with this router? What do I need to change?  Or do I need a new question.

Here is my new wireless ip info:

10.0.0.2
255.255.255.0
10.0.0.254 (router ip)  gateway
10.0.0.254 (dhcp server)
10.0.0.254 (dns server)
0
 

Author Comment

by:manch03
ID: 39745318
I was trying to set up the dns forwarder, but I am not sure I know how.   How should I change my domain controller static network ip address now?  10.0.0.10, 255.255.255.0, gateway, router and dns all the same as my client?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 1400 total points
ID: 39745578
It seems that you must be having some issue with ATT router.
You can use only one NIC on domain controller which can connect to switch, one uplink from switch to ATT router and router need to point to ISP for internet.
Not sure if this router functions like typical standard router or it is just router device used to connect to internet just like home router.

I suggest You to ask vendor for supported router configuration and how to configure your desire configuration

DNS forwarder is very simple configuration.
Just open DNS management console, navigate to DNS server, right click and select Properties and on "Forwarders" tab add public DNS servers IP address, apply OK
You need to make sure that you can able to telnet public DNS IPs on tcp port 53 (DNS) from domain controller, otherwise it will not work and there you need to troubleshoot for possible failures, may be router, Public DNS servers itself.

Client computers must point to internal DC \ DNS IP as primary DNS server
On domain controller, it must be having IP in same range as client computers and it should be pointing to itself for primary DNS server.

Once you got correct router device \ configuration, you should be able to authenticate and browse internet on computers by connecting to switch only

Mahesh
0
 

Author Comment

by:manch03
ID: 39746918
@mahesh - I was beginning to think it was my switch, but I brought in a simple hub and connected the router directly to the router (Netopia).  I plugged in my laptop and did not get a 10. ip address, I was getting a 169.. strange address, but the correct gateway.  I accidentally configured the dns in the router and I cannot get rid of it.  The router is hanging onto the external dns server ip addresses.  I do not think that is hurting anything, just annoying.

I did my port forward on my dns server and plugged my laptop into that hub, now I am getting a 10. ip address.  I cannot do anything because people are working and I have them all plugged into the router so they can get their work done.  I still need to direct the netopia router to the internal dhcp server and I am not sure how to do this.  Looking for directions, but I think I did a pinhole to the dhcp server.  Right now I have the router doing dhcp, which I do not want - I want my windows server doing dhcp.  Going to give it a try now.  I will let you know.  If anyone can help with this router set up, that would be great.  I can post my configuration if this helps.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question