Networks·41,388 discussions

New Server With Multiple Roles (AD/DNS/DHCP/Routing/DC)

Locked

I have a new server that Ive been trying to configure as an all in one. This is just home use so its not critical. Right now I have a number of roles and I can verify that DNS works, AD works etc however I have the following problem. I have DHCP Authorized and available but when I plug Client system into the nics on the server they dont get the DHCP assigned, just the standard 169 junk.

The server has the power to run all this but maybe the operator isnt doing something right. I have 2xQuad VT Nics and I want system to plug directly into the server. Again no DHCP information is being attached.

Any ideas?

Topic

You might get an answer faster if…..

In reply to New Server With Multiple Roles (AD/DNS/DHCP/Routing/DC)

… you posted your question in the QUESTION forum instead of here in the DISCUSSION forum.

Check DNS

In reply to New Server With Multiple Roles (AD/DNS/DHCP/Routing/DC)

Just a few things to check.
1. Ensure the DNS server entries on BOTH nics point to itself and not your ISP.
2. If you need internet DNS resolution; configure conditional forwards in DNS (properties of the DNS server object, forwarders).
3. If you have any firewall software intalled/enabled on either the server or client; disable/turn off..etc for troubleshooting.
4. Ensure the DHCP service is bound to the internal NIC.
5. Take a network trace using netmon on the server to see if you are actually seeing the client request an address.

Just a few things to start you off.

Response

In reply to Check DNS

Ive tried putting the primary DNS server on the nics to both 127.0.0.1 as well as the 192.168.2.10 and it doesnt seem to change anything

DNS Entries are all local with the ISP ones entered under the properties of the server profile in the DNS Config Window

Never tried conditional forwarders

No firewalls, will install my pix 525 once all this is configured

Now I cant tell if its bound to the internal nic, only router seems to allow me to pick NIC cards so any instructions here would be great

The NIC on my dell xps 720 and the nix on the poweredge 2900 have the 169 address wsith a subnet of 255.255.0.0, so what IP do I tell the 720 to connect to for the dns server if its plugged directly into one of the 8 free gigabit ports?

Plugged directly into server?

In reply to New Server With Multiple Roles (AD/DNS/DHCP/Routing/DC)

You should probably use a hub or switch to connect teh server with the clients, but if you insist on plugging in directly, you will require a “cross-connect” cable to plug nic-to-nic, where the pairs are crossed. Even then though you are going to run into problems having two nics, and it’s too complicated to go into. Get a hub/switch.

Yes Directly

In reply to Plugged directly into server?

Yes, the server has two intel quad Port vt nics and I wanted to use those to plug clients in however these ports dont seem to pickup the DHCP server on the same machine and I know the DHCP is authorized and a scope has been created

Scope Settings

192.168.2.25 – 192.168.2.125
Subnet 255.255.255.0
Gateway 192.168.2.1 (The Internet Modem)
Nic thats plugged into the Modem 192.168.2.10

Is there a conflict with this scope?

The route seems to know that the NIC is using the 169 address with a subnet of 255.255.0.0 which means it didnt pickup the DHCP server

So Im lost here and it should work without any problems!

Quad port does not equal a hub

In reply to Yes Directly

In the past, quad-port NICs were setup with 1 IP and the 4 ports could be used to add more bandwidth to the server, like what Etherchannel does for Cisco. Typically these cards do not function as a hub or a switch, if that is what you are thinking. I don’t think that’s going to work, but then again, I am not completely familiar with that brand of NIC. I doubt it functions as a switch.

Do you have lights on the back of the nics that indicate connectivity?

Connections/Lights

In reply to Quad port does not equal a hub

Yeapers the lights go, and I can access shared folders on the server and that was the first thing I tested for. The nics are Intel Pro 1000 Quad Port VTs (500 per card).

I know its not a hub but just want to plug a few workstations into it and I dont think that should be an issue. I know peeps that do it and I could do it with Wink2k3 but Server 2008 just doesnt seem to like it or Im not configuring something correctly.

OK, back to IP…

In reply to Yes Directly

Scope Settings

192.168.2.25 – 192.168.2.125
Subnet 255.255.255.0
Gateway 192.168.2.1 (The Internet Modem)
Nic thats plugged into the Modem 192.168.2.10

Is there a conflict with this scope?

So, you have two nics on the server. 1 plugged into the Internet modem, the other with your workstations?

The one plugged into the internet, it’s at 192.168.2.10, and the internet modem is @ 192.168.2.1?

And now you are trying to use the same subnet on the second card? 192.168.2.25 /24? That won’t work. Try a new scope of 192.168.1.0-.255 255.255.255.0 or anything else other than the Internet subnet. I imagine the Internet subnet is also using the 255.255.255.0 mask.

Response

In reply to OK, back to IP…

Actually there are 3 nics

1.) Server had two built in BroadCom nics (One of these is used for the net modem)
2.) 2x Quad ports ethernet cards (Will be used for client systems

So in total I have 10 Ports all Gigabit

Right now Broadcom port 1 is plugged into the modem which has a gateway of 192.168.2.1 and the Nic is 192.168.2.10. This is that nics dedicated IP address.

The workstation is plugged into one of the 8 intel ports.

The one plugged into the internet, it’s at 192.168.2.10, and the internet modem is @ 192.168.2.1? Yeapers

And now you are trying to use the same subnet on the second card? 192.168.2.25 /24? That won’t work. Try a new scope of 192.168.1.0-.255 255.255.255.0 or anything else other than the Internet subnet. I imagine the Internet subnet is also using the 255.255.255.0 mask.

The scope right now is 192.168.2.25 – 192.168.2.125 giving me 100 DHCP addresses and yes the internet nic uses 255.255.255.0. So your saying on the scope use:

192.168.1.1/192.168.1.100 for IP Range
Subnet should be 255.255.0.0?

Subnet mask

In reply to Response

No definitely not 255.255.0.0

Why use 192.168.1.1-100?

Set the server IP on the NIC with the workstations to 192.168.1.1 (255.255.255.0). Set the DHCP scope to 192.168.1.2-254 mask 255.255.255.0

Scope Should Be

In reply to Subnet mask

Your awesome dude

So new scope should be

192.168.1.1 – 192.168.1.100
255.255.255.0

Tell it to use the same Subnet as the Internet Port Nic?

I don’t think so…

In reply to Scope Should Be

Internet port NIC is different, on a different subnet than the workstation NIC. Server will then have 2 nics with IP addresses on the (3 total right?), on two different subnets, the broadcom at 192.168.2.10 and the quad port at 192.168.1.1. DHCP scope goes on the 192.168.1.1 NIC

Please propose

In reply to OK, back to IP…

So right now its

Gateway: 192.168.2.1 (Modem)
Nic plugg into net: 192.168.2.10
DNS: 127.0.0.1
Subnet 255.255.255.0

For a scope you suggest
192.168.1.1 – 192.168.1.101
What should Gateway Be
What should Subnet mask be
What should DNS Server be

Also should I make changes to the Nic cards

THANKS!

Scope

In reply to Please propose

What should Gateway Be? 192.168.1.1
What should Subnet mask be? 255.255.255.0
What should DNS Server be? 192.168.1.1

And on the workstation NIC card, set the address to 192.168.1.1, 255.255.255.0, gateway is itself.

Response

In reply to Scope

What should Gateway Be? 192.168.1.1
Confused, the gateway should be the modem I thought? Currently the broadcom Nic works fine, and net/all works. But your saying just for the scope make it this?

What should Subnet mask be? 255.255.255.0
So its ok that the Nic that uses the net uses 255.255.255.0?

What should DNS Server be? 192.168.1.1
Interesting because the DNS server is 192.168.2.10? or is this just for the extra nics and scope?

And on the workstation NIC card, set the address to 192.168.1.1, 255.255.255.0, gateway is itself

So gateway would be 127.0.0.1? or the 192.168.1.1?

Check this out

In reply to Response

The server will have 2 IPs then:

192.168.2.10 -and-
192.168.1.1

On two different NICs. OK?

Now, the gateway address has to be on the same network. So the gateway address for 192.168.1.1 is 192.168.1.1, because, on this subnet, the server serves as the gateway. It will route unknown traffic to it’s other IP, 192.168.2.10 and that gateway. Somewhere it’s going to have to route to it’s default gateway 192.168.2.1, so you may have to add that default route somewhere on the command line, but don’t worry about that yet.

Ok

In reply to Scope

The server will have 2 IPs then:

192.168.2.10 -and-
192.168.1.1

On two different NICs. OK?

Now, the gateway address has to be on the same network. So the gateway address for 192.168.1.1 is 192.168.1.1, because, on this subnet, the server serves as the gateway. It will route unknown traffic to it’s other IP, 192.168.2.10 and that gateway. Somewhere it’s going to have to route to it’s default gateway 192.168.2.1, so you may have to add that default route somewhere on the command line, but don’t worry about that yet.

So a DHCP Scope will be

192.168.1.1 – 192.168.1.101
Gateway: 192.168.1.1
Subnet 255.255.255.0

Also you want me to make changes o0n the physical NIC on the workstation or the server? What changes did you want me to change there on one or both?

Sorry that Im thick skulled here just been told to do so many things and its left me confused. Your keeping me on a good line atm

Right Path, DHCP, Domain working But no net for clients

In reply to Scope

Hey Q

So far youve led me down the perfect path. The workstations can run NSLookups, ping anything on the internet including the Router which is on the 192.168.2.x range.

Now I have routing setup but I think my Nat is incorrect and I believe this is where you had suggested to make a static router. Heres my issue though

Im using the DSL modem which is also a router so the server itself gets a dedicated IP address of 192.168.2.10, so the Nat translation isnt to a public address, just to the local Lab port that does the dial ins to the PPPOe

Now how would I configure the system to use the Remote Router feature and service all ports? My nat configuration doesnt bring the internet back to client systems even though they can nslookup anything in the world.

Thanks Q I owe ya

You might have to enable RRAS on the server

In reply to Right Path, DHCP, Domain working But no net for clients

Just a WAG!

Works/DHCP but no Internet on either machine

In reply to OK, back to IP…

Ok so I did everything you told me to do and now the workstations all work.

Now, however, I lost the internet on the server 😛 Always something

just guessing here

In reply to Works/DHCP but no Internet on either machine

As a guess,,,

if you have a firewall/router in front of this NIC, that becomes the gateway out. you need to specify that IP address of that device as the gateway. The NICs address is on that subnet. If you don’t have a firewall/router device in front of this NIC, you can use auto detect or use the ISP provied IP address, subnet mask, default gateway, and DNS servers as the NICs properties.

Ummmm

In reply to just guessing here

The Server has 10 Gigabit ports, and the client machines plug directly into that system. The client machines can run NSlookup and get any website, but it just cant get any internet access. Client machines can view other systems on the network, the server itself, and another server on another IP range all together but it doesnt get websites

the server itself has 10 NICs?

In reply to Ummmm

not recommended. If you truly have 10 NICs on the server, better off buying a consumer level switch for around $75 USD and getting the server to a maximum of 2 NICs.

on the other problem,

if your not getting to the internet, and are running an active directory environment, then the DNS server isn’t forwarding queries to root hint servers or your ISP DNS servers therefore the web query goes unanswered thus no web page is display [404 or 403]. This is probably happening because the server doesn’t know where to send DNS queries it can’t answer. Usually it will send those queries to the default gateway specified in the NIC properties.

so a simple diagram for inbou nd traffice would be

internet [ISP] >>>>>>> WAN interface on perimeter router/firewall >>>>LAN interface [gateway]on perimeter router/firewall>>>>>>>>>>external NIC on Server >>>>>> internal NIC on Server >>>>>> switch >>>>> workstations

and just change the arrows to show outbound traffic.

From your ISP to your perimeter router WAN interface is it’s own subnet using addressing, mask and DNS server addresses provided by your ISP. The perimeter router/firewall to the external interface on the server is one subnet using your ISP DNS servers in the NIC properties and using your router subnet addressing and mask. the internal interface on the server is it’s own subnet using your Active Directory DNS server address in the NIC properties page as well as all workstations [DHCP can handle this for you].

This type of setup should allow workstations to get to the internet and allow the server to have internet connectivity.

Note: enable firewalls on the server and all workstations.

The Setup

In reply to just guessing here

The DSL Modem is also a router, the server uses 192.168.2.10 as the dedicated ip address. I can run NSLookup on the client systems and see the results for any website but I think your right.

The server has 10 Gigabit ports. Its a dell 2900, 2 Broadcom built in, and I have 2 Intel Quad VT cards. This is just a home setup. I finally got all the client systems running on the domaing, share, ping everything IN the network and even the Router itself but again no websites.

You recommend what exactly?

You guys are going over old roads…

In reply to Works/DHCP but no Internet on either machine

We already went through a lot of this stuff. The deal is, now that you have workstations, remember what I said about a default route? You need to add one, on your server.

On the server, goto the LAN settings on the 192.168.1.1 network, tcp/ip properties, advanced tcp/ip and then add the gateway 192.168.2.1, and give it a metric of one. Both network cards should have the default gateway of 192.168.2.1, with the 192.168.1.1 card having two gateways.

Q, Added the Default Gateway But

In reply to OK, back to IP…

Now you say enable Routing and Remote Access which I have but how should that be configured?

On Server 2008 I ran the wizard, so the interface that Nat is enabled on is 192.168.2.10 which the DSL Modem/Router is plugged into, and the NIC with Shared Internet is Connection 5.

In the Routing and Remote Access component I can see the Local Area Connection (192.168.2.10) getting mapping requests etc but in the Nat field the Local Connection 5 is 0 across the board so Im assuming nothing is happening here.

DNS Server has the forwarders configured as well as Root Hints. The Client system can Ping the Gateway (Router), server and anything else on the network but still no internet

Any ideas? I think that the nat is sending traffic to the 192.168.2.10 but its not a public IP address so I believe its sending the request there and times our because it has no idea what to do with the request.

Just a guess but Q youve got me this far lol

No NAT on server

In reply to Q, Added the Default Gateway But

You should not do any natting on the server. RRAS should provide the routing only. Did you put in the gateways?

Can you ping 192.168.2.1 from the workstations?

Will Check This

In reply to No NAT on server

Hey Q

Man Id pay you for your help at this point lol

Ive always initialized Routing and Remote Access via Nat however where youve been right, I should just configure it for Lan Routing correct?

Yes I added it but again the nats there so I believe something else is happening. Once I figure this out Ill re-image the box and add Server 2008 Datacenter x64 again

No nat, just lan routing correct?

Yes, last night I added 7 workstations and all could ping the router, I could run nslookup on each client machine, but no outside world traffic.

What I ended up finding is that of the two nics, all 8 ports have to have their own IP Range. I cannot use the 192.168.1.x on any other port except the on its originally assigned to. Is that the correct behavior?

If you can ping the router

In reply to Will Check This

If you can ping the router, then that is a good sign of routing. Now, on the PPOe router, the DSL modem, you may need to tell it to ALSO NAT the 192.168.1.0 network as well! Because it doesn’t know about this new network you set up. It’s probably just NATting the 192.168.2.0 network.

Good luck!

Clarify

In reply to No NAT on server

Quote

it to ALSO NAT the 192.168.1.0 network as well! Because it doesn’t know about this new network you set up. It’s probably just NATting the 192.168.2.0 network.

And how is this accomplished?

Go into the DSL Modem

In reply to Clarify

And program it. Is it a Cisco?

Not Cisco

In reply to No NAT on server

Not a cisco 🙁

Is it a Cisco? Nope :(

In reply to Plugged directly into server?

This is a siemens speedstream 6250. I have a Pix 525 and a Cisco 2811 on the way but Im not expecting them for another week or two.

I can also get a cisco DSL modem from the local Telecom, but Im sure its capable of doing this, but I dont know how.

Under the IP configurations I dont see where I can add additional Lans

I have to ask… what’s the point of all this???

In reply to Is it a Cisco? Nope :(

no one runs 5 port NICs on a server let alone 2 5 port NICs. It’s just to complicated and to much administrative effort when you can buy 16 port switch for less than $100.0 USD. Heck just save your pennies and get a Cisco 2950 24 port switch. for under $300.00 USD.

If your trying to learn routing and switching, this isn’t the way to go. If your trying to setup a network, again it isn’t the way to go with the VT multiport NICs.

If you have DSL service and you want to run Cisco equipment, I suggest you go to your DSL provider and tell them you only want a modem. you don’t want the combination modem + router. this way, you don’t have 2 perimeter routers unless you are going to have a DMZ zone. again having 2 perimeter routers without the need for a DMZ causes a lot of complexity and admin effort in routing.

Not Pointless/Not Production

In reply to I have to ask… what’s the point of all this???

sdfsadf

Q Youve been right so far

In reply to Plugged directly into server?

I redid the server and I wanted to start from scratch

DHCP and Router install?

[Author]

Replies