Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, this win server 2003 and the LAN went bad after an ISP upgrade!


  • Please log in to reply
22 replies to this topic

#1 eltrom

eltrom

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 13 October 2015 - 11:02 AM

First of all, Hi! I'm new here and to windows servers.

So we've just switched to a much faster ISP and we wanted the server to be attached to it so we've got the server disconnected from the old and slower ISP modem. So the formation is as follows:

Modem(WAN/ISP) - Server - Switch - Workstations and Printers

The server is a hereditary server, the one who set up the server is no longer around and unable to be contacted anymore. We used to have no problem with the server but the slow internet speed, and then new problems arose after we got the server connected to the new ISP modem. 

The server alone has no problem connecting to the internet but the clients(workstations) were only able to connect to the server, unable to connect to the internet through the server. The WAN interface(connection from server to ISP modem) uses DHCP and the LAN interface(Switch) uses Static configuration(IP, Def gateway,DNS(ISP's recommended DNS)) because the LAN(switch) won't work if we used DHCP.

In an attempt to enable client workstations to connect to Internet through the server, we tried to enable/tick "Internet Connection Sharing" on WAN properties by the sharing tab which according to its description, the option should allow other network users to connect to internet through the server's internet connection if the option is ticked but after we ticked it and clicked OK, an error message saying something like "you have to disable Remote Access Connection and ICS on Routing and Remote Access in order to be able to use the internet sharing option"

So we went ahead and disabled it on Routing and Remote Access menu by turning the windows firewall off on the Services menu first as there was a message saying that we need to turn the windows firewall off prior to disabling the Remote Access Connection and ICS. And then we were able to select Internect Connection Sharing on WAN properties but things got even worse, the clients could not even detect the server anymore.

We then went straight back to disable Internet Connection Sharing on WAN properties and re-enabled everything on Routing and Remote Access menu. During the process, we had to set Remote Access Connection back up and we blindly chose VPN and NAT option for it as we thought that it's the most logical choice. We then select DHCP, ignored the RADIUS option, and clicked on finish and still, it didn't work, the clients could not detect the server.

The client workstations use DHCP on its LAN interface but there are some that were found using particular DNS(probably old DNS that are no longer active) so we made it use DHCP but surprisingly they would revert to those old DNS after the system is rebooted.

At this point, we just want at least the client workstations to be able to connect to the server, internet access through the server would be a plus.

Please help me address what might be the problems.

Thank you in advance!

 

 



BC AdBot (Login to Remove)

 


#2 mjd420nova

mjd420nova

  • Members
  • 1,851 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:17 AM

Posted 13 October 2015 - 12:14 PM

My experience with changing ISPs had a difficult start at first too but the bad news was I had to regenerate the OS and ISP connections to get things back on the straight path.  Ours was a switch from a fast DSL to a cable setup.  The IE versions are characterized on initial install to support that OS.  That IE version become pretty flaky when used with a different ISP.  Worst case is that it might require a repair to get unmodified files from the original disk.



#3 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 13 October 2015 - 03:06 PM

If you are new to servers AND you change the configuration you can only expect to have problems.

 

You should have a router between the server and the isp modem.  Server facing the raw internet is in risk of being hacked.

The workstations should not be going through the server for internet especially since it is clear they were not doing so previously.

 

If you are set on the present configuration of going through the server you need to do the following;

1. You must have two wired network interfaces in the server

2. One nic is connected to the internet modem

3. The other nic is connected to the switch

4. The internet facing nic and lan facing nics must not be in the same subnets [for example both can't be in the 192.168.1.x subnets or no routing can happen]

5. You engage RRAS routing doing NAT between the interfaces

6. You enable DHCP server on the lan nic as well as establishing the scope and subnet

 

Lots of how tos via the internet on how to do this.



#4 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 13 October 2015 - 09:59 PM

@mjd420nova: Thank you for sharing your experience

 

@Wand3r3r: Thank you very much for your detailed guidance, this server configuration is the same server configuration as the previous server configuration, workstations can either connect to Internet through server or through a wireless router which is connected to a different ISP modem and has nothing to do with the server. While I know that the idea of having a router between the isp modem and the server is ideal, the boss preferred to stay with the current configuration at the moment so I can't argue but obey, we might reconfigure in near future though.

 

In response to your points above,

 

1. You must have two wired network interfaces in the server  -  Checked

2. One nic is connected to the internet modem  -  Checked

3. The other nic is connected to the switch  -  Checked

4. The internet facing nic and lan facing nics must not be in the same subnets [for example both can't be in the 192.168.1.x subnets or no routing can happen]  -  I forgot about this, will put a different subnet on the switch nic soon, thanks!! 

5. You engage RRAS routing doing NAT between the interfaces -  Checked(if the 10:36 - 12:07 part of this  https://youtu.be/TG_UkPLiBOk is like what you meant but we'd choose VPN and NAT instead of VPN and Dial Up like in that part of the video)

6. You enable DHCP server on the lan nic as well as establishing the scope and subnet  -  you meant the 12:12 - 12:54 part of this https://youtu.be/TG_UkPLiBOk ? if so, I ticked Automatically in ingnorance, will go with From A Specified Range Of Address tomorrow, thanks!!

Anything else though? I forgot to check if the network domain name stays intact after what I did, also how do we keep some workstations from reverting to old DNS when restarted?

 

Looking forward to your further guidance, thank you again



#5 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:01:17 AM

Posted 14 October 2015 - 05:06 PM

i didnt read all that first post but you did mention static routes set on the switch, why cant you reset switch to default because i cannot see a reason to set static routes when its only one server a few pc's and a printer. No need for VLAN's either.

First thing i would do is make sure that static routes are not set on the PC's by using the command below.

route print

The server should be on the same subnet as the pc's are and issue the correct DNS and DHCP settings, make sure the DHCP IP addressing is set correctly so the pc's can the server for DNS.

test dns? ping 8.8.8.8 froma  pc, if that works they can access internet, now check witha  name ping google.com, if that fails its DNS.



#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 14 October 2015 - 05:14 PM

You can't set routes on a layer 2 switch.  It certainly isn't a layer 3 switch given the setup.



#7 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 14 October 2015 - 07:11 PM

i didnt read all that first post but you did mention static routes set on the switch, why cant you reset switch to default because i cannot see a reason to set static routes when its only one server a few pc's and a printer. No need for VLAN's either.

First thing i would do is make sure that static routes are not set on the PC's by using the command below.

route print

The server should be on the same subnet as the pc's are and issue the correct DNS and DHCP settings, make sure the DHCP IP addressing is set correctly so the pc's can the server for DNS.

test dns? ping 8.8.8.8 froma  pc, if that works they can access internet, now check witha  name ping google.com, if that fails its DNS.

But when I set DHCP on the LAN(Switch) IP Properties, the LAN would show the yellow exclamation mark sign that I think it means it's not working, but when filling back out all the IP, gateway and DNS manuallly on the LAN IP properties, the LAN wont show the yellow sign anymore. Or maybe I should set a DHCP IP range on RRAS for the switch with VPN & NAT configuration?

 

The switch is physically huge and there are like 30+ clients connected to it. Will give an update as soon as I'm back at office though, thanks!



#8 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 October 2015 - 02:45 AM

Okay now after I used a different subnet on the lan switch and reconfigured the DHCP, the client pcs are now able to access the server. 

The LAN switch couldn't be set to DHCP on the LAN Properties though, when it's set to DHCP, the LAN Switch would generate a strange IP and a subnet mask so I'm guessing that this is a Layer 3 Switch, am I right?

However when I manually set all the IPs and DNS  back on LAN Properties, the LAN went back online and the clients are connected to the server. I still had the DHCP IP range on the server synchronized with the Static IP on the LAN NIC though. I've also made sure that all the client PCs uses the DNS from the new ISP. Still, the clients can only access the server but cannot access the internet through the server, I've chosen NAT & VPN on RRAS and set the DHCP, what else might be the problem?

 

ipconfig/all on server:

https://social.technet.microsoft.com/Forums/getfile/733721

 

route print on server:

https://social.technet.microsoft.com/Forums/getfile/733722

 

 

ipconfig/all on a client pc:

https://social.technet.microsoft.com/Forums/getfile/733725



#9 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 15 October 2015 - 11:36 AM

"I've also made sure that all the client PCs uses the DNS from the new ISP"

 

That was a mistake.  You point to the server for dns which in turn dns is configured via the forwarder to point to the ISP.

 

Appears your modem is also a router since it is giving out private ip address.

 

The workstations dhcp settings are wrong.  It shows .1 for gateway when is should be .103

.1 is a nonexistent gateway.

 

Looks like JohnnyJammer was right concerning a layer 3 switch.  Makes even less sense to be routing through the server if you have both a router and a layer 3 switch unless you are running some kind of proxy/firewall software on the server.



#10 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 15 October 2015 - 01:24 PM

I've finally got everything fully connected to each other with LAN internet access through the server but I had to configure static IP address, Subnet mask, IP Default Gateway(.103) and DNS(ISP) on nearly every client, I didn't and still don't know how/where to set DHCP for the workstations, on the server DHCP service, I set IP range 192.168.1.100 - 192.168.1.200 and I had to put static address on the Layer 3 Switch's NIC to get it to work, I chose .103 for no reasons but random guess and set .100 as the IP default gateway as I thought it should mirror the first IP in the server's DHCP pool IP range. I don't know where .1 IP default gateway came from.

 

As for DNS, is it better to use the server's IP address as the DNS on client workstations? if so, which IP address would be the alternate DNS?

I didn't know if the ISP modem is really a router, when I asked the ISP guy if the modem is also a router, the ISP guy said nope, it's just a wireless modem /:

 

I also wonder what the following devices might be

 

NQpxbUc.jpg



#11 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 15 October 2015 - 05:39 PM

Kinda of sad when the technicians don't know the difference between a router and modem.  Fact its wireless and giving out private ip addresses means its a router.

 

Those are Cisco devices but without knowing the model number/id I can't tell what they are.

 

At this point you really should bring in someone with server experience.  You are making a series of configuration mistakes and you are digging yourself deeper in a hole.

 

The server lan nic should have no gateway entry. 

You configure the servers dhcp server by running the dhcp server application

http://www.windowsnetworking.com/articles-tutorials/windows-2003/DHCP_Server_Windows_2003.html

 

Normally when running Active Directory the server is also the dns server for the network which in this case would be .103 as you assigned to the servers lan facing nic.  This way the workstations are able to resolve other workstations and the server.  For internet name resolution you have to configure the conditional forwarder by placing the isps dns server in the list

http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html

 

Your dhcp scope is from 100 to 200 yet you have the server lan nic at 103 which if assigned will end the lan traffic to the server because of a ip conflict.

I again suggest you bring in someone with server experience.

 

BTW with a isp change the only setting you needed to change was the ip address of the internet facing server nic.  No lan changes needed to take place.  Ideally you would have changed the dns forwarder to the new isps dns server ip address but name resolution and forwarding would have still kept working using the old one.


Edited by Wand3r3r, 15 October 2015 - 05:57 PM.


#12 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 16 October 2015 - 12:31 AM

I'm wondering though, what kind of problem am I going to run into with the current working network configurations? I'm guessing it's the DHCP IP lease expiration but what if I set it to unlimited? is setting static IP and DNS configurations on each client PC's NIC not keeping the IP from expiring? I would like to know the answers very much, please help me, this could be my exit ticket from unemployment :(
 
Let's at least boil the problems down a little bit once more for me to do it myself before pressing the call pro server guy button.
 
So the points here are what I got from reading your analysis:
 
1. I need to edit a couple of things on DHCP server application on the server and assign 192.168.1.100 as the scope default gateway and 192.168.1.100 as the scope DNS instead of assigning .103 or the ISP's DNS (although there's no explaining as to how to edit them on the tutorial website that you gave me the link to if I read correctly, so maybe I have to create a replacement scope?.)
 
2. I need to add the ISP's DNS in the DNS forwarder list on DNS manager application on the server(feels like I already did that but I'll double check). Make a conditional forwarder with the ISP's DNS, if needs be.
 
3. I need to assign 192.168.1.100 as the static IP on the LAN facing NIC(layer 3 switch) with the subnet mask of 255.255.255.0, leave the IP default gateway box empty and assign 192.168.1.100 as the DNS server IP
 
4. Set all the client workstation's NIC to DHCP.
 
5. Ping test the network
 
I would appreciate additional points that I should do, should there be anything I missed
 
Thank you very much sir Wand3r3r, I don't know what I'd be had you not come to my thread and walked me through, it means a lot!

Edited by eltrom, 16 October 2015 - 01:35 AM.


#13 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 October 2015 - 10:00 AM

You have three configurations: static ip, dhcp ip or using both.  Most setups use both with the understanding the scope doesn't include the static assigned ips.  You create a document called a ip plan that details what is used where.

 

Lease time is usually set to 24hrs. 

 

Q1: delete existing scope.  Create a new one that goes from 150-200.  This way you don't have a conflict with 103.

Q2: "if needs be"  No this is a requirement not an option

Q3: sure you can do that

Q4: correct

Q5: sure.  Just make sure the local firewalls allow response to icmp [ping]

 

You need to make sure the layer 3 switches dhcp server is disabled.

 

You have the model numbers of those cisco's?

 

Example ip plan

 

.1-10 router and servers

.11-19 reserved

.20-40 network printers

.41-99 reserved

.100-200 dhcp scope

.201-254 reserved

 

You leave reserved areas so you can expand if need be.


Edited by Wand3r3r, 16 October 2015 - 10:05 AM.


#14 eltrom

eltrom
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 18 October 2015 - 09:49 PM

Those 2 cisco devices turn out to be ISP modems, so this workplace has like 3 ISP modems of which one is for the fastest internet connection through the server and the other two are dedicated for wireless connections.

 

I'm wondering why there's a client PC that's when the DNS is changed on its LAN NIC properties, even on advanced properties, the DNS address would revert to the old DNS address somehow. Could it probably means there's some custom-programmed registry somewhere that memorizes the old DNS address?

 

Thank you for your confirmation on my points, I'll let you know the progress after I'm back at work.



#15 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 19 October 2015 - 11:46 AM

"the DNS address would revert to the old DNS address somehow"

 

this is normal for a dhcp client






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users