Networking Issue

This issue has been bugging me for some time now, so I figured I'd ask for
thoughts or ideas. As you will read, I am fairly knowledgeable in most of
the areas, so if you ask me to check or change a setting then I should have
very few problems doing so.

Let me start out by giving you a little of my backgound. I'm a network
administrator, I don't have any MS Certs yet, but I'm working on them, I've
got my CCNA, and I've been managing Windows NT 4.0 and Windows 2000 networks
for about 5 years now. I have setup numerous networks and I have never had
a problem such as this. I'm hoping it is just something I have overlooked.

In my home, I'm running a Windows 2003 AD network. I'm working on my MCDTS,
MCSA, and MCSE, so I have brand new Evaluation Version of all the OSes. In
my computers, I have multiple drives, so what I did was set up my Server as
a dual boot. Windows 2000 Server on drive C and Windows Server 2003 on drive
D. This worked great the first time, but when I reinstalled Windows Server
2003 (as a fresh install on the same drive, removed the active partitiom,
formatted, the whole bit) it seemed to have replaced the permissions on the
Windows 2000 Server. So, now I can't boot using 2000. That's not the
problem at hand, just a little background on how my computers are setup.

So, on this network is a fresh install of the Evaluation Version of Windows
Server 2003 and just one freshly installed Evaluation Version of Windows XP
(SP2) Pro client computer. They are both physically connected via a small 4
port 10/100 hub and brand new Cat6 cables. The problem that has been
bugging me is that I can't get my client computer to access the DHCP server
(at least that is what I have gathered from my findings).

Here is how I've fruitlessly attempted to remedy this situation:

1. On each computer I pinged localhost amd 127.0.0.1 - tests were good
2. I replaced both network cables
3. I replaced my older 24 port hub with a brand new 4 port hub.
Everything physical seems ok.
4. I've read articles on setting up DHCP and DNS via the Help and Support
Center and nicrosoft.com - all the settings seem to be ok
5. I've run all the ipconfig commands ( /flushdns, /registerdns,
/showclassid, etc.)
6. I've run tracert



On my server I have two network cards. I have named them "Internal" and
"External". Internal is for the LAN, and External IS connected to the
Internet. One thing that I have noticed is that when I reboot the client,
the Internal Connection on the server disconnects and reconnects. This
tells me that I have a physical connection between the two computers.

So, that means that the problem is in the software or settings. As I
mentioned before, both client and server are fresh installs. The server has
been setup as a domain controller and its FQDN is "Server01.contoso.com".

The server roles are: print server, Remote access / VPN Server, Domain
Controller (Active Directory), DNS Server, and DHCP Server.

IP Settings
External -- (I have this set to Obtain an IP Address automatically from my
Linksys Firewall Router), but I have the Preferred DNS Server pointing to
10.0.0.2

Internal -- Manually Configured
IP Address: 10.0.0.2
Subnet Mask: 255.0.0.0
Default Gateway: <empty>

Preferred DNS Server: 10.0.0.2

DHCP
Scope [10.0.0.0] Internal
Address Pool 10.0.0.2 - 10.255.255.254
Scope Options:
003 Router 10.0.0.2
005 Name Servers 10.0.0.2
006 DNS Servers 10.0.0.2
015 DNS Domain Name contoso.com

DNS
Forward Lookup Zones
-- _msdcs.contoso.com
-- contoso.com

Reverse Lookup Zones
-- 10.0.0.x Subnet

As it is now 2:15am (GMT -08:00) and I can barely keep my eyes open. I'll
post and hope someone has the nerve to respond to such a lengthy request.

If you've gotten this far, I would really like to thank you.

"Robert Williams" <(E-Mail Removed) om>
wrote in message news:(E-Mail Removed)...
> IP Settings
> External -- (I have this set to Obtain an IP Address automatically from my
> Linksys Firewall Router), but I have the Preferred DNS Server pointing to
> 10.0.0.2

Stop using DHCP from the NAT Device. This causes the external Nic to use
the NAT Device for DNS,...that is bad. The External Nic should either be a
blank DNS or use the same DNS as the Internal Nic.

With in your DNS Service Config add the NAT Device or the ISP's DNS to the
Forwarders List. I prefer to never use the NAT Device for anything other
than "bare" NAT, so use the ISP's specific DNS IP#.

Make sure the Internal Nic is at the top of the Binding Order.
Network Places-->Advanced from the top menu-->Advanced Settings from the
drop down menu. Set the order in the upper box using the side arrows.

Make sure the Windows Firewall is not runnig on anything anywhere. You can
enable it later after you know without a doubt that everything works
perfectly (so you know what to blame when things quit).

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Thanks for taking your time to read through my post. This is a big help.
Although 2000 and 2003 are similar, it seems there are still many
differences that I have to work though.

Anyways, here are my responses.

> Stop using DHCP from the NAT Device. This causes the external Nic to use
> the NAT Device for DNS,...that is bad. The External Nic should either be
> a
> blank DNS or use the same DNS as the Internal Nic.
>
Understood, I've reconfigured that. This is only the second network I've
setup using a Linksys Firewall Router that is also a DHCP Server. And now
that you mention it, I had to set up the External Link on the other network
to be static as well.

> With in your DNS Service Config add the NAT Device or the ISP's DNS to the
> Forwarders List. I prefer to never use the NAT Device for anything other
> than "bare" NAT, so use the ISP's specific DNS IP#.
>
I went into the DNSMGMT console and checked the settings. The ISPs IP
Address was already in the forwarders list, so I left that alone. BUT, I
now have another problem. Now, the query tests against the DNS server fail.
I haven't changed anything else, so I'm assuming it is either the IP
settings I just changed, or those settings caused something else to fail.
I'm researching that now but can't seem to find much. Looking through the
DNS Events log, there are no errors, but these Information Events keep
showing up.

The DNS server could not signal the service "NAT". The error was 1168. There
may be interoperability problems between the DNS service and this service.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

The Event ID is 113, which doesn't appear to be in the MS Search anywhere
yet. Here are my DNS settings incase they might help.
SERVER01 > Properties
--Interfaces
Only the following IP Addresses: 10.0.0.2 <that's my Internal
Connection>
--Forwarders
DNS domain: All other DNS domains
Selected domain's forwarder IP address list: ##.21.13.7 <I left the
first octet out for security purposes, but that is my ISPs DNS Address>
--Advanced <these are checked>
BIND secondaries
Enable round robin
Enable netmask ordering
Secure cache against pollution
--Root Hints
m.root-servers.net. [202.12.27.33]
l.root-servers.net. [198.32.64.12]
k.root-servers.net. [193.0.14.129]
j.root-servers.net. [192.58.128.30]
i.root-servers.net. [192.36.148.17]
h.root-servers.net. [128.63.2.53]
g.root-servers.net. [192.112.36.4]
f.root-servers.net. [192.5.5.241]
e.root-servers.net. [192.203.230.10]
d.root-servers.net. [128.8.10.90]
c.root-servers.net. [192.33.4.12]
b.root-servers.net. [128.9.0.107]
a.root-servers.net. [198.41.0.4]

Forward Lookup Zone properties for _msdcs.contoso.com
--General
Serial Number: 17
Type: Active Directory-Integrated
Replication: All DNS servers in the Active Directory forest
Dynamic Updates: Secure Only
--SOA
Primary Server: server01.contoso.com
Responsible person: hostmaster.
--Name Servers
server01.contoso.com. [10.0.0.2*]
--WINS <not using WINS>
--Zone Transfers <not allowing Zone Transfers>

Note: Those same settings were applied to the contoso.com FLZ
Except, Serial Number is 126

Reverse Lookup Zones for 10.0.0.x Subnet
--General
Serial Number: 2
Type: Active Directory-Integrated
Replication: All domain controllers in the Active Directory domain
Dynamic Updates: Secure only
--Name Servers
server01.contoso.com. [10.0.0.2*]
--WINS-R <not using WINS-R lookup>
--Zone Transfer <not allowing zone transfers>

> Make sure the Internal Nic is at the top of the Binding Order.
> Network Places-->Advanced from the top menu-->Advanced Settings from the
> drop down menu. Set the order in the upper box using the side arrows.
>
External was set at the top of this list, I have now set the Internal to be
at the top of the Binding Order.

> Make sure the Windows Firewall is not runnig on anything anywhere. You
> can
> enable it later after you know without a doubt that everything works
> perfectly (so you know what to blame when things quit).
>
I was able to disable the Windows Firewall on the XP client, but on the
Server I get this message "Windows Firewall cannot run because another
program or service is running that might use the network address translation
component (Ipnat.sys)". With that, I presume that the Windows Firewall is
not running, but does that mean that something else could be blocking the
port(s)?

While continuing on my quest to figure this out, I ran NetDiag and attached
the log file to this message. It appears that everything pertinent has
passed, there are two connections in the log I don't believe will be
relevant, but you might think otherwise, please let me know if I'm wrong.

I'm currently reading through the NetworkingOver.doc document found here:
http://download.microsoft.com/downlo...orkingOver.doc
to see of this will give me a little more insight.

"Robert Williams" <(E-Mail Removed) om>
wrote in message news:(E-Mail Removed)...
> Thanks for taking your time to read through my post. This is a big help.
> Although 2000 and 2003 are similar, it seems there are still many
> differences that I have to work though.

The principles I gave would be valid from Server2003 all the way back to NT
3.5.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------

Well, figured out the connection problem. When I setup the server, I
inadvertently started up the Routing and Remote Access Server without going
in to manage it. So, what I did was just shut down the RRAS for now until I
can learn more about it. Once that was down, I was able to join the client
computer to the domain.

Now, I have the client computer joined, and the client can talk to the
server, but, the client doesn't have i-net access through the server. The
client can ping the internal NIC on the server, and ping the external NIC on
the server, but it can't ping the router. So, I'm assuming it has something
to do with permissions somewhere. My firewall has been disabled to test the
connection, but that didn't help.

Anyways, I'm still plugging away.

"Robert Williams" <(E-Mail Removed) om> wrote in
message news:(E-Mail Removed)...
> Well, figured out the connection problem. When I setup the server, I
> inadvertently started up the Routing and Remote Access Server without going
> in to manage it. So, what I did was just shut down the RRAS for now until I
> can learn more about it. Once that was down, I was able to join the client
> computer to the domain.
>
> Now, I have the client computer joined, and the client can talk to the
> server, but, the client doesn't have i-net access through the server. The
> client can ping the internal NIC on the server, and ping the external NIC on
> the server, but it can't ping the router. So, I'm assuming it has something
> to do with permissions somewhere. My firewall has been disabled to test the
> connection, but that didn't help.
>
> Anyways, I'm still plugging away.
>
>
Well, I figured this one out too. Had to restart and reconfigure the RRAS.
Once it was up and running *everything* fell into place. The computers started
talking, I got i-net access, and everything worked. So I'm guessing it was just
a misconfiguration with the original RRAS setup.

Anyways, thanks for your assistance Phillip

--
RW

"Robert Williams" <(E-Mail Removed) om>
wrote in message news:(E-Mail Removed)...
> Well, I figured this one out too. Had to restart and reconfigure the
RRAS.
> Once it was up and running *everything* fell into place. The computers
started
> talking, I got i-net access, and everything worked. So I'm guessing it
was just
> a misconfiguration with the original RRAS setup.

Yep, that's right...

You still need to follow the things I said before. The priciples have not
changed.

Good luck with it.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------