Why does SBS want to be a router?

I've installed 2003 Server before, but now is my first shot at SBS. I got a
surprise when I saw that it prefers to connect with 2 NICs and act as a
router. Why does it have to be different in that respect? What's wrong
with using a firewall appliance that is probably more secure and much easier
to manage?

Is it capable of being configured the old-fashioned way? My other Windows
2003 servers are configured to look at themselves for DNS first, but when I
try to set up SBS for an external router it asks for a DNS address, and
won't accept the address of its own LAN NIC.


--

Reply in group, but if emailing add
2 more zeros and remove the obvious.

In news:sfiDe.7717$_(E-Mail Removed),
Tom Del Rosso <(E-Mail Removed)> typed:
> I've installed 2003 Server before, but now is my first shot at SBS.
> I got a surprise when I saw that it prefers to connect with 2 NICs
> and act as a router.

It doesn't prefer it - it just allows it. A lot of SBS folks feel it's
better to use two NICs, but unless you're running Premium, with ISA, you
don't need them, and I never use them. I don't like multihomed DCs.
Personally, I don't see the point of two NICs on separate private IP subnets
and a router - seems like it just makes troubleshooting more of a pain. This
is an oft-argued topic, for what it's worth.

> Why does it have to be different in that
> respect? What's wrong with using a firewall appliance that is
> probably more secure and much easier to manage?

Nothing - although some people like belt & suspenders. Even if I wanted to
use ISA, I'd still want it behind another firewall.
>
> Is it capable of being configured the old-fashioned way?

Yep.

> My other
> Windows 2003 servers are configured to look at themselves for DNS
> first, but when I try to set up SBS for an external router it asks
> for a DNS address, and won't accept the address of its own LAN NIC.

If you're new to SBS, note that you absolutely positively have to follow the
dreaded wizards or you will most assuredly break things. You can absolutely
positively set it up witn one NIC on a private IP range, have your
router/firewall do NAT, and be happy. Just don't configure things the
"regular" way. Use the "to do list" links.

See
http://www.msexchange.org/tutorials/...g-SBS2003.html
for some help - and note that microsoft.public.windows.server.sbs is the
best place for SBS2003 questions. Just be prepared for a lot of arm-twisting
to use two NICs.

"Lanwench [MVP - Exchange]"
<(E-Mail Removed) ahoo.com> wrote in message
news:%23$DGd$(E-Mail Removed)...
>
> It doesn't prefer it - it just allows it. A lot of SBS folks feel it's
> better to use two NICs, but unless you're running Premium, with ISA, you
> don't need them, and I never use them. I don't like multihomed DCs.
> Personally, I don't see the point of two NICs on separate private IP
subnets
> and a router - seems like it just makes troubleshooting more of a pain.
This
> is an oft-argued topic, for what it's worth.

Thank you. I thought I was crazy or completely missing the point of
something. It's just that the wizard seemed to be forcing me to use 2 NICs.


> If you're new to SBS, note that you absolutely positively have to follow
the
> dreaded wizards or you will most assuredly break things. You can
absolutely
> positively set it up witn one NIC on a private IP range, have your
> router/firewall do NAT, and be happy. Just don't configure things the
> "regular" way. Use the "to do list" links.

I see. I was too quick to dismiss the to do list. It looks like a
dumbed-down version of the old wizard.


> See
>
http://www.msexchange.org/tutorials/...g-SBS2003.html
> for some help - and note that microsoft.public.windows.server.sbs is the
> best place for SBS2003 questions. Just be prepared for a lot of
arm-twisting
> to use two NICs.

Thank you very much. I'm about to take another look at it.


--

Reply in group, but if emailing add
2 more zeros and remove the obvious.

In news:W3wDe.21$(E-Mail Removed),
Tom Del Rosso <(E-Mail Removed)> typed:
> "Lanwench [MVP - Exchange]"
> <(E-Mail Removed) ahoo.com> wrote in
> message news:%23$DGd$(E-Mail Removed)...
>>
>> It doesn't prefer it - it just allows it. A lot of SBS folks feel
>> it's better to use two NICs, but unless you're running Premium, with
>> ISA, you don't need them, and I never use them. I don't like
>> multihomed DCs. Personally, I don't see the point of two NICs on
>> separate private IP subnets and a router - seems like it just makes
>> troubleshooting more of a pain. This is an oft-argued topic, for
>> what it's worth.
>
> Thank you. I thought I was crazy or completely missing the point of
> something. It's just that the wizard seemed to be forcing me to use
> 2 NICs.

No - read more closely.
>
>
>> If you're new to SBS, note that you absolutely positively have to
>> follow the dreaded wizards or you will most assuredly break things.
>> You can absolutely positively set it up witn one NIC on a private IP
>> range, have your router/firewall do NAT, and be happy. Just don't
>> configure things the "regular" way. Use the "to do list" links.
>
> I see. I was too quick to dismiss the to do list. It looks like a
> dumbed-down version of the old wizard.

What old wizard? I admit I never used any previous SBS version....
>
>
>> See
>>
> http://www.msexchange.org/tutorials/...g-SBS2003.html
>> for some help - and note that microsoft.public.windows.server.sbs is
>> the best place for SBS2003 questions. Just be prepared for a lot of
>> arm-twisting to use two NICs.
>
> Thank you very much. I'm about to take another look at it.

Best o' luck!

"Lanwench [MVP - Exchange]"
<(E-Mail Removed) ahoo.com> wrote in message
news:(E-Mail Removed)...
>
> > Thank you. I thought I was crazy or completely missing the point of
> > something. It's just that the wizard seemed to be forcing me to use
> > 2 NICs.
>
> No - read more closely.

Well, it definitely told me the DNS address can't be the same NIC. Could
that have something to do with Dell's pre-install choices? They had
installed DNS already. (I intended to start from scratch anyway, but I
thought it would be a good idea to try configuring the pre-installed system
so I could feel free to mess it up.)


> > I see. I was too quick to dismiss the to do list. It looks like a
> > dumbed-down version of the old wizard.
>
> What old wizard? I admit I never used any previous SBS version....

I meant the Server 2003 wizard.


> Best o' luck!

Thanks.


--

Reply in group, but if emailing add
2 more zeros and remove the obvious.

"Tom Del Rosso" <(E-Mail Removed)> wrote in message
news:vKPDe.2381$(E-Mail Removed)...
> Well, it definitely told me the DNS address can't be the same NIC.

I just installed a SBS2003 last night, with one Nic,...it never said
anything like that.

> Could that have something to do with Dell's pre-install choices?

I don't think the hardware vendor would have anything to do with how the OS
installed.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

In news:vKPDe.2381$(E-Mail Removed),
Tom Del Rosso <(E-Mail Removed)> typed:
> "Lanwench [MVP - Exchange]"
> <(E-Mail Removed) ahoo.com> wrote in
> message news:(E-Mail Removed)...
>>
>>> Thank you. I thought I was crazy or completely missing the point of
>>> something. It's just that the wizard seemed to be forcing me to use
>>> 2 NICs.
>>
>> No - read more closely.
>
> Well, it definitely told me the DNS address can't be the same NIC.

I'm not sure what you chose during the wizard setup thingy....do you *have*
two NICs? Disable one.

> Could that have something to do with Dell's pre-install choices?

Possibly, but I always install my own servers - I don't trust easily.


> They had installed DNS already. (I intended to start from scratch
> anyway, but I thought it would be a good idea to try configuring the
> pre-installed system so I could feel free to mess it up.)
>

You will get a better feel for this if you install the whole thing yourself
a coupla times and see what you can break!
>
>>> I see. I was too quick to dismiss the to do list. It looks like a
>>> dumbed-down version of the old wizard.
>>
>> What old wizard? I admit I never used any previous SBS version....
>
> I meant the Server 2003 wizard.

Ah - well, that's pretty limited, compared to what the SBS wizards do. And
I'm not always a fan of the latter - I just know I have to use them.
>
>
>> Best o' luck!
>
> Thanks.
>

I did some testing last night. I only get the message you indicated if the
SBS already has two interfaces with the DNS IP# already on one of the
Interaces and you are running the Internet Connection Wizard. If you only
have one Nic then why bother running the Internet Connection Wizard at
all?,...it isn't the "internet device", the other Firewall is,...so just
don't bother with the wizard.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------



"Phillip Windell" <@.> wrote in message
news:%(E-Mail Removed)...
> "Tom Del Rosso" <(E-Mail Removed)> wrote in message
> news:vKPDe.2381$(E-Mail Removed)...
> > Well, it definitely told me the DNS address can't be the same NIC.
>
> I just installed a SBS2003 last night, with one Nic,...it never said
> anything like that.
>
> > Could that have something to do with Dell's pre-install choices?
>
> I don't think the hardware vendor would have anything to do with how the
OS
> installed.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
>I did some testing last night. I only get the message you indicated if the
> SBS already has two interfaces with the DNS IP# already on one of the
> Interaces and you are running the Internet Connection Wizard. If you only
> have one Nic then why bother running the Internet Connection Wizard at
> all?,...it isn't the "internet device", the other Firewall is,...so just
> don't bother with the wizard.

Yes, you'd *think* so - but honestly, in SBS Land, you are always better
choking back your pride and running the wizards. I know this from firsthand
experience botching up SBS installs because I know perfectly well how to set
up non SBS boxen. I got over this.

SBS really is its own beast, and the wizards are not exhaustively
documented - use the wizards. I use them all for setup - the only wizard I
never use after the fact is the 'create user' wizard as it doesn't work as
advertised - I use ADUC & copy existing users or templates I want.
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>
> "Phillip Windell" <@.> wrote in message
> news:%(E-Mail Removed)...
>> "Tom Del Rosso" <(E-Mail Removed)> wrote in message
>> news:vKPDe.2381$(E-Mail Removed)...
>> > Well, it definitely told me the DNS address can't be the same NIC.
>>
>> I just installed a SBS2003 last night, with one Nic,...it never said
>> anything like that.
>>
>> > Could that have something to do with Dell's pre-install choices?
>>
>> I don't think the hardware vendor would have anything to do with how the
> OS
>> installed.
>>
>> --
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>> -----------------------------------------------------
>> Understanding the ISA 2004 Access Rule Processing
>> http://www.isaserver.org/articles/IS...cessRules.html
>>
>> Microsoft Internet Security & Acceleration Server: Guidance
>> http://www.microsoft.com/isaserver/t...dance/2004.asp
>> http://www.microsoft.com/isaserver/t...dance/2000.asp
>>
>> Microsoft Internet Security & Acceleration Server: Partners
>> http://www.microsoft.com/isaserver/partners/default.asp
>> -----------------------------------------------------
>>
>>
>>
>
>

Not only do you need to choke your pride and use the wizards, it is a must
if you want an SBS box to operate correctly. Configure it using the wizards
and it will run flawlessly for years. Skip the wizards and you will be
troubleshooting late into the night.



On 7/23/05 9:39 AM, in article ur$(E-Mail Removed),
"Lanwench [MVP - Exchange]"
<(E-Mail Removed) ahoo.com> wrote:

>
> "Phillip Windell" <@.> wrote in message
> news:(E-Mail Removed)...
>> I did some testing last night. I only get the message you indicated if the
>> SBS already has two interfaces with the DNS IP# already on one of the
>> Interaces and you are running the Internet Connection Wizard. If you only
>> have one Nic then why bother running the Internet Connection Wizard at
>> all?,...it isn't the "internet device", the other Firewall is,...so just
>> don't bother with the wizard.
>
> Yes, you'd *think* so - but honestly, in SBS Land, you are always better
> choking back your pride and running the wizards. I know this from firsthand
> experience botching up SBS installs because I know perfectly well how to set
> up non SBS boxen. I got over this.
>
> SBS really is its own beast, and the wizards are not exhaustively
> documented - use the wizards. I use them all for setup - the only wizard I
> never use after the fact is the 'create user' wizard as it doesn't work as
> advertised - I use ADUC & copy existing users or templates I want.
>>
>> --
>> Phillip Windell [MCP, MVP, CCNA]
>> www.wandtv.com
>> -----------------------------------------------------
>> Understanding the ISA 2004 Access Rule Processing
>> http://www.isaserver.org/articles/IS...cessRules.html
>>
>> Microsoft Internet Security & Acceleration Server: Guidance
>> http://www.microsoft.com/isaserver/t...dance/2004.asp
>> http://www.microsoft.com/isaserver/t...dance/2000.asp
>>
>> Microsoft Internet Security & Acceleration Server: Partners
>> http://www.microsoft.com/isaserver/partners/default.asp
>> -----------------------------------------------------
>>
>>
>>
>> "Phillip Windell" <@.> wrote in message
>> news:%(E-Mail Removed)...
>>> "Tom Del Rosso" <(E-Mail Removed)> wrote in message
>>> news:vKPDe.2381$(E-Mail Removed)...
>>>> Well, it definitely told me the DNS address can't be the same NIC.
>>>
>>> I just installed a SBS2003 last night, with one Nic,...it never said
>>> anything like that.
>>>
>>>> Could that have something to do with Dell's pre-install choices?
>>>
>>> I don't think the hardware vendor would have anything to do with how the
>> OS
>>> installed.
>>>
>>> --
>>> Phillip Windell [MCP, MVP, CCNA]
>>> www.wandtv.com
>>> -----------------------------------------------------
>>> Understanding the ISA 2004 Access Rule Processing
>>> http://www.isaserver.org/articles/IS...cessRules.html
>>>
>>> Microsoft Internet Security & Acceleration Server: Guidance
>>> http://www.microsoft.com/isaserver/t...dance/2004.asp
>>> http://www.microsoft.com/isaserver/t...dance/2000.asp
>>>
>>> Microsoft Internet Security & Acceleration Server: Partners
>>> http://www.microsoft.com/isaserver/partners/default.asp
>>> -----------------------------------------------------
>>>
>>>
>>>
>>
>>
>
>