3 NIC IP routing issue & local dhp client issue

Discussion in 'Windows Networking' started by Grimmo', May 3, 2005.

  1. Grimmo'

    Grimmo' Guest

    hi! i'm stuck with a routing issue that really causes me a severe headache.
    hope you can help me out here:

    I have set up a new domain for my fellow developers that's supposed to
    relieve us from sbs with its non-AD-replication policies (that has been
    really annoying).

    As our PDC, I have set up a ProLiant ML370 G4 connected to a ProCurve
    switched network. We route to the internet via an shdsl modem with a static
    WAN IP. The server runs Win2k3 srv std ed, with sp1 installed. Besides the
    role as a PDC, it also runs exchange 2k3 sp1, dns, wins and dhcp. I
    configured routing and remote access with dial-up and vpn as well, but
    decided to postspone it until i had resolved my routing and dhcp issues.

    The plot:

    the server itself routes fine to the internet, but I am only able to ping
    the dsl-router (195.1.30.230) and the server NIC connected to it
    (195.1.30.229 on subnet 255.255.255.252) (WAN GW) from outside our domain.

    Exchange has a dedicated interface on a separate NIC with the ip
    81.0.176.164 on subnet 255.255.255.248, which is pingable from inside our
    domain, but not from the outside.

    In addition to this, my dhcp clients won't recieve dhcp. I found a temp
    solution earlier by disabling RRAS and enabling ICS, but after altering my
    routing table and bindings order for my NIC's (LAN on top), it won't work at
    all.

    In the ml 370, there are 4 NIC's (one is dedicated to ILO, which in this
    case is not relevant to my post here).

    Nonetheless, here are my current config, maybe some of you can tell me where
    I have gone wrong:

    \\.. ROUTE 03052005 20:50 - pms-prod-pdc-01


    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 11 85 bc 06 f9 ...... HP NC7781 Gigabit

    Server Adapter
    0x10004 ...00 04 75 d1 b2 ae ...... 3Com EtherLink XL 10/100 PCI For
    Complete PC Management NIC

    (3C905C-TX) #2
    0x10005 ...00 04 75 f4 ae 4e ...... 3Com EtherLink XL 10/100 PCI For
    Complete PC Management NIC

    (3C905C-TX)
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 195.1.30.230 195.1.30.229 20
    81.0.176.160 255.255.255.248 81.0.176.164 81.0.176.164 20
    81.0.176.164 255.255.255.255 127.0.0.1 127.0.0.1 20
    81.255.255.255 255.255.255.255 81.0.176.164 81.0.176.164 20
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.2 10
    192.168.16.2 255.255.255.255 127.0.0.1 127.0.0.1 10
    192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 10
    195.1.30.228 255.255.255.252 195.1.30.229 195.1.30.229 20
    195.1.30.229 255.255.255.255 127.0.0.1 127.0.0.1 20
    195.1.30.255 255.255.255.255 195.1.30.229 195.1.30.229 20
    224.0.0.0 240.0.0.0 81.0.176.164 81.0.176.164 20
    224.0.0.0 240.0.0.0 192.168.16.2 192.168.16.2 10
    224.0.0.0 240.0.0.0 195.1.30.229 195.1.30.229 20
    255.255.255.255 255.255.255.255 81.0.176.164 81.0.176.164 1
    255.255.255.255 255.255.255.255 192.168.16.2 192.168.16.2 1
    255.255.255.255 255.255.255.255 195.1.30.229 195.1.30.229 1
    Default Gateway: 195.1.30.230
    ===========================================================================
    Persistent Routes:
    None




    \\.. NETDIAG 03052005 20:50 - pms-prod-pdc-01


    Computer Name: PMS-PROD-PDC-01
    DNS Host Name: pms-prod-pdc-01.PMS.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
    List of installed hotfixes :
    Q147222


    Netcard queries test . . . . . . . : Passed



    Per interface results:

    Adapter : LAN 192.168.16.2

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : pms-prod-pdc-01.pms.local
    IP Address . . . . . . . . : 192.168.16.2
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . :
    Primary WINS Server. . . . : 192.168.16.2
    Dns Servers. . . . . . . . : 192.168.16.2


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03>
    'Messenger Service', <20> 'WINS' names is

    missing.

    WINS service test. . . . . : Passed

    Adapter : WAN Interface

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : pms-prod-pdc-01.mail.mp3pro.no
    IP Address . . . . . . . . : 81.0.176.164
    Subnet Mask. . . . . . . . : 255.255.255.248
    Default Gateway. . . . . . :
    Primary WINS Server. . . . : 81.0.176.164
    Dns Servers. . . . . . . . :

    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Skipped
    [WARNING] No gateways defined for this adapter.

    NetBT name test. . . . . . : Passed
    No names have been found.

    WINS service test. . . . . : Passed

    Adapter : WAN Gateway

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : pms-prod-pdc-01
    IP Address . . . . . . . . : 195.1.30.229
    Subnet Mask. . . . . . . . : 255.255.255.252
    Default Gateway. . . . . . : 195.1.30.230
    NetBIOS over Tcpip . . . . : Disabled
    Dns Servers. . . . . . . . :

    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Skipped
    NetBT is disabled on this interface. [Test skipped]

    WINS service test. . . . . : Skipped
    NetBT is disable on this interface. [Test skipped].


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{6FB40E7C-F5EC-43A4-A12F-64AAB633B4C3}
    1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation
    Service', <03> 'Messenger Service', <20>

    'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
    [WARNING] Cannot find a primary authoritative DNS server for the
    name
    'pms-prod-pdc-01.PMS.local.'. [ERROR_TIMEOUT]
    The name 'pms-prod-pdc-01.PMS.local.' may not be registered in
    DNS.
    [WARNING] Cannot find a primary authoritative DNS server for the
    name
    'pms-prod-pdc-01.mail.mp3pro.no.'. [ERROR_TIMEOUT]
    The name 'pms-prod-pdc-01.mail.mp3pro.no.' may not be registered
    in DNS.
    PASS - All the DNS entries for DC are registered on DNS server
    '192.168.16.2' and other DCs also have some of

    the names registered.


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{6FB40E7C-F5EC-43A4-A12F-64AAB633B4C3}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{6FB40E7C-F5EC-43A4-A12F-64AAB633B4C3}
    The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Passed


    DC list test . . . . . . . . . . . : Passed


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Passed


    LDAP test. . . . . . . . . . . . . : Passed


    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
    No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


    The command completed successfully


    \\.. DCDIAG 03052005 20:50 - pms-prod-pdc-01


    Domain Controller Diagnosis

    Performing initial setup:
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site\PMS-PROD-PDC-01
    Starting test: Connectivity
    ......................... PMS-PROD-PDC-01 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site\PMS-PROD-PDC-01
    Starting test: Replications
    ......................... PMS-PROD-PDC-01 passed test Replications
    Starting test: NCSecDesc
    ......................... PMS-PROD-PDC-01 passed test NCSecDesc
    Starting test: NetLogons
    ......................... PMS-PROD-PDC-01 passed test NetLogons
    Starting test: Advertising
    ......................... PMS-PROD-PDC-01 passed test Advertising
    Starting test: KnowsOfRoleHolders
    ......................... PMS-PROD-PDC-01 passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    ......................... PMS-PROD-PDC-01 passed test RidManager
    Starting test: MachineAccount
    ......................... PMS-PROD-PDC-01 passed test MachineAccount
    Starting test: Services
    ......................... PMS-PROD-PDC-01 passed test Services
    Starting test: ObjectsReplicated
    ......................... PMS-PROD-PDC-01 passed test
    ObjectsReplicated
    Starting test: frssysvol
    ......................... PMS-PROD-PDC-01 passed test frssysvol
    Starting test: frsevent
    ......................... PMS-PROD-PDC-01 passed test frsevent
    Starting test: kccevent
    ......................... PMS-PROD-PDC-01 passed test kccevent
    Starting test: systemlog
    ......................... PMS-PROD-PDC-01 passed test systemlog
    Starting test: VerifyReferences
    ......................... PMS-PROD-PDC-01 passed test
    VerifyReferences

    Running partition tests on : TAPI3Directory
    Starting test: CrossRefValidation
    ......................... TAPI3Directory passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... TAPI3Directory passed test CheckSDRefDom

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : PMS
    Starting test: CrossRefValidation
    ......................... PMS passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... PMS passed test CheckSDRefDom

    Running enterprise tests on : PMS.local
    Starting test: Intersite
    ......................... PMS.local passed test Intersite
    Starting test: FsmoCheck
    ......................... PMS.local passed test FsmoCheck


    hope you guys and girls can help me out here!


    Sincerely,

    Torgrim Nyerrød, Norway (please use alt. e-mail for replies:
    mailto:)

    -- ...::::--- no source, no pay ---::::...
     
    Grimmo', May 3, 2005
    #1
    1. Advertisements

  2. Do you have a topology map that is accuarte? "Domains" are
    irrelevant,...they have nothing to do with network connectivity,...domains
    are a Windows Administration entity only.

    You are simply dealing with Layer3 routing among several subnets that are
    all "directly connected" to the Server which is acting as its own
    router,...can you re-describe the problem with that in mind?
    DHCP will not work across subnets,...it is broadcast based. For it to work
    accross subnets with RRAS you must add/configure the DHCP Agent in RRAS.
    That was not a temporary solution, you only created a situation that created
    a "deception" that made things appear to be working in a certain way when
    they were not. There is no way that ICS should ever be used in this
    situation, at all, ever.
     
    Phillip Windell, May 3, 2005
    #2
    1. Advertisements

  3. Grimmo'

    Grimmo' Guest

    --
    ....::::--- no source, no pay ---::::...


     
    Grimmo', May 3, 2005
    #3
  4. Grimmo'

    Grimmo' Guest

    sorry, forgot some basic info:

    the dhcp relay agent is configured on both lan and wan interface (not the
    gateway nic). you are talking aboud broadcasting for the dhcp relay agent, do
    you mean that i should add a brodcast ip to the wan interface adapter? I have
    a reserved broadcast ip (81.0.176.167) that i could add, and a gw ip
    (81.0.176.166), both on subnet 255.255.255.248. I don't think that will make
    any difference to my problem, my main concern is to make the servers routing
    work for my dhcp clients.

    should I change the order of the adapter- an client bindings?

    the bindings for providers are:

    Windows Networks
    Terminal Services
    Web Client

    Adapter order is:

    LAN 192.168.16.2
    Wan 81.0.176.164
    Wan 195.1.30.229 (dgw 195.1.30.230)
    RAS Connections

    File/printer sharing and Client for MS Networks are only enabled on the lan
    adapter.


    hope this provides you with a little more help :)

    ....::::--- no source, no pay ---::::...
     
    Grimmo', May 4, 2005
    #4
  5. Grimmo'

    Bill Grant Guest

    Like Phillip I am not at all sure what you are trying to do here. But
    here is a bit of advice. It is too complex. Running multiple NICs in a DC is
    a bad idea. Using a DC as a router is a bad idea. Using a DC for remote
    access is a bad idea. It can be done (else SBS wouldn't exist) but it can be
    a real pain. You will find it all much simpler if you use a separate machine
    for routing and remote access.

    Why are you trying to run DHCP relay? Aren't all your DHCP clients on
    the local LAN? Remember that the DHCP service must be authorised in AD
    before it will work.
     
    Bill Grant, May 4, 2005
    #5
  6. Grimmo'

    Grimmo' Guest

    hello, bill!!

    apprreciate your advice, and concurr with your and Philip's toughts. I'd
    really like to understand, and implement your configl if I only knew that
    you understand the issues taht I am targeting.... that really shouldn't be
    that complicated. But, afterall, it obvioously seems it is...

    I see that it isn't such a good idea to use my pdc as an rras/vpn/gateway
    server, but for my company it is indeed a cost issue. I have a HP pl 140 that
    is supposed to act as our webserver outside our local domain (NO other
    roles), and a custom built sql server running MBS Navision (NOT to be visible
    to the internet).

    I need to have a server that routes our dhcp clients to the internet, also
    being able to connect to their exchange mailboxes (assuring that they can
    send/ recieve email), resolving DNS names and lookup wins names.

    due to the routing table, and the netdiag/dcdiag tables provided for you
    (top of this post), the tasks should be obvious, but the resolution might be
    much less obvious.

    I have been workingg really late night shifts trying to solve this problem,
    but haven't gotten there yet...




    ....::::--- no source, no pay ---::::...
     
    Grimmo', May 4, 2005
    #6
  7. Grimmo'

    Bill Grant Guest

    OK. Let's look at just the routing question. The LAN you have set up is
    using private IP addresses. These cannot be seen from the Internet, and they
    cannot access the Internet without address translation. ICS is not suitable
    for use with Active Directory, so you need to use RRAS/NAT on your routing
    server. This will give your private LAN access to the Internet (but it will
    not give machines on the "public" side of the NAT router access to the
    private LAN).

    The default config for NAT is not suitable for an AD domain setup. You
    need to use the local DNS server for AD, and you want to use your local DHCP
    server. So you do not give NAT a pool of addresses to use for its DHCP-style
    allocator, and you do not enable the name resolution option in NAT (which is
    just a DNS proxy).

    You modify your local DNS server so that it forwards requests which it
    cannot resolve itself to a public DNS service (such as your ISP). You
    configure your DHCP scope so that it allocates your local server IP
    (192.168.16.2) as the default gateway and the DNS server for the LAN
    clients. You authorise the DHCP server in AD so that it will operate.

    Your LAN setup should now look like this.

    Internet
    |
    router
    195.1.30.230
    |
    195.1.30.229 dg 195.1.30.230
    RRAS/NAT
    192.168.16.2 dg blank
    |
    LAN clients
    192.168.16.x dg 192.158.16.2

    The LAN clients can access the Internet because of NAT on the server.
    This allows them to share the server's public Internet connection. They can
    resolve URLs because the local DNS server forwards requests to a public DNS
    server.
     
    Bill Grant, May 4, 2005
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.