dcomber
Guest
|
 Posted:
Fri Nov 11, 2005 9:50 am Post subject:
DNS/DHCP problem? (no Internet) |
|
|
Hello Everyone. Recently migrated from one SBS2000 box to 3 Windows
2003 Standard servers. Here is the scheme:
Server 1: AD/DC, Primary DNS, Exchange 2003, WINS, DHCP (Dell PowerEdge
2850)
Server 2: Secondary DNS, File/Print (IBM x235)
Server 3: Member Server, SQL (Dell PowerEdge 1425SC)
Firewall: Watchguard SOHO 6tc (Not running DHCP on this)
Migrated everything over (per msexchange.org article
http://www.msexchange.org/tutorials/Migrating-Exchange2000-Exchange-2003-Hardware.html,
no transition pack) and everything worked fine. However,soon realized
that one of the clients could connect internally (Exchange, shares,
etc), but could not connect to the Internet. Thought it was an isolated
client problem, until I did ipconfig /release /renew on another client.
Of course, same problem. DHCP was giving out IP's in the correct scope,
but could not get to the Internet. Reviewed DNS settings on primary and
secondary and everything seemed good. So I tried giving the client a
static IP (outside the DHCP scope) and guess what? They could connect
internally and externally. If I gave them a static IP inside the DHCP
scope, same problem.
I dont mind giving out static IP's as I only have 20 clients, but whats
even weirder is that only certain IP's work. For example: my DHCP scope
is 192.168.0.1-254 and have exclusions of .1 to .19 and .100 to .254.
If i give someone an IP from .100 to .109, it works fine. If I give
someone a static IP of .110+, same problem.
Has anyone seen this before? If I do nslookup on any of the clients who
cannot get out, they correctly resolve to the primary DNS server.
However, if I go try to go to a website via a browser, it doesnt show
up, but you can see in the lower left hand corner the correct IP
address of the website. If I ping say yahoo.com from the clients, it
says "pinging <correct ip address>", but times out.
I dont mind running static IP's as I only have at the most 20 clients,
but I have a feeling that this a bigger problem. I've had two
consultants who specialize in Win2k3 and they were both miffed. I did
stop the secondary DNS server to test, reinstalled DHCP to no avail.
Even deleted any (A) and (PTR) records and did ipconfig /registerdns. I
have never run into this before and am baffled. Whats weird too is that
i am using forwarders pointing to my primary/secondary DNS of my ISP.
Still cant get out. Another thing is that I cant get to the Outlook
client because it says its not available (via VPN only, not internally)
even though it is.
Noticed on the client that they get DNSAPI errors (event id's
11163/11193) when they cannot get out and i checked eventid.net, but
couldnt figure it out...Could this be a problem with old SBS stuff?
Would reinstall DNS but it is AD integrated and I am afraid it will
screw things up..Am I missing something?
PLEASE HELP!!! If anyone needs more specs (DNS/DHCP settings), please
let me know..Thanks.. |
|
Leathal
Joined: 23 Feb 2005
Posts: 37
|
| Posted:
Wed Feb 08, 2006 4:51 am Post subject:
Re: DNS/DHCP problem? (no Internet) |
|
|
| dcomber wrote: | Hello Everyone. Recently migrated from one SBS2000 box to 3 Windows
2003 Standard servers. Here is the scheme:
Server 1: AD/DC, Primary DNS, Exchange 2003, WINS, DHCP (Dell PowerEdge
2850)
Server 2: Secondary DNS, File/Print (IBM x235)
Server 3: Member Server, SQL (Dell PowerEdge 1425SC)
Firewall: Watchguard SOHO 6tc (Not running DHCP on this)
|
This is a brew for disaster. If you read the white papers on Exchange 2003 Server you would have noticed that it's NOT recommended you install Exchange 2003 Server on any DC. The only exception to the rule is Small Business Server which is a different beast in itself.
If anything you should have made Server 2 a standalone box with Exchange 2003 Server on it.
You better hope that you never have to perform a disaster recovery with the first server because it will mean long hours with Microsoft's PSS and your boss screaming at you!
| dcomber wrote: |
Migrated everything over (per msexchange.org article
http://www.msexchange.org/tutorials/Migrating-Exchange2000-Exchange-2003-Hardware.html,
no transition pack) and everything worked fine. However,soon realized
that one of the clients could connect internally (Exchange, shares,
etc), but could not connect to the Internet. Thought it was an isolated
client problem, until I did ipconfig /release /renew on another client.
Of course, same problem. DHCP was giving out IP's in the correct scope,
but could not get to the Internet. Reviewed DNS settings on primary and
secondary and everything seemed good. So I tried giving the client a
static IP (outside the DHCP scope) and guess what? They could connect
internally and externally. If I gave them a static IP inside the DHCP
scope, same problem.
I dont mind giving out static IP's as I only have 20 clients, but whats
even weirder is that only certain IP's work. For example: my DHCP scope
is 192.168.0.1-254 and have exclusions of .1 to .19 and .100 to .254.
If i give someone an IP from .100 to .109, it works fine. If I give
someone a static IP of .110+, same problem.
|
Have you tried to only give DHCP server a smaller range to work with? Example .100 to .150 say? Also have you tried to reserve the IP to the actual machine?
| dcomber wrote: |
Has anyone seen this before? If I do nslookup on any of the clients who
cannot get out, they correctly resolve to the primary DNS server.
However, if I go try to go to a website via a browser, it doesnt show
up, but you can see in the lower left hand corner the correct IP
address of the website. If I ping say yahoo.com from the clients, it
says "pinging <correct ip address>", but times out.
|
The timing out maybe a result of your Firewall rules. I know that ISA 2004 Server does not permitt clients to ping on the network to external and local IP addresses by default.
| dcomber wrote: |
I dont mind running static IP's as I only have at the most 20 clients,
but I have a feeling that this a bigger problem. I've had two
consultants who specialize in Win2k3 and they were both miffed. I did
stop the secondary DNS server to test, reinstalled DHCP to no avail.
Even deleted any (A) and (PTR) records and did ipconfig /registerdns. I
have never run into this before and am baffled. Whats weird too is that
i am using forwarders pointing to my primary/secondary DNS of my ISP.
Still cant get out. Another thing is that I cant get to the Outlook
client because it says its not available (via VPN only, not internally)
even though it is.
Noticed on the client that they get DNSAPI errors (event id's
11163/11193) when they cannot get out and i checked eventid.net, but
couldnt figure it out...Could this be a problem with old SBS stuff?
Would reinstall DNS but it is AD integrated and I am afraid it will
screw things up..Am I missing something?
PLEASE HELP!!! If anyone needs more specs (DNS/DHCP settings), please
let me know..Thanks.. |
I would comb over DNS server to make sure it's operating properly. Make sure everything is setup correctly, if you can't get it figured out and you want to avoid reinstalling it as I would avoid too I highly suggest you call Microsoft's PSS and get them to fix it.
Leathal |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
