Dual NIC vs Single NIC

In the past Most of my systems have been dual NIC usually with ISA but due to
many reasons I am now considering going to a single NIC and moving away from
ISA.

Currently with my existing setup, if the SBS server is down, for what ever
reason, my customers can't even get to the internet.

If I had a second member server set up as the backup DC, a single NIC SBS
server, and a hardware firewall wouldn't that allow my customer to log on and
access the internet if the SBS server was offline temporarly? I would still
want the SBS server to run the DHCP and DNS roles but would assume that would
not matter as long as the SBS machine was not down for more than a few hours
at a time.

The above seems logical to me, but then since I have not done it I am
checking for any "gotchas" lying around that I might not be aware of.

By the way I would be running SBS2003R2 on such an install that would assist
me in the licencing issue of the second server which would be running server
2000 or 2003 as a member of the SBS box.

Joe

 

Yes they can.....they just can't resolve names

Yes. If you have another DC running AD-integrated DNS, and your client
workstations have the secondary DNS server listed, they should work.

You'd need to buy Windows 2000 or 2003 but I believe you wouldn't need
additional CALs.

That all being said, if you're having regular problems with your SBS box
going down, I'd rather address those - add as much redundancy to the server
hardware as you can. That would be a better use of money, in my opinion,
although it's true that outside of SBS, it's always recommended to have more
than one DC.

 

Lanwrench that is one the problem with the dual nic setup, The users get to
the internet thru the SBS box. If it is down, while they can log on to their
own box they have no access to the outside world. I am looking for a way to
make my systems a little more "bulletproof" and at the same time allow me to
do some server maintainance without totally shutting down the office.

 

Chris, I would indeed set the firewall up as the gateway in the SBS DNS. As
far as resolving IP addresses with a single NIC SBS, when you enter the
secondary DNS on the server can't that be an external DNS address such as
your ISP's DNS or 4.2.2.2 ? Doesn't that get passed to the client?

Of course another solution would be to let the gateway run DHCP instead of
the SBS but I seem to have it in my mind that that might be causing a problem
on the SBS side. However I've never tried it!

Joe

 

Joe,

GUMBY and some others would flame me if I posted what I do
So if you want to know what I do and you can try it in your TEST
environment.
(I've been using it since the last time Gumby got after me)

Give me an Email And I'll talk you about what I do and you can decide if it
works for you.
Again what I would be recommending is not a standard or recommended by
Microsoft.

Russ at sbits.biz

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

Actually if you are in North America
Send me your phone number and I'll call you,
It's quicker for me to talk to you about what to do then write it out.

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

Yeah, that's right, HIDE! YOU FIEND!!! Don't admit to your perverse
practices in public, whisper them in the corner out of my hearing. Ya snotty
little degenerate.

Joe, Russ is neither a fiend, perverse, nor a degenerate. At least, I don't
really think so.

 

LMAO



Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

You're not getting off that lightly mate. C'mon, OUT WITH IT!!! Just what
wierd little secret is being whispered in the corner?

Admit it! You thought I wasn't gonna notice! At least give me the chance to
argue my case.

 

Naw, I don't like to fight.
Did that enough with the Ex to last 5 life times..

After your and mine last discussion, I switch my system to what I said.

And it still works, no issues

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

OK, it works for you. But if you're gonna give that advice to someone else I
_demand_ the right of argument.

You reckon your ex was a demon, get on my wrong side and you'll be fondly
remembering her.

Of course, Joe can happily bypass the whole thing and email/phone you, my
demands in such case are futile. ce la vie.

 

LOL
I doubt if you can even come close to my ex.
She woke up everyday in a bad mood.

You ever hear the story about the people who are nice before the marriage
then once they get married it's like a switch gets flipped and they are a
different person?
(Well I never believed it, but it happened.)

Actually I have to give her credit
after 9 years she's been working out things (personal issues.)
and treats me like a nice person again.

And when she does get mad at me for no reason she calls and apologizes.
So I guess I'm "Finally" a Nice guy.

I remember when she would call me up after our Divorced.
she'd be yelling at me, and I'd say
Sorry, I put up with this when we were married,
however I don't have to put up with it now,
Call me back when you want to treat me nice.
and I'd hang up...

Of course I'm damaged, goods, and women are Just Friends, but I'm ok with
that for now.

Russ

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

all a nice story (yes, no matter how long it took I'm glad to hear you and
the demon are friends again).

BUT, if you wanna whisper that secret in a corner that's between Joe and
you. I'm simply tapping you on the shoulder 'wanna share that with the
class?'.

 

yes, pls share pls.. and russ, dont you ever sleep?

--
Henrik Arenblad, MCP SBS,

 

Nope, I don't share or play well with others LOL

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

It;s only 1:00am now, but I get to sleep in until 7:30am

I also sometimes take naps at 5:00pm to 6:00pm

-rg

--

SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Certified Small Business Specialist.
MCP, MCPS, MCNPS, (MCP-SBS)
North America Remote SBS2003 Support - http://www.SBITS.Biz
Introduction to Windows Small Business Server 2003 for Enterprise IT Pros
http://www.microsoft.com/downloads/...53-CCD6-4F2B-BBD9-5E7B97C232EC&displaylang=en


-

 

Well, I don't think you should be doing server maintenance during the
business day, myself - but your server shouldn't be the gateway if you don't
have ISA. Set all clients to point at your router's LAN IP as default
gateway.

 

Sure. Sometimes it's necessary.

Me too.

I'm not familiar with that one, myself.

 

Hello Joe,

Thank you for posting here. Let's also thank others for the input.

According to your description, I understand that you want to client
computers could access Internet when you shutdown or restart the SBS for
maintenance. If I have misunderstood the problem, please don't hesitate to
let me know.

Based on my research, this is a DNS and DHCP issue. By default the SBS is
the DNS server for all clients. After you shutdown the SBS, the client
computers unable to resolve the domain name of Internet. So the Internet
access fail.

For this, we can make the DHCP on SBS to assign second DNS server to all
client computers. When the primary DNS (SBS) is not available, the clients
will try the alternate DNS server.

1. Run command "dhcpmgmt.msc" on SBS to open DHCP console
2. Extend DHCP -> SBS.domain.local -> Scope -> Scope Options
3. Double click "006 DNS Servers" in right pane
4. Input the second DNS (your ISP DNS), click Add

Note: Ensure the SBS IP is above your ISP IP in the list.

5. Click OK
6. Restart the clients

Note: If you rerun the CEICW, the above configuration will be reset to
default value. Therefore, you need to perform the above steps again after
your rerun the CEICW.

Of course, this workaround does not work when the client restarts at the
SBS shutdown time. The client gets IP address from SBS, if the SBS
shutdown, the client unable to detect the DHCP server, and unable to get
IP. The whole network of client will be unavailable.

To workaround this scenario, you only have to disable DHCP on SBS and make
your router work as DHCP server. However, this is not recommended. If you
like, you can try it yourself.

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Dual NIC vs Single NIC
| thread-index: Ach+7Ycor51Gr0zTRzilimYCEQJBpQ==
| X-WBNR-Posting-Host: 207.46.19.168
| From: =?Utf-8?B?Sm9l?= <>
| References: <>
<>
<>
<>
| Subject: Re: Dual NIC vs Single NIC
| Date: Wed, 5 Mar 2008 10:20:01 -0800
| Lines: 73
| Message-ID: <>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:96557
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Lanwench, thanks again for your input. I attempt to do as little
maintainence
| as possible during the work hours of course. However 2 of my clients are
| large churches and they have extended hours 7 days a wekk plus some of
the
| programs they run require maintance by the software support personel
during
| the 8-5 time frame.
|
| When I don't use ISA I typically intall a Sonicwall as my gateway and
more
| recently a newer firewall by Calyptix Security (it also has an internal
hard
| drive and will hold mail when the server is offline)
|
| Joe
|
| "Lanwench [MVP - Exchange]" wrote:
|
| > > Lanwrench that is one the problem with the dual nic setup, The users
| > > get to the internet thru the SBS box. If it is down, while they can
| > > log on to their own box they have no access to the outside world. I
| > > am looking for a way to make my systems a little more "bulletproof"
| > > and at the same time allow me to do some server maintainance without
| > > totally shutting down the office.
| >
| > Well, I don't think you should be doing server maintenance during the
| > business day, myself - but your server shouldn't be the gateway if you
don't
| > have ISA. Set all clients to point at your router's LAN IP as default
| > gateway.
| > >
| > > "Lanwench [MVP - Exchange]" wrote:
| > >
| > >>> In the past Most of my systems have been dual NIC usually with ISA
| > >>> but due to many reasons I am now considering going to a single NIC
| > >>> and moving away from ISA.
| > >>>
| > >>> Currently with my existing setup, if the SBS server is down, for
| > >>> what ever reason, my customers can't even get to the internet.
| > >>
| > >> Yes they can.....they just can't resolve names
| > >>>
| > >>> If I had a second member server set up as the backup DC, a single
| > >>> NIC SBS server, and a hardware firewall wouldn't that allow my
| > >>> customer to log on and access the internet if the SBS server was
| > >>> offline temporarly? I would still want the SBS server to run the
| > >>> DHCP and DNS roles but would assume that would not matter as long
| > >>> as the SBS machine was not down for more than a few hours at a time.
| > >>
| > >> Yes. If you have another DC running AD-integrated DNS, and your
| > >> client workstations have the secondary DNS server listed, they
| > >> should work.
| > >>>
| > >>> The above seems logical to me, but then since I have not done it I
| > >>> am checking for any "gotchas" lying around that I might not be
| > >>> aware of.
| > >>>
| > >>> By the way I would be running SBS2003R2 on such an install that
| > >>> would assist me in the licencing issue of the second server which
| > >>> would be running server 2000 or 2003 as a member of the SBS box.
| > >>
| > >> You'd need to buy Windows 2000 or 2003 but I believe you wouldn't
| > >> need additional CALs.
| > >>
| > >> That all being said, if you're having regular problems with your SBS
| > >> box going down, I'd rather address those - add as much redundancy to
| > >> the server hardware as you can. That would be a better use of money,
| > >> in my opinion, although it's true that outside of SBS, it's always
| > >> recommended to have more than one DC.
| > >>
| > >>>
| > >>> Joe
| >
| >
| >
| >
|

 

Terence, you're gonna make me hot under the collar.

_ALL_ members of a Windows AD should use _only_ AD aware DNS servers for
name resolution. Should Joe perform the action you describe and restart his
SBS any client machine which makes a name query while SBS' DNS is
unavailable will switch to querying his AD-ignorant router/ISP for name
queries. The PC's will then experience problems requesting AD resources
until they switch back to using SBS DNS.

Whoever suggested you should pass on this advice needs to talk to MS Active
Directory development, then be shot.