SBS2003 setup via NAT

Background: New SBS2003 std server, one nic, behind DLink DI-604 router.
Static IP address of 192.168.0.125 defined for server on DLink router already
supporting old working NT4 server and workstations. DLink router WAN IP
212.232.95.94, WAN DNS 154.11.138.59 and 154.11.128.187. Can ping internal
192.168.0.x addresses, but cannot ping external addresses. Internal
workstations cannot ping SBS2003 server. MAC addresses verified correct.
DLink LAN IP 192.168.0.1. What settings do I require on SBS2003 to make this
thing work? DNS entries? Prefer not to use two nics in server as would like
workstations to access internet if server is off-line. Suggestions?

 

If the clients are members of the SBS2003 Domain, you have but one choice,
they must use only the SBS for DNS. They cannot use the router for DNS in
TCP/IP properties, on any interface in any position.
Yes, this means that you won't have internet resolution if the server is
offline, but that is another story. You would need to add a second DNS
server that has a zone for the AD domain if internet access is needed should
the SBS be offline. Things will be extremely slow when the server is offline
because even clicking the start button by a domain account on a domain
member requires authentication by a DC.

However, if you use the router's address, or any other DNS server's address
in TCP/IP properties that does not support the AD domain, you can expect
very inconsistent behavior, long logon times, network errors and many event
log errors.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

"even clicking the start button by a domain account on a domain member
requires authentication by a DC"

Kevin, not to dispute you given that you are the foremost leading expert in
this group over the years, but that statement above, is this something you
discovered in the field on your own doing a packet capture, something you
read, or something somebody told you. I have never heard of that before.
But granted, I have seen the behavior where you click on the Start button
and there is seemingly no response for a little while, and it's maddening
b/c you're like, come on, all the CPU and memory power and the computer
can't even respond to a simple Start button click.

 

I wouldn't exactly say this, but I have experienced network problems that
made my DCs unavailable even temporarily, during this time it was like I had
an old 486-33.

I'm not sure how to read this, but if you've experienced this, you know why.
I've also seen the behavior if the ISP DNS is in TCP/IP properties, even in
the Alternate position.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

Turn off DHCP on the router. Use DHCP on the SBS server. Use the SBS wizards
to set it up and the right settings will be used. Setup a forwarder on the
SBS DNS server to either the router or your ISP's DNS servers. Use the
router for NAT only. You may have to open some ports on the router for
remote access etc. You may want to look for a more sophisticated
router/firewall. I just went through a similar setup but a different model
D-Link. It worked fine setup this way.

Kerry

 

OK, so the Microsoft Getting Started Guide with SBS is slightly
uninformative. The guide references the LAN side of things to point to using
the 192.168.0.1 reference and a single nic in the SBS. Just means a little
more effort needed to migrate to the SBS DNS service and using two nics.
Thanks to everyone for their input.