Why does SBS want to be a router?

Discussion in 'Server Networking' started by Tom Del Rosso, Jul 20, 2005.

  1. I've installed 2003 Server before, but now is my first shot at SBS. I got a
    surprise when I saw that it prefers to connect with 2 NICs and act as a
    router. Why does it have to be different in that respect? What's wrong
    with using a firewall appliance that is probably more secure and much easier
    to manage?

    Is it capable of being configured the old-fashioned way? My other Windows
    2003 servers are configured to look at themselves for DNS first, but when I
    try to set up SBS for an external router it asks for a DNS address, and
    won't accept the address of its own LAN NIC.
     
    Tom Del Rosso, Jul 20, 2005
    #1
    1. Advertisements

  2. In
    It doesn't prefer it - it just allows it. A lot of SBS folks feel it's
    better to use two NICs, but unless you're running Premium, with ISA, you
    don't need them, and I never use them. I don't like multihomed DCs.
    Personally, I don't see the point of two NICs on separate private IP subnets
    and a router - seems like it just makes troubleshooting more of a pain. This
    is an oft-argued topic, for what it's worth.
    Nothing - although some people like belt & suspenders. Even if I wanted to
    use ISA, I'd still want it behind another firewall.
    If you're new to SBS, note that you absolutely positively have to follow the
    dreaded wizards or you will most assuredly break things. You can absolutely
    positively set it up witn one NIC on a private IP range, have your
    router/firewall do NAT, and be happy. Just don't configure things the
    "regular" way. Use the "to do list" links.

    See
    http://www.msexchange.org/tutorials/Installing-and-Configuring-SBS2003.html
    for some help - and note that microsoft.public.windows.server.sbs is the
    best place for SBS2003 questions. Just be prepared for a lot of arm-twisting
    to use two NICs.
     
    Lanwench [MVP - Exchange], Jul 20, 2005
    #2
    1. Advertisements

  3. "Lanwench [MVP - Exchange]"
    Thank you. I thought I was crazy or completely missing the point of
    something. It's just that the wizard seemed to be forcing me to use 2 NICs.

    I see. I was too quick to dismiss the to do list. It looks like a
    dumbed-down version of the old wizard.

    Thank you very much. I'm about to take another look at it.
     
    Tom Del Rosso, Jul 20, 2005
    #3
  4. In
    No - read more closely. :)
    What old wizard? I admit I never used any previous SBS version....
    Best o' luck!
     
    Lanwench [MVP - Exchange], Jul 21, 2005
    #4
  5. "Lanwench [MVP - Exchange]"
    Well, it definitely told me the DNS address can't be the same NIC. Could
    that have something to do with Dell's pre-install choices? They had
    installed DNS already. (I intended to start from scratch anyway, but I
    thought it would be a good idea to try configuring the pre-installed system
    so I could feel free to mess it up.)

    I meant the Server 2003 wizard.

    Thanks.
    :)
     
    Tom Del Rosso, Jul 21, 2005
    #5
  6. I just installed a SBS2003 last night, with one Nic,...it never said
    anything like that.
    I don't think the hardware vendor would have anything to do with how the OS
    installed.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------
     
    Phillip Windell, Jul 21, 2005
    #6
  7. In
    I'm not sure what you chose during the wizard setup thingy....do you *have*
    two NICs? Disable one.
    Possibly, but I always install my own servers - I don't trust easily.

    You will get a better feel for this if you install the whole thing yourself
    a coupla times and see what you can break!
    Ah - well, that's pretty limited, compared to what the SBS wizards do. And
    I'm not always a fan of the latter - I just know I have to use them.
     
    Lanwench [MVP - Exchange], Jul 22, 2005
    #7
  8. I did some testing last night. I only get the message you indicated if the
    SBS already has two interfaces with the DNS IP# already on one of the
    Interaces and you are running the Internet Connection Wizard. If you only
    have one Nic then why bother running the Internet Connection Wizard at
    all?,...it isn't the "internet device", the other Firewall is,...so just
    don't bother with the wizard.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------



     
    Phillip Windell, Jul 22, 2005
    #8
  9. Yes, you'd *think* so - but honestly, in SBS Land, you are always better
    choking back your pride and running the wizards. I know this from firsthand
    experience botching up SBS installs because I know perfectly well how to set
    up non SBS boxen. I got over this.

    SBS really is its own beast, and the wizards are not exhaustively
    documented - use the wizards. I use them all for setup - the only wizard I
    never use after the fact is the 'create user' wizard as it doesn't work as
    advertised - I use ADUC & copy existing users or templates I want.
     
    Lanwench [MVP - Exchange], Jul 23, 2005
    #9
  10. Tom Del Rosso

    Brad Harley Guest

    Not only do you need to choke your pride and use the wizards, it is a must
    if you want an SBS box to operate correctly. Configure it using the wizards
    and it will run flawlessly for years. Skip the wizards and you will be
    troubleshooting late into the night.



     
    Brad Harley, Jul 24, 2005
    #10

  11. Well, to be a stickler for accuracy, you *can* do everything without the
    wizards. You would just need to know exactly what the wizards do, and that
    is not documented. ;-)
     
    Lanwench [MVP - Exchange], Jul 24, 2005
    #11
  12. "Lanwench [MVP - Exchange]"
    Ok,..well I guess I'm not surprised. I just thought with only one Nic that
    it would not need that particular Wizard because it isn't actually
    connecting to the Internet itself directly.

    I don't get much "warm fussys" for SBS.

    Here has been my expience with it (all was done in a Virtual PC lab)

    1. About a dozen install attempts before ever getting a fully installed,
    fully functioning Standard Install non-SP1 running

    2. Have never suceeded in bumping the whole thing up to SBS-SP1 and having
    it run afterwards. Installation was a Premium with SQL Server but ISA wasn't
    installed.

    3. Succeessfully installed SBS-SP1 from the SBS-SP1 CD's on the first
    attempt. Doing it from the new SBS-SP1 CD's avoided having to upgrade it to
    SP1. It seems fully functional except that you have to manually start
    Exchange Management Service after the machines boots up and complains that a
    service didn't start. The service does seem to start manually ok.

    4. The ISA on it won't allow FTP Uploads although the Rules are set to allow
    it,...I don't have that problem on ISA on a regular Server version.

    I'm not really looking for solutions for these (it is just a Lab), but that
    has been my experiences with SBS.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------
     
    Phillip Windell, Jul 25, 2005
    #12
  13. "Lanwench [MVP - Exchange]"

    Sorry for taking so long to answer.

    It has 2, and the second was already disabled. The problem was that SBS
    wants to know only the ISP's DNS address during install and then substitutes
    it's own address later. I was trying to enter it's own address at the
    start.

    Thanks for all your help and your confidence-inspiring tone.

    The clean install is 2.5 GB compared to Dell's 5.5 GB. They want you to use
    a Linux boot CD to initiate the install, so it comes out the way they did
    it. I didn't look too hard for what the difference was.
     
    Tom Del Rosso, Jul 25, 2005
    #13
  14. Just guessing, but the difference might be a bunch of management software
    for the Dell Hardware, such as software to control the RAID and other things
    like that.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------
     
    Phillip Windell, Jul 25, 2005
    #14
  15. "Lanwench [MVP - Exchange]"
    I used that wizard and the users appear in Server Management but not in AD.
    Is that what you mean? Can I import them from wherever the wizard put them?
    (Which is where? Not in AD I guess?)
     
    Tom Del Rosso, Jul 26, 2005
    #15
  16. If it they are in Computer Management Users & Groups then AD doesn't exist.
    When a machine is made a DC the contents of Users&Groups is transfered to
    Active Directory Users and Computers and the old User&Groups in Computer
    Management is disabled.

    Of course with SBS,...God only knows how they've rearranged and scrambled
    things.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------



     
    Phillip Windell, Jul 26, 2005
    #16
  17. Thanks. It ~should~ be easy then. :)
     
    Tom Del Rosso, Jul 26, 2005
    #17
  18. I read what you said again, and I realized that you said Computer
    Management. I said Server Management -- the thing that comes up from the
    Startup folder when you log on to the server right after installation. It
    has a subsection with the user names that are added to the wizard, but the
    users do not appear in AD.

    I had forgotten at what point I saw this, but it is the state of things
    after the AD exists, and clients can log on.
     
    Tom Del Rosso, Jul 26, 2005
    #18
  19. Forget the Server Management thing for the moment. Look for Active
    Directory Users and Computers found under Administrative Tools,...verify
    they are there (*that* is Active Directory). I haven't done much with SBS
    and the only thing I have ever done with the Server Management Window is
    close it as soon as it opens when the machine is started up. I know I
    probably should look into it more closely, but I am feeling very rebellious
    to SBS's extra "Wizard-ish Stuff" that they seemed to have scatter all over
    it, along with probably moving perfectly familiar things into starnge
    unknown places,......just to annoy me, I'm sure.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
    http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp
    -----------------------------------------------------
     
    Phillip Windell, Jul 26, 2005
    #19
  20. They're all in AD. You may not be looking in the correct OU (and DO NOT mess
    with the OUs - don't rename them, move them, etc.).

    What I mean is, the wizard allegedly copies a template, which you can
    customize - but it doesn't seem to copy over all the attributes, such as
    profile path, home directory settings, etc....which is why I find it easier
    to go to ADUC, find the OU, right-click/copy an existing user.
     
    Lanwench [MVP - Exchange], Jul 27, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.