none
windows server 2008 r2 internet connection / network configuration / windows update problem

    Question

  • hi and thanks for looking in.

    I simply can not get clients to the internet nor can I perform updates.

    2 NICs installed.  one LAN and one WAN.  WAN to INTERNET.  SERVER can browse on internet, nobody else can.  Network users can see server and go to shared folder resources. 

    NICs programmed with their data.  LAN NIC STATIC Internal address and same static address as its DNS1.  

    WAN NIC set to us dynamic internal (10.1.X.X) IP address from ISP terminating device (modem/router) which uses outside public provisioning/gateway address.  NAT appears to be there.  WAN NIC gets gateway address and outside DNS server info; so no gateway set on LAN NIC. Both NICs use same subnets.

    DHCP and DNS Working.  Forwarder to outside ISP DNS added; found by server.

    LAN clients and see network through mapped drives.  IP assignments given them.  Ping to say, yahoo.com or google.com return IP address on first attempt, then time out.  Ping on Server to same domains return IP address on all attempts.

    NIC Binding Order appears to be LAN NIC first, then WAN NIC.

    Have not used ICS wizard.  ICS not working.  Sharing tab on NIC properties indicates it has been disabled by network administratior.  

    I have spent whole day and can not resolve.  

    Firewall off for now.

    Your help much appreciated.




    • Edited by bobcumbers Monday, August 05, 2013 3:33 PM
    Saturday, August 03, 2013 9:30 PM

Answers

  • Hello,

    this sounds for that the server is a domain controller and that way this is really BAD configuration as DCs should NEVER be multi-homed(more then one NIC or ip address used).

    The network should be configured this way to prevent problems:

    internet > routerWANport > routerLANport > switch > ALL domain machines using the private ip ranges.

    Please post an unedited ipconfig /all from the DC/DNS server and a client with problems.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 06, 2013 9:49 AM
  • Hello,

    the router has one port connected to the ISP, that is the WAN port and one of the other switch ports on the router should be connected to the LAN switch.

    The default gateway is the LAN port non the router where the switch is connected to.

    If the DC shouldn't connect to the internet, then leave the DG empty. But be aware that you have to use a WSUS server on another machine so the monthly updates can be installed on the server.

    For the router configuration please check the vendor documentation or ask in the forums from them.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, August 07, 2013 4:52 PM

All replies

  • Hello bobcumbers,
    did you already check "Internet Connection Sharing (ICS)" service is running ? If not, enable, start it and try again to share the connection. If it still appears disabled, then try to check Group Policy: TechNet Library Enable or disable Internet Connection Sharing with Group Policy.

    I suggest to use and enable Routing and Remote Access feature:

    Bye,
    Luca


    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on "Vote As Helpful" & click on "Mark As Answer" if a post answers your question.

    Monday, August 05, 2013 7:56 PM
  • Hello,

    this sounds for that the server is a domain controller and that way this is really BAD configuration as DCs should NEVER be multi-homed(more then one NIC or ip address used).

    The network should be configured this way to prevent problems:

    internet > routerWANport > routerLANport > switch > ALL domain machines using the private ip ranges.

    Please post an unedited ipconfig /all from the DC/DNS server and a client with problems.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, August 06, 2013 9:49 AM
  • Thanks for comments above.  ANY COMMENT MUCH APPRECIATED!

    I walked into this situation as a pre-existing configuration of another and tried to pickup from there.

    I note recent discussions elsewhere on WS 2008 R2 designed to be single NIC machine/environment.  With that in mind,....

    I agree with design criteria.  Experience with SBS since v 4.0 always used two NIC cards in machine so I thought I could continue with that design train of thought in a 2008 environment.

    So, I will now set to the task of deployment as suggested:

    internet > routerWANport > routerLANport > switch > ALL domain machines using the private ip ranges.

    I just have to work out the deployment of internet > routerWANport > .

    thanks.  will post back again later....

    Tuesday, August 06, 2013 6:59 PM
  • Back again with a question,

    single server 2008 r2 hosting 6 pcs of W7 and XP.

    In the environment "internet > routerWANport > routerLANport > switch > ALL domain machines using the private ip ranges", is the NAT done at the WANrouter?

    If I leave DC with WS 2008 R2 for this domain, and dhcp assigns private ip addresses 192.168.1.xxx (say .10 through .254) on 255.255.255.0 subnet, what gateway address should I program in? and where?  on the DC Server 2008 as its address 192.168.1.5?  I've seen comments about leaving the gateway empty and by default address requests will come to the server first, then go elsewhere.

    Forwarders have been entered in domain DNS with outside ISP provided DNS server address.  Do I need to add any other addresses to DNS?

    I guess I'm asking .... how should the WANrouter be programmed/addressed?

    admittedly a little foggy here.....

    Thanks again!

    Tuesday, August 06, 2013 7:24 PM
  • Hello bobcumbers,
    sorry for delay.

    To make sure NAT is enabled, you should check inside your router configuration.
    That said, on WS 2008 R2 DHCP configuration, you should set LAN IP Address of your router as Gateway for your clients.
    So all requests to networks outside your LAN (Internet) will be redirected to your router from clients.

    What is LAN IP Address of your router ?

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.

    Wednesday, August 07, 2013 2:00 PM
  • Hello,

    the router has one port connected to the ISP, that is the WAN port and one of the other switch ports on the router should be connected to the LAN switch.

    The default gateway is the LAN port non the router where the switch is connected to.

    If the DC shouldn't connect to the internet, then leave the DG empty. But be aware that you have to use a WSUS server on another machine so the monthly updates can be installed on the server.

    For the router configuration please check the vendor documentation or ask in the forums from them.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, August 07, 2013 4:52 PM
  • Hello bobcumbers,
    sorry for delay.

    To make sure NAT is enabled, you should check inside your router configuration.
    That said, on WS 2008 R2 DHCP configuration, you should set LAN IP Address of your router as Gateway for your clients.
    So all requests to networks outside your LAN (Internet) will be redirected to your router from clients.

    What is LAN IP Address of your router ?

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.

    This network map is an example about what we (I and Meinolf) were speaking about:

    Network Map

    Bye,
    Luca


    Disclaimer: This posting is provided AS IS with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on Vote As Help and click on Mark As Answer if a post answers your question.

    Wednesday, August 07, 2013 8:59 PM