none
DNS, Connect, DHCP, issues RRS feed

  • Question

  • Hi folks,

    I have just set up a network for a client and friend. It's been an interesting experience and more than a little challenging - or should I say frustrating?

    Most of this setup has been confusing, although I've learned a lot. Perhaps other novices will benefit from reading this, perhaps some seasoned campaigners will get a few laughs, and *hopefully* someone will be able to tell me what's happening!

    Firstly, I got an ML330 G6 server for my client. The server came with SBSe 2011 pre-installed. Great! But then I checked the BIOS and found the RAID controller was not enabled. No so great! So I had to enable it, create a mirrored volume, and reinstall the OS.

    However, I couldn't seem to sort out the BIOS settings. At first I could not configure the RAID controller. Changed a BIOS setting. Rebooted, configured it. Sweet! But then for the life of me I could not get the SBS installation DVD to boot afterwards. I had disabled the secondary SATA controller when I was trying to force the RAID controller to work. Fixed that, booted into the disc, and it promptly refused to see the RAID volume I'd just created. Actually, it couldn't even see the RAID controller at all. I can't recall right now what setting fixed that, but it was something else in the BIOS.

    Anyway, so now I have the thing installed. Fine. I create some user accounts. There's no antivirus on it yet, so I won't connect it to the internet. Time to fire up the two desktops. Standard HP OEM image of Windows with the crappy HP bloatware on them both. Whatever, these aren't going to control satellites. But I still uninstalled a fair whack of it.

    Now I have created a user account on each of them, and renamed them to a consistent asset naming scheme, it's time to add them to the domain.

    AND HERE IS WHERE THE FUN STARTS.

    In terms of SBS, I've previously only played around on SBS2003, with a very little exposure to SBS2008. I'm accustomed to adding the PC to the domain through the "computer name" dialog on the system properties window. But neither machine can see the DC. Oh, ok, I see, APIPA doing its thing. No DHCP set up. So I just set them to static IPs. Still doesn't work. DNS issue? I check DNS - it's set to the server IP. They can ping the server. Sweet. But they can't see a domain controller.

    Now, I've created user accounts. That says to me the server knows about AD and therefore also its role as a DC within the domain xxx.local. There is nothing whatsoever unusual about the method of networking these computers. All three are connected to a stock standard layer 2 switch. Again, they can ping the server. What is happening???

    So then I go back to the server. My foggy memory tells me I should create the computers in AD first. It also tells me this isn't necessary, but it's good practice - and a quick Youtube confirms this. When I go to create PCs, the wizard tells me to simply direct them to http://connect. I recall doing something similar on SBS2003 and so I return to the PCs and try that. Neither of them can find the page. HTTP 404 Error. This HAS to be a DNS problem.

    I type in the IP of the server into the browser, and the IIS splash screen shows. So that's all fine and the thing is running - why won't it work? I type the IP of the server followed by "/connect". I don't have permission to view that folder. GAAHHH!!

    Oh, there must be a machine named "connect" set up in the bowels of the SBS. Presumably, that's set up in its DNS DNA as well. I get that now. And it obviously doesn't resolve to the IP address of the machine. I have no idea how it's implemented. But anyway, I return to the desktops' properties and try to add to the domain that way. Still neither can locate a domain controller. WHAT??!!

    To the forums, I say. So I read about how different time zones can sink the attempt to join the domian. I check the time zones. They're all the same. I try again to join them to the domain. No joy. I read about DNS. It's all about DNS. I thought so - I have already set up DNS though, and I make sure the service is running on the server. It is. I restart it. I try again to join them to the domain. No joy.

    I do recall coming across having to register server roles in AD in a previous life. But in SBS it's all wizards and I don't think I should be farting around with settings like that. I look to see if there's a shortcut, link, context menu entry that looks like "register in AD" for either DHCP or DNS. Don't see anything.

    And then they just decided to work. The b@stards. Next time I tried adding them, it just worked. I must have changed something in the meantime, I did set up backups but can't think of anything relevant that I did between the second-last attempt and the successful one. But they don't just start working, do they, when they previously refused to? I must have done something. I am utterly clueless as to what. Every time I did something, I'd try again, and fail, to join one of them to the domain. So I was frequently trying. And totally as a sanity check I just tried again, and it worked. Can't be config propagation delay - there's only one server. I had spent *days* scouring forums trying to figure out why the d@mn things wouldn't connect, finding nothing relevant, and lo and behold it just does it out of the blue. I am really annoyed by this! All the forum entries were very simple "set up DNS, set this up, do that, and click here..." I had followed the instructions and it still wasn't working. And then is just suddenly did. Breathtakingly annoying!

    What's worse is that I was pretty sure I knew what I was doing, and I found nothing out of the ordinary, no glaring "oops, you forgot this" moments happened. All was as it should have been, it just wasn't working. Very, very irritating.

    So anyway. I grab the router that I'm installing on site. I know it's gonna have DHCP and its own thaaang going on with IP address ranges. I plug in a single desktop to it and change that desktop back to DHCP. I ping the .1.1 and then HTTP into it, default admin password is admin as usual. Crafty, Billion. So I turn DHCP to relay mode in it, thinking this will be necessary for VPN but also thinking I better read up on that.

    I give the router/modem an internal IP address in the range I've created and presto, connectivity. I return the desktop NIC settings to DHCP. All ready to go. I pack up the stuff into my car and take it all to site.

    Client tells me he has a high-maintenance user. So as to limit the disruption to her as much as possible, I don't put in the new router right away. We'll do it when she takes her afternoon break. Besides, I haven't put in the account details yet for the ISP config for the modem. But I do want to apply updates, etc. So I change the server NIC config to DHCP, turn off DHCP and DNS, connect to the network, and get on the internet.

    Later when the time comes, I replace the router with the new one, and after a few small hiccups we have internet. Actually, no, we don't. I have the server set to be the DNS server, with the router as its default gateway and OpenDNS servers as forwarder. I have the router set up as DHCP relay only. DHCP is set to deliver the server as the DNS and the router as the default gateway.

    But this does not work. There is no DNS server received by the DHCP clients. I have to manually add one in. I add the server manually. This still doesn't give us internet. I change the manual DNS setting to the IP address of the router, and presto, it all works. I'm worried this might screw up AD, since that relies on DNS and the server needs to be the DNS for resolving hostnames locally. It hasn't had any impact.

    So my questions are:

    1. What is likely to have caused the PCs to be unable to find the domain controller?
    2. What is likely to have caused the PCs to be unable to resolve the http://connect/ address?
    3. Why is DHCP not populating the clients with a DNS setting?
    4. Why is using the router as the DNS not breaking AD?

    Update -

    1. Still have no idea why this failed - the config appears to have been correct and I didn't touch it - it just started working. The mystery is why it didn't in the first place.

    2. Still a mystery.

    3. Also strange. I played with DHCP settings for hours, repeating things I'd already done, turning the service off and on, deleting scope, recreating scope - othing particularly worked. It all looked correct. Again, just started working.

    4. Router is no longer used as DNS, the server is. ISP DNS forwarder is now the domain forwarder, not OpenDNS. ALl works fine but still a mystery to me why it didn't cause a failure. The Router was only looking upstream to the ISP's DNS forwarder, not to the server.

    Thursday, March 22, 2012 11:51 PM

Answers

  • DHCP is not installed on SBS Essentials by default.

    Your Router is the 'default' DHCP server on the Essentials network, and should be set, if possible to issue the IP of the Essentials server as the DNS Server.

    However this is not 100% required.

    If your Essentials server has a Dynamic IP - which is the default - then it should register it's IP/Hostname in the Routers dhcp table, arp cache etc.

    Therefore allowing computers who use the Router for DNS to resolve the IP/Name of the Essentials server, allowing you to connect to the Connect site.

    No real magic there - but you do seem to have the wrong address. Http://connect is the site for SBS Standard.

    SBS Essentials uses http://sbsname/connect

    Once joined to the Essentials server using the Connect wizard, Clients will have their DNS Server Settings set Statically by the LAN Configuration service.

    This is done using a layer 2 beacon, so the client can detect the SBS Essentials server, and configure DNS accordingly, to allow for the SBS to be using a Dynamic IP.

    Hopefully this answers some of your questions, happy to chat more about this if you still have unanswered points.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Friday, March 23, 2012 10:06 AM
    Moderator

All replies

  • DHCP is not installed on SBS Essentials by default.

    Your Router is the 'default' DHCP server on the Essentials network, and should be set, if possible to issue the IP of the Essentials server as the DNS Server.

    However this is not 100% required.

    If your Essentials server has a Dynamic IP - which is the default - then it should register it's IP/Hostname in the Routers dhcp table, arp cache etc.

    Therefore allowing computers who use the Router for DNS to resolve the IP/Name of the Essentials server, allowing you to connect to the Connect site.

    No real magic there - but you do seem to have the wrong address. Http://connect is the site for SBS Standard.

    SBS Essentials uses http://sbsname/connect

    Once joined to the Essentials server using the Connect wizard, Clients will have their DNS Server Settings set Statically by the LAN Configuration service.

    This is done using a layer 2 beacon, so the client can detect the SBS Essentials server, and configure DNS accordingly, to allow for the SBS to be using a Dynamic IP.

    Hopefully this answers some of your questions, happy to chat more about this if you still have unanswered points.


    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Friday, March 23, 2012 10:06 AM
    Moderator
  • Hi John:

    Nodding in agreement with Robert,  and adding the following for your information..  Note that the Robert Pearman given credit for/in the post is the same Robert in the reply above:

    http://sbs.seandaniel.com/2011/06/basics-of-local-dns-for-small-business.html


    Larry Struckmeyer[SBS-MVP]

    Friday, March 23, 2012 10:36 AM
  • Thanks Larry ;o)

    Robert Pearman SBS MVP (2011) | www.titlerequired.com | www.itauthority.co.uk

    Friday, March 23, 2012 11:40 AM
    Moderator