Re: Setting up DHCP
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Mon, 17 Dec 2007 13:44:59 -0600
"Ideas Live" <IdeasLive@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D77896FC-FD67-4729-AA52-8CC0B63D1E0B@xxxxxxxxxxxxxxxx
Thanks for the info, and sorry for my ignorance.
My machine has 2 NICs and is a domain controller. Why should it only have
1
NIC?
272294 - Active Directory Communication Fails on Multihomed Domain
Controllers
http://support.microsoft.com/default.aspx?scid=kb;en-us;272294
191611 - Symptoms of Multihomed Browsers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;191611
If it only had an internal NIC, how would the domain controller talk to
the internet?
Domain Controllers are not supposed to talk directly to the Internet. They
are to be isolated from and protected at all costs *from* the Internet.
Through routing?
Through Firewalls or Proxys. All the the "home user" Firewall device are
commonly (and very *incorrectly* called "routers"). When I say firewall, I
mean a real device, not some software that you load on a machine as a "host
based" firewall.
I do have it working somewhat. The clients are able to automatically get
an
IP address. But I'm having to specify a DNS server address on the
clients.
How do I get them to automatically get a DNS server address as well as an
IP
address?
The DNS Servers and the WINS Servers need to be added either to the Server
Options or the Scope Options in the configuration of the DHCP Service. The
best thing is for them to be Server Options since they would rarely change
and are not effected by by subnet (hence Scope) that the Client is in. Once
done the Client needs their TCP/IP Config refreshed. You can force it with
IPConfig or just reboot the machine,...rebooting usually works.
Also, I'm using Kerio WinRoute Firewall software on the server. If I have
the firewall turned on, I cannot use a browser on the client. As far as I
know, I'm allowing all services for the internal NIC. As soon as I turn
of
the firewall, I'm able to browse on the client. Any ideas?
Get rid of that. It has no place on a Domain Controller. If you want a
Firewall and want the LAN Topology to be something logical and
dependable,...buy a cheap $70 "home user" Firewall like a Linksys, D-Link,
or whatever. If you can spend a couple thousand, buy a real Firewall or
build an ISA Server. There are also some in the "middleground" for a few
hundred dollars.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
.
- References:
- Re: Setting up DHCP
- From: Phillip Windell
- Re: Setting up DHCP
- From: Ideas Live
- Re: Setting up DHCP
- Prev by Date: Re: Setting up DHCP
- Next by Date: Re: Network Printers
- Previous by thread: Re: Setting up DHCP
- Next by thread: DHCP: Predefined Options
- Index(es):
Relevant Pages
|
