Re: Best Overall SBS2003 Prem Install Procedure?

From: Chad A. Gross [SBS MVP] (chad.gross_at_laytonflower.nospam.com)
Date: 05/29/04 

Date: Fri, 28 May 2004 22:11:58 -0500

Hey Root - see inline 

-- 
Chad A. Gross - SBS MVP
SBS ROCKS!
www.msmvps.com/cgross
www.gosbs.org
root wrote:
> So distilling all the responses leads to a few additional questions:
>
> 1) Do both NIC ports need to be be attached to something?  Maybe both
> to each other with a crossover cable;  will that confuse it??
> What happens if one or both NICs aren't attached during the initial
> install? If only one needs to be connected initially then which;  the
> one intended for ISA+Inet or the internal LAN NIC?
>
If both NICs are plugged into something, then they will be detected & 
installed during setup.  If you don't have an extra switch / hub available, 
a crossover cable connecting the two nics will work nicely  :^)  If one of 
the nics aren't connected, you'll just have to manually install the driver 
after setup completes.  As for which one needs to be connected, probably the 
LAN nic.  However, you can't enable the firewall (either RRAS or ISA) via 
the CEICW until both NICs are installed.  So, having the NICs plugged into 
something during the install simply saves you the extra steps of manually 
installing the NIC(s) after the install completes but before you run the 
CEICW.
> Here's that unneeded support point:  "Connect External nic to a
> firewall/router (dlink, linksys, whatever with NO dhcp) with a live
> internet connection. (you may need to set up the firewall/router
> prior to the installation)."  I'd like to avoid leanring how to
> configure that old Intel 8205 that I'd like to dump.
> Why "NO DHCP"?  The SBS2003 DC needs to handle DHCP for the LAN NIC
> but the Inet/ISA NIC too??  Normally DSL modems (& the 8205) which
> I'd like to plug to the ISA/Inet NIC port does it's own DHCP serving
> and in this case that would be the fixed IP of this site.
DHCP has always been an interesting issue with SBS since the SBS DHCP will 
shut itself down if it detects another DHCP server on the LAN.  I personally 
have never had to disable DHCP on the router.  Here's a little more detail 
on my steps:
1)  Once the setup has finished, I leave both NICs plugged into a switch 
(where they are the only things attached to the switch)
2)  I install ISA and make sure that the LAT only includes the LAN subnet. 
(I usually change the predefined LAT entry to only include the 192.168.16.x 
subnet - this keeps me from having to reconfigure most routers that are in 
the 192.168.0 / 1 / 10.x subnet by default).
3)  I manually configure my WAN NIC with a static IP in the same subnet as 
the router.
4)  I run the CEICW and activate the firewall, but do not enable any inbound 
traffic.
5)  I unplug the WAN NIC from the switch and connect it to the router.
6)  I test internet access from server and then run Windows Update & A/V 
updates.
7)  After updates are complete, I rerun the CEICW to allow inbound access 
for SMTP, RWW, OWA, etc.
>
> 2)A suggestion was made that one should go to completion of the
> install, fixes and to-do's and a first workstation for the standard
> part of SBS2003. I assume that includes getting Exchange working?
> Then one could do the whole cycle for the Prem parts.
> Is this the way to do it?
I prefer to do the whole cycle of the Premium parts at the end of the 
Standard install before doing the To Do list or connecting clients.  No real 
technical reason why - just personal preference.  Although, you could argue 
that it makes more sense to do your fixes & to do's after you've installed 
all of your server apps, versus having to redo them again after you install 
the premium apps.
> What happens with the two NIC ports in this scenario?  Does one use
> the port intended for ISA for the Inet initially for Inet+WinUp and
> the other for the internal LAN to the first workstation?  Will
> Standard do a bridge automatically which will be supplanted by ISA
> later?
Not sure - 'cuz I always complete the ISA install before connecting to the 
internet & running Windows Update.  My personal opinion is that any premium 
apps you're planning on installing should be part of the install process. 
Once the install is completed (Standard + Premium), then you move to the To 
Do list & configurations.  Personally, it seems like there's an increased 
chance of missing some configurations and having to do some others twice 
when you do configurations and updates before you've completed installing 
all of your server apps.
>
> Does it make any difference when additional CALs are installed?
Nope.  Well, that's not entirely true.  You want to get those additional 
CALs installed before you have all of your workstations online  :^)
>
> So noone has a suggested ISA first plan or alternate download
> site/list for security fixes to supplant the initial need for the
> router?
Not to beat a dead horse :^), but I do prefer installing ISA first.  I 
haven't done an alternate download site - but only because I've been 
confident in the firewalls protecting my SBS's when I do the initial 
patching . . .

Relevant Pages
Loading