RE: Server Re-Setup Help
- From: Brewhaus <Brewhaus@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 17 May 2006 06:59:03 -0700
Hi Jenny,
Thank you very much for your input. Before I change anything, let me try to
describe our setup, and you can suggest how I change it to best server our
needs.
Currently, we have five IP addresses. Four of these are allocated to the
server, which is connected directly to the internet. There is no router. We
are on a Fiber Optic line, which brings an ethernet connection directly from
the wall, so there is no router / firewall in place. The server is just
connected to a hub, which connects directly to the outlet in the wall. We
give one of the NICs four of our IP Addresses so that it will handle our
websites. Right now, we have a second NIC in place, which we have set to
obtain an IP automatically. There is no ethernet cable connected to it, so
it simply defaults to a 169 address.
We run a second connection from the hub to a router, which controls our
internal network. The WAN on the router is given a static IP address (the
one address that we have remaining), so it connects directly to the internet
as well. I would expect this to act as a separate internet connection from
our server, as they both use different IP addresses.
What is very strange is that people in other places can access our websites.
It seems that the only computers unable to connect to our server are those
behind the router mentioned above. When I try to load our website or connect
to e-mail, etc., from one of our computers behind the router we simply cannot
get a connection- it times out. Absolutely nothing was changed on the
internal computers or the router.
Our server is maintained in my home so that I am around if there is a
problem. Our warehouse is in a different location (a few miles away), and
can access the websites, log in to the server remotely, etc. That is what I
meant when I mentioned that we could access from the warehouse, but not
locally.
This was working previously, but after shutting down to install the new
power supply, it stopped working.
I was going to remove the second NIC, and keep only the one that connects to
the internet. But, when I do this and try to run the internet connection
wizard, it says that I cannot use 'direct broadband connection' with only one
NIC. Because I am literally connected directly to the internet, can I still
remove the second NIC and select a different connection option? I just want
the server to handle our websites and e-mail, but did not know how to close
ports. In reality, we need only a few ports open to run what we do.
Would I be better to connect the internal computers to the server on the
second NIC? The only reason that we did not do this is that we do not want
the extra load on the server in case it would slow our websites down at all.
I am at a complete loss, so will await your suggestions on how I should set
my connection(s) up.
Thanks again. I really look forward to your input so that I can get things
operating properly again.
""Jenny wu [MSFT]"" wrote:
Hi Rick,.
Thanks for posting here.
From your description, I understand the issue to be: users can not access
the SBS server from some computers but can from other computers without
problem. If I am off base, please don't hesitate to let me know.
From your description, I understand that you indeed use one NIC to connect
to the route, another NIC is not be used. In your scenario, you can remove
the second NIC from the server and use only one NIC. Please note that after
you remove the NIC, please re-run CEICW to re-configure network connection
regarding to one NIC scenario. I suggest that you refer to the KB 825763 to
configure network connection.
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763
If the ISA server has not been installed on the SBS server, we can enable
RRAS basic firewall to offer basic firewall protection. You can use Router
to provide more security of your network. It is not recommended we open too
many ports in the router since it is very insecure to our network.
Generally, we open the ports we needed to allow some specific traffic. You
can refer to the following list:
TCP port Definition
25 Email (SMTP)
80 required for HTTP
requests for your site
443 required for HTTPS
requests using SSL, which secures communications from your server and a Web
browser
444 Companyweb
4125 Remote Web Workplace
1723 (plus GRE Protocol 47) VPN
3389 Terminal Services
21 FTP
You open related ports only when you need allow some specific traffic.
To the users can not access the server issue, please check the following
settings:
I. Please double check DNS and Gateway settings:
1. Set the internal IP of the Router as the Default Gateway of all client
computers and the server.
2. Configure the internal client computer's NIC to use the internal DNS
Service (the IP of the SBS server box) as the DNS Server. And there is only
the DNS server be configured on client computers.
II. Please ensure enable NetBIOS over TCP/IP on client computers, please
check the settings.
1. Right-click My Network Places, and then click Properties.
2. Right-click the external network adapter''s Local Area Connection icon,
and then click Properties.
3. Click Internet Protocl (TCP/IP), and then click Properties.
4. Click Advanced.
5. Click the WINS tab.
6. Click "Enable NetBIOS over TCP/IP".
7. Click OK, click OK, and then click OK.
If not, please verifying to see if the issue is resolved.
If the issue persists, please help me collect the following information to
isolate the issue:
1. What is the exact error message you received when user try to access the
server? How you access it? using UNC path or others? Please help me collect
a screen shot of the error message and mail it to my working mailbox:
v-yanniw@xxxxxxxxxxxxx
2. What is the meaning of the sentence "yet the server can be accessed from
other places (such as our warehouse)"? How user accesses the server from
warehouse? Do the computers in warehouse in the same LAN or from internet?
3. Please run command "ipconfig /all" (no quotation marks) respectively on
the SBS server box and one problematic client workstation and email them to
me.
I appreciate your time. I am happy to be of assistance to you and look
forward to your reply!
Have a nice day!
Sincerely,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
Thread-Topic: Server Re-Setup Helpsupply.
thread-index: AcZ4hyIYuOvgGW6rSo+Ld2uklROS2A==
X-WBNR-Posting-Host: 71.244.45.98
From: =?Utf-8?B?QnJld2hhdXM=?= <Brewhaus@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Server Re-Setup Help
Date: Mon, 15 May 2006 18:22:01 -0700
Lines: 29
Message-ID: <F875B352-ECD0-4445-8F9A-20E206FB4EAF@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.server.sbs
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:268270
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.server.sbs
Yesterday we shut down our server long enough to install a new power
While this seemed harmless enough, when we restarted the computer thenetwork
connections changed. I believe that this is because we have two NIC'ssimply
installed, but only one was physically connected to anything. We used the
second NIC just to allow us to enable the Windows Firewall settings when
originally setting up the internet connection, but I now believe we were
under an incorrect assumption. I assume that this firewall setting is
to control traffic to any internal computers behind the server. Is thisrestarting,
correct? In other words, seeing as the server is actually a stand-alone
system just used to operate our websites, this firewall does nothing?
If that is the case, can we just remove the second NIC and after
step through the Set Up Internet Connection process again, using thesingle
NIC?address
Our internal computers are operated separately. We have 5 IP addresses,
four of which are assigned to the used NIC on the server, the other
goes to a router, behind which our internal computers sit. For somereason,
we cannot access the server from these computers, yet the server can beto
accessed from other places (such as our warehouse). This makes no sense
me, but I wonder if simplifying the connection is the answer.run
Finally, if there is really no protection on the server from attacks, is
there a way to close all of the ports aside from the few that we need to
our websites?
Thanks in advance for any help.
Rick
- Follow-Ups:
- RE: Server Re-Setup Help
- From: "Jenny wu [MSFT]"
- RE: Server Re-Setup Help
- References:
- RE: Server Re-Setup Help
- From: "Jenny wu [MSFT]"
- RE: Server Re-Setup Help
- Prev by Date: Re: Ports Not Listening
- Next by Date: Re: Remote Users (VPN) cant access Shares
- Previous by thread: RE: Server Re-Setup Help
- Next by thread: RE: Server Re-Setup Help
- Index(es):
Relevant Pages
|
