Re: CEICW Network Error
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Tue, 29 Jul 2008 13:13:01 +1000
I'm sorry, really have to run and also I need more precise information.
ie. When running the CEICW and choosing to 'disable firewall' it failed at the 'configuring network' point.
would indicate maybe this was worth looking at:
http://sbits.blogspot.com/2008/04/network-card-swap-causes-configure.html
Network Card Swap causes Configure Email and Internet Connection Wizard to Fail
"RickD" <support@xxxxxxxxxxxx> wrote in message news:O0TYnfS8IHA.3624@xxxxxxxxxxxxxxxxxxxxxxx
CEICW failed on network configuration
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message news:uk$e7WS8IHA.3848@xxxxxxxxxxxxxxxxxxxxxxxthen it's on to the next step. If you run the CEICW choosing to 'disable firewall', does it complete without error?
This puts us into a bad spot due to the lack of filtering/NAT on the router but though we have no 'firewalling' the existence of 'listening services' on the external nic can be checked using 'netstat -aon | find "external_IP"', if services are listening and we don't want them there it can be dealt with. This status should only exist for a short time, possibly longer if the subsequent run of the CEICW fails to enable the firewall.
It's blasting a fly with a shotgun but if after disabling the firewall we are unable to re-enable it the purchase of a simple NAT device to be placed between SBS (taken to single NIC) is an inexpensive 'protection measure' until the problem is resolved.
Unfortunately, the others have gone quiet and I am about to head to work too. maybe a 4th gun will pick it up if your problems continue.
"RickD" <support@xxxxxxxxxxxx> wrote in message news:eL$9$JS8IHA.4864@xxxxxxxxxxxxxxxxxxxxxxxBoth LAN and WAN point to 192.168.0.2 for DNS and in CEICW I identify the ISP DNS servers and have confirmed that they are the forwarders in the DNS console
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message news:OfKfcFS8IHA.3480@xxxxxxxxxxxxxxxxxxxxxxxboth NICs on SBS should get DNS from the 'internal' SBS NIC. The SBS DNS Server service can then be told to use the router (if it acts as DNS proxy) or your ISP's DNS Servers as forwarder(s) by submitting such during the CEICW (preferred) or manual adjustment, OR you can leave the DNS setting blank during CEICW and SBS DNS will resolve using 'root hints'.
"RickD" <support@xxxxxxxxxxxx> wrote in message news:e60Xw$R8IHA.1080@xxxxxxxxxxxxxxxxxxxxxxxI have tried both iterations of the DNS on the WAN NIC tonight...good observation on your part.
Which should I set it to the SBS server 192.168.9.2 or the ISP supplied DNS servers?
Thanks
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message news:OHTl75R8IHA.3724@xxxxxxxxxxxxxxxxxxxxxxxThe rules on SBS Standard _should_ be created during CEICW (when possible) and therefore should be available for enable/disable during the wiz. It is also possible to create rules directly in the RRAS console but I fear you may need to address your problem before this can be done.
1st I would correct the DNS settings, then run the CEICW and 'disable firewall' (DO NOT forget to re-enable, your Cisco router does not appear to be doing either NAT or port filtering), run the CEICW a 2nd time to re-enable the firewall.
A previous post has:DNS Servers . . . . . . . . . . . : 167.206.112.138
167.206.7.4
yet you suggest:
the WAN(external) NIC has a public IP address and points to SBS 192.168.0.2
for DNS...
ba-bong. Something wrong there.
With Standard and a router controlled by the ISP I would put a second device (a true firewall) between the router and SBS and tell the ISP to forward everything to what _appears_ to be my server IP. With no ISA I'd probably run a single NIC.
"RickD" <support@xxxxxxxxxxxx> wrote in message news:OKt5SsR8IHA.3724@xxxxxxxxxxxxxxxxxxxxxxxThis is SBS 2K3 standard therefore no ISA...but aren't there port rules somewhere in the server console????
"SuperGumby [SBS MVP]" <not@xxxxxxxxxxx> wrote in message news:ut2G%23oR8IHA.1592@xxxxxxxxxxxxxxxxxxxxxxxISA or no ISA?
Either way they can be adjusted via CEICW for the most part but if you (or someone) have created rules manually in ISA then it's a trip through the ISA console.
"RickD" <support@xxxxxxxxxxxx> wrote in message news:uTHzmjR8IHA.2348@xxxxxxxxxxxxxxxxxxxxxxxTha was my original plan...to use a netgear wiireless router and allow visitors internet access outside of SBS, but Optimum insiosted that to have a static public IP I MUST use their Cisco....router...during installation and configuration by Optimum(remotely) I had them pass all traffic through to the router internal side (that has a public IP address) and I configured my Dual-NIC'd SBS 2K3 WAN NIC to a public IP.....as I said all was well until the (actually former) client brought is someone else and heaven knows what he tinkered with...
right now I am trying to put humpty dumpty back together again as it was and when I have completed that I will address the SPAM(the original problem) and any suggested re-configurations.
Please keep the suggestions and ideas comming as I re-install Symantec Endpoint 11.0....
Thanks sooooo much!
The other guy rtan CEICW a couple of times, and as I recall, CEICW disables any custom port filters..I am drawing a mental blank as to where to check those...ANYONE????
RickD
"Larry Struckmeyer [SBS-MVP]" <lstruckmeyer@xxxxxxxxxxxxxxx> wrote in message news:%23M$qvbR8IHA.5164@xxxxxxxxxxxxxxxxxxxxxxxAgreed on both counts. It is strange, and leave it alone. My comment was intended to give Rick additional info that he might be able to act on later. It is possible that the instructions were not clear from Optimum.
What would you and Rick think of even a consumer grade router between the nic and the Optimum device, which is more in line with what I was creeping up on.?
-Larry
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message news:umWKoTR8IHA.2064@xxxxxxxxxxxxxxxxxxxxxxxI think Optimum (seen other posts about this ISP) does some strange things. If the ext. NIC hasn't been changed, probably best to leave it alone at this point.
--
Merv Porter [SBS-MVP]
============================
"Larry Struckmeyer [SBS-MVP]" <lstruckmeyer@xxxxxxxxxxxxxxx> wrote in message news:%23a1HUQR8IHA.616@xxxxxxxxxxxxxxxxxxxxxxxHi Rick:
While we can't possibly know the ins and outs of every ISP and router on the planet, what you are describing sounds strange to me. Merv gave you a link to a diagram for the usual way this is done. The public IP goes on the Inet side of the router, and the SBS side of the router and the external NIC get a private IP address range that is different from the Internal SBS nic and the workstations.
It sounds to me like this device is not a router, but a DSL or Cable modem that sits at the termination point of the ISP connection to your office.
-Larry
"RickD" <support@xxxxxxxxxxxx> wrote in message news:eTY0x8Q8IHA.4928@xxxxxxxxxxxxxxxxxxxxxxxthe WAN(external) NIC has had a public IP address all along....and everything was working great....
the router was provided by Optimum Online and was needed (according to them) to facilitate a static IP for the External NIC
The end-user complained of large amounts of SPAM and that is why the purchased ESET, removed SEP and the whole thing went downhill from there.
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message news:OtYMo2Q8IHA.3848@xxxxxxxxxxxxxxxxxxxxxxxI suspect someone reconfigured the external NIC and gave it a public address. Normally with a router in the mix, the router gets the public IP address on its WAN side and its LAN side is given a (static) private IP address in a subnet that is different from the Internal LAN. Then the external NIC is given a (static) private IP address in the same subnet as the router's LAN side.
SBS Two Nic configuration
(works with or without ISA)
http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx
--
Merv Porter [SBS-MVP]
============================
"RickD" <support@xxxxxxxxxxxx> wrote in message news:%231637xQ8IHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message news:ea6ssoQ8IHA.1196@xxxxxxxxxxxxxxxxxxxxxxxHi Rick,
Please post results of an ipconfig /all for sbs server.
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.AxxxxxxxE>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Axxxxxxx01
Primary Dns Suffix . . . . . . . : axxxxxxxe.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : axxxxxxxe.local
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-19-B9-FE-F2-8A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.2
Primary WINS Server . . . . . . . : 192.168.0.2
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet
NIC #2
Physical Address. . . . . . . . . : 00-40-F4-70-7D-A5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 96.nn.nn.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 167.206.112.138
167.206.7.4
Any errors in the event logs?
--
Merv Porter [SBS-MVP]
============================
"RickD" <support@xxxxxxxxxxxx> wrote in message news:OgckxfQ8IHA.2064@xxxxxxxxxxxxxxxxxxxxxxxSBS 2K3 SP 2
Dual Nic
WAN public IP Address nnn.nnn.nnn.250
LAN 192.168.0.2
router with IP address nnn.nnn.nnn.249
Users brought in another tech and messed up internet connectivity....server had internet access, but AD desktops cannot get to internet.
NOW NEITHER server or desktops have internet access
I have reviewed both NICs, binding orders, services....etc...
When I run CEICW I get these errors in the error log:
Error 0c8007007e returned from call to installing RRAS (LAN)().
Error 0c8007007e returned from call to CNetCommit::Common().
Error 0c8007007e returned from call to CNetCommit::Common().
calling CRFireCommit::Commitex (0x2d93C0).
calling CRFireCommit::ValidatePropertyBag no RRAS NAT Public Interface, Basic Firewall will not be configured.().
Error 0x1 returned from call to CRFireCommit::CommitEx ValidatePropertyBag returned S_FALSE().
The whole problem started when the other tech tried to mUNINSTALL Symantec Endpoint 11.0 and then install ESET server and client.
Any H E L P is greatly appreciated...
TIA
RickD
.
- References:
- CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: Merv Porter [SBS-MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: Merv Porter [SBS-MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: Larry Struckmeyer [SBS-MVP]
- Re: CEICW Network Error
- From: Merv Porter [SBS-MVP]
- Re: CEICW Network Error
- From: Larry Struckmeyer [SBS-MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: SuperGumby [SBS MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: SuperGumby [SBS MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: SuperGumby [SBS MVP]
- Re: CEICW Network Error
- From: RickD
- Re: CEICW Network Error
- From: SuperGumby [SBS MVP]
- Re: CEICW Network Error
- From: RickD
- CEICW Network Error
- Prev by Date: Re: CEICW Network Error
- Next by Date: Re: CEICW Network Error
- Previous by thread: Re: CEICW Network Error
- Next by thread: Re: CEICW Network Error
- Index(es):
Relevant Pages
|
