Re: Secondary DNS and PIX

Too bad you didn't run the BPA earlier. There are definitely issues needing
correction. SBS SP1 was a very specific service pack comprising several
components that should have been applied long ago. It is different from
Windows 2003 SP2. Please take care of everything and then report back how
well the SBS is working. Root hints for DNS means you leave the forwarders
blank. You didn't give the SBS hardware specs as with 70 users that is
really important info.

"WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4FCD8CBE-54D6-49F8-BDDC-8C874BA9BC42@xxxxxxxxxxxxxxxx
Yes I have tried different forwarders, in fact when I stated the
forwarders
that were there were from an old ISP. Of course I updated them with the
DNS
enteries for our current ISP. What is root hints?? (DNS is not my strong
point, and neither are firewalls in case that isnt clear yet!)

Here are the results of the BPA, with whatever notes need to be added. I
know that not all of these need to be updated, so if you find anything
critical please let me know!

All Issues
!!!!!!!*****!!!!!Windows SBS 2003 Service Pack 1 not installed : I
DONT
NOT UNDERSTAND THIS ONE AS PROPERTIES OF MY COMPUTER CLEARLY STATE
MICROSOFT
WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, SERVICE PACK 2
Windows SBS 2003 SP1 is available. For download information, see
http://go.microsoft.com/fwlink/?linkid=50694. To order the Windows SBS
2003
cd set (required for Windows SBS 2003 Premium Edition customers), go to
http://go.microsoft.com/fwlink/?linkid=50685.

ClientApps shared folder path changed :
The path of the client programs folder for the ClientAppsRoot registry key
is not the same as the path of the ClientApps shared folder. For
information
on setting the path for this registry key, see "How to move the client
programs folder to another location in Windows Small Business Server 2003"
at
http://go.microsoft.com/fwlink/?LinkId=95294.
Yes this was changed in order to save disk space on C: but to my knowledge
is not causing any problems.

POP3 Connector has not been updated :
POP3 Connector does not appear to be at least the Windows SBS 2003 SP1
version.

Receive Side Scaling is enabled :
Receive Side Scaling (RSS) is enabled and should be disabled on Windows
SBS
2003. For detailed instructions, see "Disable Receive Side Scaling"
section
of the knowledge base article "You may experience network-related problems
after you install Windows Server 2003 SP2 or the Scalable Networking Pack
on
a Windows Small Business Server 2003-based computer that has an advanced
network adapter" at http://go.microsoft.com/fwlink/?LinkId=95152.

Task Offloading is enabled :
Task Offloading is enabled and should be disabled on Windows Small
Business
Server 2003. Change the value of the DisableTaskOffload registry key to 1.
For detailed instructions, see the Knowledge Base article "You experience
intermittent communication failure between computers that are running
Windows
XP or Windows Server 2003" at
http://go.microsoft.com/fwlink/?LinkId=95149.
If the DisableTaskOffload registry key does not exist, then manually
create
this registry key and set its value to 1.

TCP Chimney is enabled :
TCP Chimney is enabled. You should disable TCP Chimney on Windows SBS
2003.
To turn off TCP Chimney, use the Netsh.exe command as follows: 1. Click
Start, click Run, type cmd, and then click OK. 2. At the command prompt,
type: Netsh int ip set chimney DISABLED 3. Press ENTER. 4. Restart the
server.

TCPA is enabled :
TCPA is enabled and should be disabled on Windows SBS 2003. Change the
EnableTCPA registry value to 0. For detailed instructions, see "Disable
offloading support" section of the knowledge base article "You may
experience
network-related problems after you install Windows Server 2003 SP2 or the
Scalable Networking Pack on a Windows Small Business Server 2003-based
computer that has an advanced network adapter" at
http://go.microsoft.com/fwlink/?LinkId=95152.

Windows SharePoint Services 2.0 RTM version installed :
The RTM version of Windows SharePoint Services 2.0 is installed on this
server. Windows SharePoint Services SP2 is available.

Small Business registry key exists :
The Small Business registry key exists and should be removed. You should
either back up or export this registry key and then delete the Small
Business
registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Small
Business.

CEICW not completed succesfully :
The Configure E-mail and Internet Connection Wizard was not completed
successfully in the last run.

DNS TimeOut registry key values should be not equal :
The DNS ForwardingTimeOut registry key value should not equal the
RecursionTimeOut registry key value. To resolve this issue, install
Windows
SBS 2003 Service Pack 1 and run the Configure E-mail and Internet
Connection
wizard.

Microsoft Outlook 2003 missing :
Outlook 2003 should exist in the ClientApps folder. To do so, from the
server, click Start, click Control Panel, click Change or Remove Programs,
then click Windows Small Business Server 2003. On the component selection
page, select Microsoft Outlook 2003.

MSSQL$SBSMonitoring instance not SQL Server 2000 SP 4 :
SBSMonitoring instance should be at SQL Server 2000 Service Pack 4.

MSSQL$SharePoint instance not using SQL Server 2000 SP 4 :
The SHAREPOINT instance should be using SQL Server 2000 SP4.

Operating system not updated with the Daylight Savings Time (DST) 2007
update :
You should update the operating system on this server with the Daylight
Savings Time 2007 update. For more information, see the Knowledge Base
article "August 2007 cumulative time zone update for Microsoft Windows
operating systems" at http://go.microsoft.com/fwlink/?LinkId=95153.

POP3 Connector snap-in has not been updated :
POP3 Connector snap-in does not appear to be the version from knowledge
base article "Error message when you use the POP3 Connector Manager with
MMC
3.0: "'MMC has detected an error in a snap-in" " at
http://go.microsoft.com/fwlink/?LinkId=95161.

Windows SBS Backup wizard has not run :
Windows SBS Backup has not been configured. To configure Windows SBS
Backup, on the server click Start, and then click Server Management. On
the
Windows SBS Administration Console, click To Do List, and then in the
details
pane click Configure Backup.

Of course, I run a different backup solution than NT backup.



"SteveB" wrote:

Have you tried different forwarders or just using root hints as a test?
Cris
asked about the results from running the SBS BPA-have you done that?

I'm not sure you've given us the hardware specs on the SBS?

"WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:FC627B38-68EF-43EA-A393-27F8D3139479@xxxxxxxxxxxxxxxx
I believe that SBS DNS is overburdoned due to the performance counter
being
maxed to 100%,counters for "total query received" and "total responses
sent".
I may be reading these wrong, but I dont think so.

As requested, here is the ipconfig of typical workstation:
Windows IP Configuration



Host Name . . . . . . . . . . . . : xxxxx-username

Primary Dns Suffix . . . . . . . :domain name.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : domain name.local

domain name.local



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : domain name.local

Description . . . . . . . . . . . : NVIDIA nForce Networking
Controller

Physical Address. . . . . . . . . : 00-17-31-B9-87-27

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.14.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.14.254

DHCP Server . . . . . . . . . . . : 192.168.14.2

DNS Servers . . . . . . . . . . . : 192.168.14.2

Primary WINS Server . . . . . . . : 192.168.14.2

Lease Obtained. . . . . . . . . . : Sunday, May 10, 2009 8:15:14
PM

Lease Expires . . . . . . . . . . : Wednesday, May 13, 2009
8:15:14
PM

I have external DNS forwarders set to my ISP's DNS servers

The reference to the PIX is because the PIX locks up everyday, which is
the
most obvious symptom of a problem on the network. I am attempting to
relieve
the burden on the DNS server in an attempt to prove that the internal
DNS
server is not the issue here.

Thanks
Wing Commander!!

"kj [SBS MVP]" wrote:

WingCommander wrote:
I have considered this option too, but with a production company of
this many people who depend on the network connection, I am weary of
doing something like this. I have had CISCO examine the
configuration several times, but you are right that it could still
be
a configuration. I have considered another hardware firewall and
may
have to do that but only as a last resort.

For now, I know that my DNS is overburdened and needs some relief.
Thanks for the suggestion

How have you determined that a (SBS) DNS server is overburdoned?

Can you post the ipconfig/all from a typical client workstation too?

Have you set a DNS forwarder for the SBS server or are you using root
hints?
I'm not sure why the reference to the PIX counters.



"ERG" wrote:

WingCommander wrote:
this is a continuation of thread
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs&mid=239d5d0b-6f53-40b0-987b-91852de49498.

I replaced and updated the pix with the latest OS and patches and
installed on the network and I still have the same problem with
the
pix locking up. But in my troubleshooting I noticed that my DNS
counters for "total query received" and "total responses sent"
were
maxed out at 100. My questions are as follows:

1.) any idea what the counter should look like for an SBS DC that
is running DNS that has about 70 clients on it?

2.) How can I add a secondary DNS server to the SBS network, and
how to I configure it to offload some of the DNS burden from the
DC? I currently have 2 additional W2K3 machines that I could
configure for DNS.

Thanks for the information, assistance and options in advance.

Scott

maybe something in the pix is not configured correctly despite
being
patched and updated. have you tried using a different firewall by
chance?

find an old desktop, put an extra nic in it and install smoothwall
(simple, open source network firewall / smoothwall.org). run it
for
a few days and see if it you still have these same issues.

you can even setup a proxy on it to relieve your SBS of repeated
DNS
requests.

--
/kj








.

Relevant Pages

  • Re: NT Domain to AD migration
    ... Windows 2000/XP always prefer Kerberos authentication, ... Server 2003 Active Directory service, ensure that you have designed a DNS ...
    (microsoft.public.windows.server.active_directory)
  • RE: Service Pack 1 on SBS 2003 Premium
    ... reinstalled the SP1 from CD again, ... Restart Windows Management Instrumentation service. ... Close the registry editor and restart the server at a non-business time ... Have you applied the whole SBS SP1 successfully? ...
    (microsoft.public.windows.server.sbs)
  • RE: Service Pack 1 on SBS 2003 Premium
    ... reinstalled the SP1 from CD again, ... Restart Windows Management Instrumentation service. ... Close the registry editor and restart the server at a non-business time ... Have you applied the whole SBS SP1 successfully? ...
    (microsoft.public.windows.server.sbs)
  • Re: The list of servers for this workgroup is not currently availi
    ... Select Windows Small Business Server 2003 and then click Change/Remove. ... You may prompt to inset SBS installation CD. ... Our only problem w/ connecting to the branch office is mapping ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 Standard - Update to SP 1 fails
    ... order to prepare SBS server to deploy Windows XP SP2 to client computers ... that are running Windows XP Professional. ... The SBS SP1 launcher need copy ... please install it and then ...
    (microsoft.public.windows.server.sbs)
Loading