Re: Secondary DNS and PIX
- From: "SuperGumby [SBS MVP]" <not@xxxxxxxxxxx>
- Date: Tue, 12 May 2009 11:06:01 +1000
BTW; in SBS SP1 you can substitute Windows Server SP2 and Exchange SP2 for the earlier versions, you do not need to back out of current levels.
--
SBS remote support services. (Fees apply)
mickm at mickmalloy dot dyndns dot org
"WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:D0EDB8B4-EA7B-41A9-9768-80CA58C372C6@xxxxxxxxxxxxxxxx
First and foremost, I apologize if it appeard that I was shouting. Just
wanted to make sure you guys saw that entry. No shouting was involved! ;)
Thanks for the explanation of results. I will begin updating the list
tonight. I will actually be out of town for most of this week, so dont want
to make too many major changes to the network before I leave. At least in
the current configuration they know how to resolve it!
I will be posting the hardware specs hopefully tomorrow!!! Thanks again guys!
Wing commander!
"SteveB" wrote:
Too bad you didn't run the BPA earlier. There are definitely issues needing
correction. SBS SP1 was a very specific service pack comprising several
components that should have been applied long ago. It is different from
Windows 2003 SP2. Please take care of everything and then report back how
well the SBS is working. Root hints for DNS means you leave the forwarders
blank. You didn't give the SBS hardware specs as with 70 users that is
really important info.
"WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4FCD8CBE-54D6-49F8-BDDC-8C874BA9BC42@xxxxxxxxxxxxxxxx
> Yes I have tried different forwarders, in fact when I stated the
> forwarders
> that were there were from an old ISP. Of course I updated them with > the
> DNS
> enteries for our current ISP. What is root hints?? (DNS is not my > strong
> point, and neither are firewalls in case that isnt clear yet!)
>
> Here are the results of the BPA, with whatever notes need to be added. > I
> know that not all of these need to be updated, so if you find anything
> critical please let me know!
>
> All Issues
> !!!!!!!*****!!!!!Windows SBS 2003 Service Pack 1 not installed : I
> DONT
> NOT UNDERSTAND THIS ONE AS PROPERTIES OF MY COMPUTER CLEARLY STATE
> MICROSOFT
> WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, SERVICE PACK 2
> Windows SBS 2003 SP1 is available. For download information, see
> http://go.microsoft.com/fwlink/?linkid=50694. To order the Windows SBS
> 2003
> cd set (required for Windows SBS 2003 Premium Edition customers), go to
> http://go.microsoft.com/fwlink/?linkid=50685.
>
> ClientApps shared folder path changed :
> The path of the client programs folder for the ClientAppsRoot registry > key
> is not the same as the path of the ClientApps shared folder. For
> information
> on setting the path for this registry key, see "How to move the client
> programs folder to another location in Windows Small Business Server > 2003"
> at
> http://go.microsoft.com/fwlink/?LinkId=95294.
> Yes this was changed in order to save disk space on C: but to my > knowledge
> is not causing any problems.
>
> POP3 Connector has not been updated :
> POP3 Connector does not appear to be at least the Windows SBS 2003 SP1
> version.
>
> Receive Side Scaling is enabled :
> Receive Side Scaling (RSS) is enabled and should be disabled on Windows
> SBS
> 2003. For detailed instructions, see "Disable Receive Side Scaling"
> section
> of the knowledge base article "You may experience network-related > problems
> after you install Windows Server 2003 SP2 or the Scalable Networking > Pack
> on
> a Windows Small Business Server 2003-based computer that has an > advanced
> network adapter" at http://go.microsoft.com/fwlink/?LinkId=95152.
>
> Task Offloading is enabled :
> Task Offloading is enabled and should be disabled on Windows Small
> Business
> Server 2003. Change the value of the DisableTaskOffload registry key to > 1.
> For detailed instructions, see the Knowledge Base article "You > experience
> intermittent communication failure between computers that are running
> Windows
> XP or Windows Server 2003" at
> http://go.microsoft.com/fwlink/?LinkId=95149.
> If the DisableTaskOffload registry key does not exist, then manually
> create
> this registry key and set its value to 1.
>
> TCP Chimney is enabled :
> TCP Chimney is enabled. You should disable TCP Chimney on Windows SBS
> 2003.
> To turn off TCP Chimney, use the Netsh.exe command as follows: 1. Click
> Start, click Run, type cmd, and then click OK. 2. At the command > prompt,
> type: Netsh int ip set chimney DISABLED 3. Press ENTER. 4. Restart the
> server.
>
> TCPA is enabled :
> TCPA is enabled and should be disabled on Windows SBS 2003. Change the
> EnableTCPA registry value to 0. For detailed instructions, see "Disable
> offloading support" section of the knowledge base article "You may
> experience
> network-related problems after you install Windows Server 2003 SP2 or > the
> Scalable Networking Pack on a Windows Small Business Server 2003-based
> computer that has an advanced network adapter" at
> http://go.microsoft.com/fwlink/?LinkId=95152.
>
> Windows SharePoint Services 2.0 RTM version installed :
> The RTM version of Windows SharePoint Services 2.0 is installed on this
> server. Windows SharePoint Services SP2 is available.
>
> Small Business registry key exists :
> The Small Business registry key exists and should be removed. You > should
> either back up or export this registry key and then delete the Small
> Business
> registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Small
> Business.
>
> CEICW not completed succesfully :
> The Configure E-mail and Internet Connection Wizard was not completed
> successfully in the last run.
>
> DNS TimeOut registry key values should be not equal :
> The DNS ForwardingTimeOut registry key value should not equal the
> RecursionTimeOut registry key value. To resolve this issue, install
> Windows
> SBS 2003 Service Pack 1 and run the Configure E-mail and Internet
> Connection
> wizard.
>
> Microsoft Outlook 2003 missing :
> Outlook 2003 should exist in the ClientApps folder. To do so, from the
> server, click Start, click Control Panel, click Change or Remove > Programs,
> then click Windows Small Business Server 2003. On the component > selection
> page, select Microsoft Outlook 2003.
>
> MSSQL$SBSMonitoring instance not SQL Server 2000 SP 4 :
> SBSMonitoring instance should be at SQL Server 2000 Service Pack 4.
>
> MSSQL$SharePoint instance not using SQL Server 2000 SP 4 :
> The SHAREPOINT instance should be using SQL Server 2000 SP4.
>
> Operating system not updated with the Daylight Savings Time (DST) 2007
> update :
> You should update the operating system on this server with the Daylight
> Savings Time 2007 update. For more information, see the Knowledge Base
> article "August 2007 cumulative time zone update for Microsoft Windows
> operating systems" at http://go.microsoft.com/fwlink/?LinkId=95153.
>
> POP3 Connector snap-in has not been updated :
> POP3 Connector snap-in does not appear to be the version from knowledge
> base article "Error message when you use the POP3 Connector Manager > with
> MMC
> 3.0: "'MMC has detected an error in a snap-in" " at
> http://go.microsoft.com/fwlink/?LinkId=95161.
>
> Windows SBS Backup wizard has not run :
> Windows SBS Backup has not been configured. To configure Windows SBS
> Backup, on the server click Start, and then click Server Management. On
> the
> Windows SBS Administration Console, click To Do List, and then in the
> details
> pane click Configure Backup.
>
> Of course, I run a different backup solution than NT backup.
>
>
>
> "SteveB" wrote:
>
>> Have you tried different forwarders or just using root hints as a >> test?
>> Cris
>> asked about the results from running the SBS BPA-have you done that?
>>
>> I'm not sure you've given us the hardware specs on the SBS?
>>
>> "WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
>> message
>> news:FC627B38-68EF-43EA-A393-27F8D3139479@xxxxxxxxxxxxxxxx
>> >I believe that SBS DNS is overburdoned due to the performance counter
>> >being
>> > maxed to 100%,counters for "total query received" and "total >> > responses
>> > sent".
>> > I may be reading these wrong, but I dont think so.
>> >
>> > As requested, here is the ipconfig of typical workstation:
>> > Windows IP Configuration
>> >
>> >
>> >
>> > Host Name . . . . . . . . . . . . : xxxxx-username
>> >
>> > Primary Dns Suffix . . . . . . . :domain name.local
>> >
>> > Node Type . . . . . . . . . . . . : Hybrid
>> >
>> > IP Routing Enabled. . . . . . . . : No
>> >
>> > WINS Proxy Enabled. . . . . . . . : No
>> >
>> > DNS Suffix Search List. . . . . . : domain name.local
>> >
>> > domain name.local
>> >
>> >
>> >
>> > Ethernet adapter Local Area Connection 2:
>> >
>> >
>> >
>> > Connection-specific DNS Suffix . : domain name.local
>> >
>> > Description . . . . . . . . . . . : NVIDIA nForce Networking
>> > Controller
>> >
>> > Physical Address. . . . . . . . . : 00-17-31-B9-87-27
>> >
>> > Dhcp Enabled. . . . . . . . . . . : Yes
>> >
>> > Autoconfiguration Enabled . . . . : Yes
>> >
>> > IP Address. . . . . . . . . . . . : 192.168.14.105
>> >
>> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> >
>> > Default Gateway . . . . . . . . . : 192.168.14.254
>> >
>> > DHCP Server . . . . . . . . . . . : 192.168.14.2
>> >
>> > DNS Servers . . . . . . . . . . . : 192.168.14.2
>> >
>> > Primary WINS Server . . . . . . . : 192.168.14.2
>> >
>> > Lease Obtained. . . . . . . . . . : Sunday, May 10, 2009 >> > 8:15:14
>> > PM
>> >
>> > Lease Expires . . . . . . . . . . : Wednesday, May 13, 2009
>> > 8:15:14
>> > PM
>> >
>> > I have external DNS forwarders set to my ISP's DNS servers
>> >
>> > The reference to the PIX is because the PIX locks up everyday, which >> > is
>> > the
>> > most obvious symptom of a problem on the network. I am attempting >> > to
>> > relieve
>> > the burden on the DNS server in an attempt to prove that the >> > internal
>> > DNS
>> > server is not the issue here.
>> >
>> > Thanks
>> > Wing Commander!!
>> >
>> > "kj [SBS MVP]" wrote:
>> >
>> >> WingCommander wrote:
>> >> > I have considered this option too, but with a production company >> >> > of
>> >> > this many people who depend on the network connection, I am weary >> >> > of
>> >> > doing something like this. I have had CISCO examine the
>> >> > configuration several times, but you are right that it could >> >> > still
>> >> > be
>> >> > a configuration. I have considered another hardware firewall and
>> >> > may
>> >> > have to do that but only as a last resort.
>> >> >
>> >> > For now, I know that my DNS is overburdened and needs some >> >> > relief.
>> >> > Thanks for the suggestion
>> >>
>> >> How have you determined that a (SBS) DNS server is overburdoned?
>> >>
>> >> Can you post the ipconfig/all from a typical client workstation >> >> too?
>> >>
>> >> Have you set a DNS forwarder for the SBS server or are you using >> >> root
>> >> hints?
>> >> I'm not sure why the reference to the PIX counters.
>> >>
>> >> >
>> >> >
>> >> > "ERG" wrote:
>> >> >
>> >> >> WingCommander wrote:
>> >> >>> this is a continuation of thread
>> >> >>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs&mid=239d5d0b-6f53-40b0-987b-91852de49498.
>> >> >>>
>> >> >>> I replaced and updated the pix with the latest OS and patches >> >> >>> and
>> >> >>> installed on the network and I still have the same problem with
>> >> >>> the
>> >> >>> pix locking up. But in my troubleshooting I noticed that my DNS
>> >> >>> counters for "total query received" and "total responses sent"
>> >> >>> were
>> >> >>> maxed out at 100. My questions are as follows:
>> >> >>>
>> >> >>> 1.) any idea what the counter should look like for an SBS DC >> >> >>> that
>> >> >>> is running DNS that has about 70 clients on it?
>> >> >>>
>> >> >>> 2.) How can I add a secondary DNS server to the SBS network, >> >> >>> and
>> >> >>> how to I configure it to offload some of the DNS burden from >> >> >>> the
>> >> >>> DC? I currently have 2 additional W2K3 machines that I could
>> >> >>> configure for DNS.
>> >> >>>
>> >> >>> Thanks for the information, assistance and options in advance.
>> >> >>>
>> >> >>> Scott
>> >> >>>
>> >> >> maybe something in the pix is not configured correctly despite
>> >> >> being
>> >> >> patched and updated. have you tried using a different firewall >> >> >> by
>> >> >> chance?
>> >> >>
>> >> >> find an old desktop, put an extra nic in it and install >> >> >> smoothwall
>> >> >> (simple, open source network firewall / smoothwall.org). run it
>> >> >> for
>> >> >> a few days and see if it you still have these same issues.
>> >> >>
>> >> >> you can even setup a proxy on it to relieve your SBS of repeated
>> >> >> DNS
>> >> >> requests.
.
- Follow-Ups:
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- References:
- Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: ERG
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: kj [SBS MVP]
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: SteveB
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: SteveB
- Re: Secondary DNS and PIX
- From: WingCommander
- Secondary DNS and PIX
- Prev by Date: Re: Secondary DNS and PIX
- Next by Date: Re: Secondary DNS and PIX
- Previous by thread: Re: Secondary DNS and PIX
- Next by thread: Re: Secondary DNS and PIX
- Index(es):
Relevant Pages
|
Loading
