Re: Secondary DNS and PIX
- From: "Cris Hanna [SBS - MVP]" <crisnospamhanna@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 12 May 2009 13:47:38 -0500
I'm no cisco guy, but does it have a harddrive, cpu, etc like other unit's do?
I have the Calyptix Access Enforcer at clients and depending on load, unit's have more processing power...any chance your pix is under powered?
--
Cris Hanna [SBS - MVP]
Co-Contributor, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
Owner, CPU Services, Belleville, IL
A Microsoft Registered Partner
------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.
"WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0C81C603-C86A-497B-8E6B-68F1DB742FA8@xxxxxxxxxxxxxxxx
Hardware for the DC is as follows:
• Compaq Proliant ML 350
• 3.0 Ghz Xeon processor
• 3 GIG of RAM
• (6) 72 GIG Hard drives, configured with RAID 5
• Windows 2003 SMALL BUSINESS SERVER
"SteveB" wrote:
> Too bad you didn't run the BPA earlier. There are definitely issues needing
> correction. SBS SP1 was a very specific service pack comprising several
> components that should have been applied long ago. It is different from
> Windows 2003 SP2. Please take care of everything and then report back how
> well the SBS is working. Root hints for DNS means you leave the forwarders
> blank. You didn't give the SBS hardware specs as with 70 users that is
> really important info.
>
> "WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:4FCD8CBE-54D6-49F8-BDDC-8C874BA9BC42@xxxxxxxxxxxxxxxx
> > Yes I have tried different forwarders, in fact when I stated the
> > forwarders
> > that were there were from an old ISP. Of course I updated them with the
> > DNS
> > enteries for our current ISP. What is root hints?? (DNS is not my strong
> > point, and neither are firewalls in case that isnt clear yet!)
> >
> > Here are the results of the BPA, with whatever notes need to be added. I
> > know that not all of these need to be updated, so if you find anything
> > critical please let me know!
> >
> > All Issues
> > !!!!!!!*****!!!!!Windows SBS 2003 Service Pack 1 not installed : I
> > DONT
> > NOT UNDERSTAND THIS ONE AS PROPERTIES OF MY COMPUTER CLEARLY STATE
> > MICROSOFT
> > WINDOWS SERVER 2003 FOR SMALL BUSINESS SERVER, SERVICE PACK 2
> > Windows SBS 2003 SP1 is available. For download information, see
> > http://go.microsoft.com/fwlink/?linkid=50694. To order the Windows SBS
> > 2003
> > cd set (required for Windows SBS 2003 Premium Edition customers), go to
> > http://go.microsoft.com/fwlink/?linkid=50685.
> >
> > ClientApps shared folder path changed :
> > The path of the client programs folder for the ClientAppsRoot registry key
> > is not the same as the path of the ClientApps shared folder. For
> > information
> > on setting the path for this registry key, see "How to move the client
> > programs folder to another location in Windows Small Business Server 2003"
> > at
> > http://go.microsoft.com/fwlink/?LinkId=95294.
> > Yes this was changed in order to save disk space on C: but to my knowledge
> > is not causing any problems.
> >
> > POP3 Connector has not been updated :
> > POP3 Connector does not appear to be at least the Windows SBS 2003 SP1
> > version.
> >
> > Receive Side Scaling is enabled :
> > Receive Side Scaling (RSS) is enabled and should be disabled on Windows
> > SBS
> > 2003. For detailed instructions, see "Disable Receive Side Scaling"
> > section
> > of the knowledge base article "You may experience network-related problems
> > after you install Windows Server 2003 SP2 or the Scalable Networking Pack
> > on
> > a Windows Small Business Server 2003-based computer that has an advanced
> > network adapter" at http://go.microsoft.com/fwlink/?LinkId=95152.
> >
> > Task Offloading is enabled :
> > Task Offloading is enabled and should be disabled on Windows Small
> > Business
> > Server 2003. Change the value of the DisableTaskOffload registry key to 1.
> > For detailed instructions, see the Knowledge Base article "You experience
> > intermittent communication failure between computers that are running
> > Windows
> > XP or Windows Server 2003" at
> > http://go.microsoft.com/fwlink/?LinkId=95149.
> > If the DisableTaskOffload registry key does not exist, then manually
> > create
> > this registry key and set its value to 1.
> >
> > TCP Chimney is enabled :
> > TCP Chimney is enabled. You should disable TCP Chimney on Windows SBS
> > 2003.
> > To turn off TCP Chimney, use the Netsh.exe command as follows: 1. Click
> > Start, click Run, type cmd, and then click OK. 2. At the command prompt,
> > type: Netsh int ip set chimney DISABLED 3. Press ENTER. 4. Restart the
> > server.
> >
> > TCPA is enabled :
> > TCPA is enabled and should be disabled on Windows SBS 2003. Change the
> > EnableTCPA registry value to 0. For detailed instructions, see "Disable
> > offloading support" section of the knowledge base article "You may
> > experience
> > network-related problems after you install Windows Server 2003 SP2 or the
> > Scalable Networking Pack on a Windows Small Business Server 2003-based
> > computer that has an advanced network adapter" at
> > http://go.microsoft.com/fwlink/?LinkId=95152.
> >
> > Windows SharePoint Services 2.0 RTM version installed :
> > The RTM version of Windows SharePoint Services 2.0 is installed on this
> > server. Windows SharePoint Services SP2 is available.
> >
> > Small Business registry key exists :
> > The Small Business registry key exists and should be removed. You should
> > either back up or export this registry key and then delete the Small
> > Business
> > registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Small
> > Business.
> >
> > CEICW not completed succesfully :
> > The Configure E-mail and Internet Connection Wizard was not completed
> > successfully in the last run.
> >
> > DNS TimeOut registry key values should be not equal :
> > The DNS ForwardingTimeOut registry key value should not equal the
> > RecursionTimeOut registry key value. To resolve this issue, install
> > Windows
> > SBS 2003 Service Pack 1 and run the Configure E-mail and Internet
> > Connection
> > wizard.
> >
> > Microsoft Outlook 2003 missing :
> > Outlook 2003 should exist in the ClientApps folder. To do so, from the
> > server, click Start, click Control Panel, click Change or Remove Programs,
> > then click Windows Small Business Server 2003. On the component selection
> > page, select Microsoft Outlook 2003.
> >
> > MSSQL$SBSMonitoring instance not SQL Server 2000 SP 4 :
> > SBSMonitoring instance should be at SQL Server 2000 Service Pack 4.
> >
> > MSSQL$SharePoint instance not using SQL Server 2000 SP 4 :
> > The SHAREPOINT instance should be using SQL Server 2000 SP4.
> >
> > Operating system not updated with the Daylight Savings Time (DST) 2007
> > update :
> > You should update the operating system on this server with the Daylight
> > Savings Time 2007 update. For more information, see the Knowledge Base
> > article "August 2007 cumulative time zone update for Microsoft Windows
> > operating systems" at http://go.microsoft.com/fwlink/?LinkId=95153.
> >
> > POP3 Connector snap-in has not been updated :
> > POP3 Connector snap-in does not appear to be the version from knowledge
> > base article "Error message when you use the POP3 Connector Manager with
> > MMC
> > 3.0: "'MMC has detected an error in a snap-in" " at
> > http://go.microsoft.com/fwlink/?LinkId=95161.
> >
> > Windows SBS Backup wizard has not run :
> > Windows SBS Backup has not been configured. To configure Windows SBS
> > Backup, on the server click Start, and then click Server Management. On
> > the
> > Windows SBS Administration Console, click To Do List, and then in the
> > details
> > pane click Configure Backup.
> >
> > Of course, I run a different backup solution than NT backup.
> >
> >
> >
> > "SteveB" wrote:
> >
> >> Have you tried different forwarders or just using root hints as a test?
> >> Cris
> >> asked about the results from running the SBS BPA-have you done that?
> >>
> >> I'm not sure you've given us the hardware specs on the SBS?
> >>
> >> "WingCommander" <WingCommander@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
> >> message
> >> news:FC627B38-68EF-43EA-A393-27F8D3139479@xxxxxxxxxxxxxxxx
> >> >I believe that SBS DNS is overburdoned due to the performance counter
> >> >being
> >> > maxed to 100%,counters for "total query received" and "total responses
> >> > sent".
> >> > I may be reading these wrong, but I dont think so.
> >> >
> >> > As requested, here is the ipconfig of typical workstation:
> >> > Windows IP Configuration
> >> >
> >> >
> >> >
> >> > Host Name . . . . . . . . . . . . : xxxxx-username
> >> >
> >> > Primary Dns Suffix . . . . . . . :domain name.local
> >> >
> >> > Node Type . . . . . . . . . . . . : Hybrid
> >> >
> >> > IP Routing Enabled. . . . . . . . : No
> >> >
> >> > WINS Proxy Enabled. . . . . . . . : No
> >> >
> >> > DNS Suffix Search List. . . . . . : domain name.local
> >> >
> >> > domain name.local
> >> >
> >> >
> >> >
> >> > Ethernet adapter Local Area Connection 2:
> >> >
> >> >
> >> >
> >> > Connection-specific DNS Suffix . : domain name.local
> >> >
> >> > Description . . . . . . . . . . . : NVIDIA nForce Networking
> >> > Controller
> >> >
> >> > Physical Address. . . . . . . . . : 00-17-31-B9-87-27
> >> >
> >> > Dhcp Enabled. . . . . . . . . . . : Yes
> >> >
> >> > Autoconfiguration Enabled . . . . : Yes
> >> >
> >> > IP Address. . . . . . . . . . . . : 192.168.14.105
> >> >
> >> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
> >> >
> >> > Default Gateway . . . . . . . . . : 192.168.14.254
> >> >
> >> > DHCP Server . . . . . . . . . . . : 192.168.14.2
> >> >
> >> > DNS Servers . . . . . . . . . . . : 192.168.14.2
> >> >
> >> > Primary WINS Server . . . . . . . : 192.168.14.2
> >> >
> >> > Lease Obtained. . . . . . . . . . : Sunday, May 10, 2009 8:15:14
> >> > PM
> >> >
> >> > Lease Expires . . . . . . . . . . : Wednesday, May 13, 2009
> >> > 8:15:14
> >> > PM
> >> >
> >> > I have external DNS forwarders set to my ISP's DNS servers
> >> >
> >> > The reference to the PIX is because the PIX locks up everyday, which is
> >> > the
> >> > most obvious symptom of a problem on the network. I am attempting to
> >> > relieve
> >> > the burden on the DNS server in an attempt to prove that the internal
> >> > DNS
> >> > server is not the issue here.
> >> >
> >> > Thanks
> >> > Wing Commander!!
> >> >
> >> > "kj [SBS MVP]" wrote:
> >> >
> >> >> WingCommander wrote:
> >> >> > I have considered this option too, but with a production company of
> >> >> > this many people who depend on the network connection, I am weary of
> >> >> > doing something like this. I have had CISCO examine the
> >> >> > configuration several times, but you are right that it could still
> >> >> > be
> >> >> > a configuration. I have considered another hardware firewall and
> >> >> > may
> >> >> > have to do that but only as a last resort.
> >> >> >
> >> >> > For now, I know that my DNS is overburdened and needs some relief.
> >> >> > Thanks for the suggestion
> >> >>
> >> >> How have you determined that a (SBS) DNS server is overburdoned?
> >> >>
> >> >> Can you post the ipconfig/all from a typical client workstation too?
> >> >>
> >> >> Have you set a DNS forwarder for the SBS server or are you using root
> >> >> hints?
> >> >> I'm not sure why the reference to the PIX counters.
> >> >>
> >> >> >
> >> >> >
> >> >> > "ERG" wrote:
> >> >> >
> >> >> >> WingCommander wrote:
> >> >> >>> this is a continuation of thread
> >> >> >>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs&mid=239d5d0b-6f53-40b0-987b-91852de49498.
> >> >> >>>
> >> >> >>> I replaced and updated the pix with the latest OS and patches and
> >> >> >>> installed on the network and I still have the same problem with
> >> >> >>> the
> >> >> >>> pix locking up. But in my troubleshooting I noticed that my DNS
> >> >> >>> counters for "total query received" and "total responses sent"
> >> >> >>> were
> >> >> >>> maxed out at 100. My questions are as follows:
> >> >> >>>
> >> >> >>> 1.) any idea what the counter should look like for an SBS DC that
> >> >> >>> is running DNS that has about 70 clients on it?
> >> >> >>>
> >> >> >>> 2.) How can I add a secondary DNS server to the SBS network, and
> >> >> >>> how to I configure it to offload some of the DNS burden from the
> >> >> >>> DC? I currently have 2 additional W2K3 machines that I could
> >> >> >>> configure for DNS.
> >> >> >>>
> >> >> >>> Thanks for the information, assistance and options in advance.
> >> >> >>>
> >> >> >>> Scott
> >> >> >>>
> >> >> >> maybe something in the pix is not configured correctly despite
> >> >> >> being
> >> >> >> patched and updated. have you tried using a different firewall by
> >> >> >> chance?
> >> >> >>
> >> >> >> find an old desktop, put an extra nic in it and install smoothwall
> >> >> >> (simple, open source network firewall / smoothwall.org). run it
> >> >> >> for
> >> >> >> a few days and see if it you still have these same issues.
> >> >> >>
> >> >> >> you can even setup a proxy on it to relieve your SBS of repeated
> >> >> >> DNS
> >> >> >> requests.
- References:
- Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: ERG
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: kj [SBS MVP]
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: SteveB
- Re: Secondary DNS and PIX
- From: WingCommander
- Re: Secondary DNS and PIX
- From: SteveB
- Re: Secondary DNS and PIX
- From: WingCommander
- Secondary DNS and PIX
- Prev by Date: Re: SBS 2003 Wizards won't start in Server Management Console
- Next by Date: Re: SBS 2003 Wizards won't start in Server Management Console
- Previous by thread: Re: Secondary DNS and PIX
- Next by thread: Re: Secondary DNS and PIX
- Index(es):
Relevant Pages
|
