PDA

View Full Version : Questions about the DHCP server and Active Directory on Windows Server 2003


katmandoo
09-08-08, 06:01
Hello again, I have a few questions that I can't seem to find an answer to. First, if I install the DHCP server, will it interfere with my router's DHCP server. The reason why I am asking is because I was going to set up a small virtual LAN on one of my servers and I was wanting the DHCP server on Windows Server to give out IPs for the virtual LAN and not my internal network. Next, if I enable Active Directory, will it mess with any computers already on my network, the reason for this question is because of a problem I had before when I set a connection on my old server to where it said that the computers were connecting through it to the internet, and somehow it reconfigured all the computers to run through it. So I'm worried that it might reconfigure the computers to run through Active Directory and prevent everyone from logging on because once again, the Active Directory is for the virtual LAN I want to set up.

Thanks ahead of time, if I didn't explain something good enough, please ask.

Thanks again :)

spikejones
09-08-08, 06:13
if you want a certain machine on the network to act as DHCP server, you must turn off the DHCP server on the ROUTER. Configure the IP address on the new DHCP server as a static IP address within the same IP network as the router - with default gateway pointing at the routers local interface. If you are unsure how to properly address the machine with a static IP address, just check the current configuration by running ipconfig /all at a command prompt and enter the values listed there into the manual configuration utility. Also make sure that the machine you turn into the DHCP server is handing out the address of the Router as the default gateway address and not its own. (and also reserve the addresses of itself and the gateway from being passed out)

As far as active directory, I have no clue what that is so i cant really provide any input on that.

katmandoo
09-08-08, 06:19
I was afraid of that, I guess the DHCP server is a no-go then. I turn it off often so if it is off, then no one would have internet. Well I'll figure something out sooner or later or eventually do that.

As for Active Directory, it is the thing that is usually found on corporate networks that allows users to login to any computer with the same login details. It can also be called a Domain Controller. You MIGHT have noticed it on some computers, maybe at a school or some other place. It is the 3rd box that has Domain written next to it and is usually the name of the place where it is located.

Anyway, thanks for the response about the DHCP server, I had downloaded a trial of the Sharepoint server to run on virtual server and when I booted it, it was showing that the DHCP server was installed and enabled which made me think that I killed anyway to actually administer the computer remotely, that is, until I found out it was configured not to connect to a network.

spikejones
09-08-08, 07:11
ah.. now i remember what active directory is. stores the user accounts on a server rather than on the local machines - that way everyone can go login anywhere and have their desktop be the same.

katmandoo
09-08-08, 15:21
ah.. now i remember what active directory is. stores the user accounts on a server rather than on the local machines - that way everyone can go login anywhere and have their desktop be the same.

Yea, that. I was wondering if it I wanted it to be on only 2 computers if it would mess with the other computers on my network.

spikejones
09-08-08, 16:00
theoretically no. just add the two you want into the domain that the active directory is on. the other machines that you dont want it on - dont put into the domain.

katmandoo
09-08-08, 17:22
Ok, well I guess I'll start with it now, just got to hope that I don't break something in the process since the servers I have are holding a website and backed up data. lol

Anyway, thanks for the help. :)

spikejones
09-08-08, 19:47
Ok, well I guess I'll start with it now, just got to hope that I don't break something in the process since the servers I have are holding a website and backed up data. lol

Anyway, thanks for the help. :)

as far as the web server issue goes - I have mine (running mandriva) set to serve from the location /var/www. I have a separate drive mounted in that location. If things ever get botched or i decide to change distros/machines etc, the data will still be there.

katmandoo
10-08-08, 04:37
Ok, new question, this doesn't interfere with anything, it's just an annoyance. Whenever I activate clustering on anything whether it be 2 servers or 2 server applications, ALL of the lights on my router will continuously blink, I have the 2 servers connected via a hub and connected by 1 wire to my router. It seems like it is trying to contact all the computers on the network rather than just the ip addresses that I specified, is there a reason to stop this, or is it normal?

Thanks. :)

spikejones
10-08-08, 05:24
Ok, new question, this doesn't interfere with anything, it's just an annoyance. Whenever I activate clustering on anything whether it be 2 servers or 2 server applications, ALL of the lights on my router will continuously blink, I have the 2 servers connected via a hub and connected by 1 wire to my router. It seems like it is trying to contact all the computers on the network rather than just the ip addresses that I specified, is there a reason to stop this, or is it normal?

Thanks. :)

id have to see an actual diagram of your set up to diagnose that issue. the thing about hubs is that they operate in a half duplex environment where only one device can talk at one time since it is actually broadcasting the message to everyone on the hub.

imagine if you would this 10base5 ethernet bus below:

|-----A-------B------C-------D-------|

in order for device A to talk to device D, the signal goes to devices B and C as well. If Device B wants to talk to device A, the signal goes to devices C and D as well. This was the old way of doing things with every device just connecting to one main cable in which the data traveled to every device. Then they introduced hubs and UTP cabling, however with those devices, there is still no network address awareness to them and the bus still exist just inside the box. This is called a star-bus topology.

For internal networking we use switches nowadays since they are aware of MAC addresses and can there fore enable full duplex communication for every device it is connected to. No longer is there a need for every packet to be broadcast across the whole network.


So. basically speaking - if you are using a hub - get a switch and things will run faster.

katmandoo
10-08-08, 05:32
Ok, I see what you are talking about now, so that explains why all the lights are blinking on my router since it is broadcasting the message to all the computers. So, will this affect any of the computers adversely? Or will it just cause a slowdown with the cluster?

spikejones
10-08-08, 17:22
can you post a diagram of your setup (draw it in paint if you have to) and label each device as HUB, Router, switch, host, server etc. I'll know better how to consult that setup then.

katmandoo
10-08-08, 18:08
Here you go, the curved lines are showing that they are wireless devices.

http://streamlined-technologies.ath.cx/images/network.jpg

EscondeR
10-08-08, 19:12
I'd advise the following:

If you have enough ports on the router connect every wired "members" of LAN to it.
If not, replace your hub by a switch and connect all wired "members" to it, then connect switch to the hub.

One of the servers is master of operations/scheme/etc in Active Directory domain. Another is a backup server.

Ensure you have configured replication between them.

DNS: Better use DNS with static IP addressing in small LAN. Set DNS server on master of operations, OR set 1 DNS with 80% coverage on master and another with 20% coverage on backup server. Disable DHCP on the router.

N.B.: Make sure you have every server connected to only one subnet simultaneously. Multihomed servers (especially master) can cause many issues displaying LAN contents, so leave LAN crossing business to your router.

spikejones
10-08-08, 19:31
okay... i see what you have now. hmm.
good question that is sir!

the switch part of the router should not be trying to communicate with all devices simply because the hub is broadcasting to all of its connected devices. One of the servers must be sending out some broadcast or multicast packets.

--------------------------------------------------------------
Like I said before, hubs broadcast to all devices connected to them since they have no address tables in them

Switches have MAC address tables in them so that when they get a Unicast packet (single IP only) it will send it only to that specific device - out the interface that it resides on. - IP gets translated to associated MAC by means of an arp request, then that combination is stored in the MAC address table on the switch.

A REAL router uses IP addresses only to send packets to where they need to go, and are the boundary between networks.

A HOME router is a combination of a router and a switch.

--------------------------------------------------------------------------------------
So... if the switch part of the Home Router gets a Unicast packet, it looks in the packet header for the destination IP address. It then sends the packet on to the proper destination device based on the info in its table.

Now, if a multicast packet is received by the switch - it will forward the packet on to the proper machines according to the destination IP addresses in the packet header.

In the case of a broadcast packet (ie: addressed to 192.168.1.255) - the switch just sends it out to everyone.

----------------------------------------------------------------
thats just a basic walkthrough of how the different devices behave with communication, not really an answer, but it should be able to guide you on your way to figuring out the source of the broadcast, and if that broadcast is necessary or not.
-----------------------------------------------------------------

I would suggest for starters though that you replace your hub with a switch because you really don't want to have two servers on a network connected to a hub. that is bad practice. Your servers should have the fastest connection of the entire network.

EscondeR
10-08-08, 19:38
The source of broadcast is most likely one of the servers querying the LAN because of:

HUB affects the connectivity
server roles are not configured properly
replication of AD is not configured properly
domain policies can't be applied on all domain PCs

katmandoo
10-08-08, 22:54
I'm not really sure what it could be, I deleted the cluster soon after I created it and asked the question. However, it seems to still be sending out these packets. I also noticed, when I activate the cluster, it creates a connection to my hostname (adsl-227-70-52.jan.bellsouth.net). I just checked again by using netstat on the server, it is showing a lot of connections to itself (server.network.dns.streamlined-technologies.ath.cx) I think, it has something to do with it having the dns suffix applied now. Also, about the multicast part, I'm fairly sure it isn't sending those types of packets from the cluster since I set the connection type to be unicast after hearing that some routers can have problems with multicast packets.

It seems I'm causing a jumbled mess since I keep having things pop into my head.

Anyway, if it is the AD causing problems, I may figure out what I'm doing wrong within the next few months since one of my classes at school will have networking in it.

Just checked the netstat again, it shows 7 connections using ldap which that I know is AD but there are connections to various ports from 1026-1041.

Anyway, about replacing the hub with a switch, I thought about doing that almost a year ago before I got the hub, but I was very unsure about the switch since I already have a router on my network. I figured it might mess up the whole thing.

Getting away from the jumbled mess, should I just remove the server roles
and reinstall them and reconfigure them, or try to reconfigure them now?

Edit: Just checked my router's firewall and it is saying that filter multicast is on, could this have anything to do with it?

spikejones
10-08-08, 23:10
to be honest a lot of this is above me head as well:o

But, you should be able to daisychain as many switches off of that router as you need to. You could theoretically alter the routers internal IP range to be one of a class A IP address have (2^24) - 2 hosts on your network. Keep in mind that like devices need a cross-over cable to communicate. Switch-Switch or Switch-Hub need cross over cables.

which makes me consider this: is your hub connected to your Switch/router with a cross over or straight cable?

katmandoo
10-08-08, 23:19
I don't know what a crossover cable is but I have the hub connected into the router like I would a normal computer. So I guess that would be a straight cable.

spikejones
10-08-08, 23:23
that doesnt seem right, unless one of two things is in existence:

a. there is an "uplink" port on one of the devices that actually has the pin outs reversed - thus effectively creating a crossover

b. the ports on the swithch/router or the hub are capable of detecting a like device connected and switch modes.

katmandoo
10-08-08, 23:27
Now, yea, I think I do have it connected wrong, but, there is an uplink port on the hub that I have not used since the instructions were saying that it was used to connect another hub to it to create more ports.

There are 6 ports on it, the first port I have the wire connected from the router to the hub, the 2nd, and 4th port I have the hub connected to the servers, and the 6th port is the uplink port which is not in use.

spikejones
10-08-08, 23:34
perhaps this will clarify what I am saying a bit better:
http://www.computing.net/answers/networking/connecting-a-switch-hub-and-router/27877.html

katmandoo
10-08-08, 23:36
I haven't read that link yet, but I started looking for the links to the stuff I had, and saw "Switch" in one of the products that looked like mine, I ran and grabbed the box and there it was.

Linksys 10/100 5-Port Workgroup Switch

Anyway, these are the 2 things I have
Router- http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1149562300349&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=0034939789B01

Hub/Switch- http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1115416836711&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=3671122279B07

About to read that link you posted now.

I read the instructions for the switch, turns out I'm supposed to connect the to the router, but the instructions I read was from the site. When I first read the instructions, they were from the box, which shows the router plugged into the first port. So there lies the problem.

spikejones
11-08-08, 01:55
actually, from what you have posted, that is a switch and not a hub.

*if what you posted a link to is correct, there should be no need to swap it out as you already have a switch.

Ports 1-5 on that are for PC connections. The uplink port is for connecting to another hub, switch, or (home)router with a straight cable. If you connect it to a REAL (standalone) router, use ports 1-5 with a straight cable.

katmandoo
11-08-08, 01:59
Well, I guess I need to read instructions and not look at the pictures on the box from that perspective. Also, it was saying that if I use the uplink port, that port 5 will not work. I don't undstand why, even though I only need 4 at most. Anyway, so I should change my ethernet cable that is plugged into it from port 1 to the uplink port right?

spikejones
11-08-08, 02:21
in order to be sure that things operate properly, yes move it from port 1 to uplink position.

port 5 and uplink port are apparently the same NIC just with two different ports - one providing easy uplinking without having to purchase (or make) a cross-over cable.

katmandoo
11-08-08, 02:27
Ok, switched it to uplink, all the lights on my router are still blinking though. However, when I reconnected to the server over remote desktop, it seemed to connect faster.

Edit:

Apparently that was killing our internet speed, we were only getting 2.8 mbps, I retested it and it said 4.8 mbps

Edit again:

Seems to have just been a case of cached data, it is back down to 2.8 mbps

EscondeR
11-08-08, 07:13
Can you describe what exactly LAN configuration (logical) do you want, what server roles, etc? This will help us to provide you support. IMO we have started in a slightly wrong way :)

katmandoo
11-08-08, 22:29
Ok, I'm not understanding what you mean by configuration, are you meaning like the network topography? If so, I believe that it's in the star format.

Also the roles of my servers are for running a small website, providing secure remote access to the network, chat server, mmorpg server (i'm building it) and file backup. As well as load balancing if need be.


Sorry it took so long to answer, school just started today and I'm a bit worn out.

EscondeR
12-08-08, 06:57
^ Do you insist on using domain structure with all that? There is no other reason here except educational...

katmandoo
12-08-08, 11:33
The domain structure was for the 2 servers only and a bit on the educational side. There is no way I could use it on all my desktop computers in the house because only 1 supports using a domain.

EscondeR
12-08-08, 12:22
Then the best solution is the following:

Make a domain with one controller/DNS (static IPs) server. Another server will be stand alone. Connect them to the switch and set subnet 1. Connect the switch to your router. Any of the servers can host necessary services (WWW, gaming, etc). Making NLB claster on those servers is not necessary.

Connect other devices (wired) to the router. They'll form subnet 2 (different from subnet 1 IP range). Configure the router to make data sharing between subnet 1 and 2 possible.

katmandoo
12-08-08, 23:36
Ok, how do I set this as subnet one? Also, is it ok if I use the second server to run backup dns, like it copies all dns records from server 1?

spikejones
13-08-08, 00:20
thats a good question cause ive never attempted to set multiple subnets on a home router. Ive done it on a real router that had multiple network interfaces before though. I always thought that a devices default gateway had to reside in the same subnet as it is on in order to leave the subnet. Since those routers really only have two network interfaces (external and internal) i don't see how it can be done without additional equipment - unless there is a setting in the router to specify one or more ports as being a true router interface that will need to be connected to a switch.

thoughts there esconder?

katmandoo
13-08-08, 01:37
I think I found it, but I don't trust it...

Static Routing
Select set number: 1-20
Enter Route Name:_________ Destination LAN IP:________ Subnet Mask:________ Default Gateway:______ Interface:_______


It doesn't actually look like that, I'll have to find the test web router thingy, I'll edit this post with the link to the area in a few minutes

Edit:

http://ui.linksys.com/files/WRT54G2/1.0.00/Routing.htm

Ok, there is what my router looks like on the admin area, it isn't the exact same version but it's close enough.

spikejones
13-08-08, 01:47
lol.. i thought that was a picture at first until i clicked on something. interesting tool there - let see what can be figured

edit: that part is actually more along the lines of setting up a static route rather than using dynamic routing. I dont think that is the right part.

katmandoo
13-08-08, 01:52
Ok, I've run out of ideas then, I guess it's best to just wait for EscondeR to get back.

EscondeR
13-08-08, 05:45
2 variants here:

1. Use static routes if your router doesn't support more than 2 actual subnets.

2. Use 1 subnet for all home PCs, but don't add any to domain except those 2 servers. You can access the shares then via NetBIOS names or as safer way directly via IPs. Just entering \\xxx.xxx.xxx.xxx\ and getting the list of shares in file manager (any one you use). Wired devices can even use the same switch as servers in this case.

katmandoo
13-08-08, 11:45
Ok, I'll go with the first one since I know where that is, how do I set up a static route, I can send you a link to what my router looks like on the static route page if needed.

EscondeR
13-08-08, 12:30
I can send you a link to what my router looks like on the static route page if needed.

Better do so :)

katmandoo
13-08-08, 21:37
Ok, this is what it looks like

http://ui.linksys.com/files/WRT54G2/1.0.00/Routing.htm

EscondeR
14-08-08, 07:01
Generally, you need to set:

Gateway
Route name (for every device in your LAN)
IP
Mask
Gateway - Router IP
Interface - LAN and Wireless

+

Gateway
Route name - for your Internet connection
IP - your ISP connection IP
Mask
Gateway - ISP gateway IP
Interface - WAN

katmandoo
14-08-08, 11:56
Now if I were to mess up something when doing this, wouldn't I not be able to connect to my router anymore?

EscondeR
14-08-08, 12:59
In any case you have small "reset" button on your router - returns it to factory defaults :)

spikejones
14-08-08, 16:44
just give me a CISCO router and im all set :D

im sure you let us know if something gets botched. I am interested to find out how that static route thing works for the Linsys Routers. I assumed that it was meant to be used for router to router connections.

katmandoo
14-08-08, 22:03
In any case you have small "reset" button on your router - returns it to factory defaults :)

Ok, so do I hold this down to fix that, also, will I be able to connect to it when it has all the defaults reset?

Also, just checked this...

http://streamlined-technologies.ath.cx/images/routingtable.jpg

spikejones
14-08-08, 22:45
Ok, so do I hold this down to fix that, also, will I be able to connect to it when it has all the defaults reset?

Also, just checked this...

http://streamlined-technologies.ath.cx/images/routingtable.jpg

yes.. you hold down the reset button for a few seconds and it should reset everything to factory defaults - your wired devices should be fine, but encryption will be reset on the router so the wireless devices will not be able to connect until you log back into the router to reset the encryption the way you had it. The user name and password will be reset to factory default as well, which means that if you have changed it from the default, you wont be able to log in with that info but rather need to refer to the users manual or online documentation.

that routing table has three static routes in it by default:
first one is static route to your ISP subnet
second is static route to your internal network
third one is default route for any traffic not bound to either of the first two - via the ISP network

katmandoo
14-08-08, 23:00
I will have to do this later when no one is home so I don't interfere with them. I also made a configuration backup so I don't have to track down on the settings. Also, I need a re-explaination of what I need to do there at the static route area. I'm not so sure of what to do.

EscondeR
15-08-08, 04:52
Imagine you have 5 local connections to the router and one Internet.

So set for 1-5 local connections:

Gateway mode
Route name (for every device in your LAN)
IP of every local PC
Mask
Gateway - Router IP
Interface - LAN and Wireless

+

for Internet connection:

Gateway mode
Route name - for your Internet connection
IP - your ISP connection IP
Mask
Gateway - ISP gateway IP
Interface - WAN

katmandoo
15-08-08, 20:55
Imagine you have 5 local connections to the router and one Internet.

So set for 1-5 local connections:

Gateway mode
Route name (for every device in your LAN)
IP of every local PC
Mask
Gateway - Router IP
Interface - LAN and Wireless

+

for Internet connection:

Gateway mode
Route name - for your Internet connection
IP - your ISP connection IP
Mask
Gateway - ISP gateway IP
Interface - WAN

Ok, I see that I need a static Ip for all the computers on my LAN but what about the WAN, am I needing to get a static Ip or is the ISP connection IP referring to the gateway one?

EscondeR
16-08-08, 03:23
I haven't tried that config, but how about NOT making a static route for Internet connection then. Leave it as is - dynamic.

katmandoo
16-08-08, 17:10
Ok, I'll do that, it will take awhile before I respond because I'm going to need to change all the computers to static Ip addresses. It's kind of hard to do anything with the office computer since my dad is picky about what I do on it.