Les
Wed Aug 20 16:55:25 CDT 2003
and, here's the *big one*, because I've gotta leave soon.
Caveat:
it's old. Please disregard references to the old sp's and hotfixes.
There are a few errors, but they're not show stoppers.
The procedure below will ensure that the SBS 2000 server and clients are
configured properly for name resolution:
Procedure:
I. Follow the procedures of the following article:
Q306802 Configure SBS for Full Time Internet with Two Network Adapters
http://support.microsoft.com/support/kb/articles/q306/8/02.asp
Complete the steps through setting the binding order for the connections,
then do the following additional steps in Part II below before continuing
with the remaining steps in the above article:
NOTE:
We will call the connection used to connect the server to the local subnet
the LAN connection and the one used to connect the server to the Internet
the WAN connection. The connections may be renamed in the Network and
Dial-up connections dialog box if desired.
II. Additional steps:
A. Configure the WAN connection:
1. Open the properties of the WAN connection. Uncheck ALL components
except TCP/IP in the "Components checked are used by this connection:"
window on the general tab.
2. Select TCP/IP, click the properties button. Verify the IP address,
subnet mask and default gateway information presented there.
3. Set the preferred DNS server's IP to the Internal IP address of the
server and leave the alternate DNS server IP address blank. Click the
Advanced... button.
4. On the DNS tab, verify that the only DNS server is the server's
internal address and no others. Uncheck, if checked: "Append parent
suffixes of the primary DNS suffix" and "Register this connection's
addresses in DNS."
5. On the WINS tab, ensure no WINS address is listed, that "Enable
LMHOST lookup" is checked and select "Disable NetBIOS over TCP/IP." This
will have the effect of allowing only the internal NIC to register with
WINS. NetBIOS packets are blocked by Internet routers, so no NetBIOS over
TCP/IP should be permitted on the server's external interface.
6. OK out of the properties of the WAN connection.
B. Configure the LAN connection:
1. Open the properties of the LAN connection. Select TCP/IP, click
the properties button.
2. Confirm the settings for the IP address and subnet mask. There is
no default gateway for this connection, leave blank. The server can have
only one default gateway, and the default gateway is assigned on the WAN
connection only. The preferred DNS server should be the server's internal
IP address above and no others.
3. Click the Advanced... button.
4. On the DNS tab, verify only one DNS server is listed. Check, if
not checked: "Append parent suffixes of the primary DNS suffix" and
"Register this connection's addresses in DNS." Check no other check boxes
on this tab.
5. On the WINS tab, verify that the WINS address is the server's
internal IP address, no others. Verify that "Enable LMHOSTS lookup" is
checked and that "Enable NetBIOS over TCP/IP" is selected.
6. OK out of the properties of the LAN connection.
C. Configure the DHCP server:
1. Open the DHCP console from Administrative Tools. Right click on
the server name, select properties.
2. Click on the DNS tab. Check all three check boxes to enable full
dynamic DNS support on the DHCP server. Under the first option, set the
choice to "Always update DNS." The DHCP server will then be responsible for
registering and deregistering DNS updates for all DHCP clients. This option
is necessary for Win NT and Win 9x clients if dynamic DNS support is desired
for these clients.
3. Click the Advanced tab, then click on the Bindings... button.
Ensure that the DHCP server is bound only to the Internal IP address.
Click Apply then OK.
4. Expand the Scope container beneath the DHCP_Server_Name. Go to
scope options. The following options should be configured:
003 Router: <Internal IP address of the server>
006 DNS Servers: <Internal IP address of the server>
015 DNS Domain Name: Enter the forest's DNS name as the string value. If in
doubt, look at the fully qualified name of the DHCP server in the console.
It is listed as servername.<domain name, including the suffix.> Note that
there is a trailing period following the domain suffix which is also part of
the server's DNS domain name. Include the domain name here, with the
trailing period included.
044 WINS/NBNS Servers: <Internal IP address of the server>, <Internal IP
address of the server>. Add the server's internal IP address twice.
046 WIN/NBT Node Type: Set to 0x8 (this is the hybrid node type. Directed
query to the WINS server first, followed by broadcast if no response is
received from the WINS server.)
5. Click Apply.
6. Right click on the DHCP_Server_Name, select All Tasks, then choose
Restart.
7. After the DHCP server restarts, you will notice that it appears
that restarting the DHCP server now requires that the server be authorized.
This is not correct. The console does not update its status automatically.
Right click on the DHCP_Server_Name, select Refresh and repeat as needed
until the server's status indicates a white circle with a green up arrow,
which indicates it is running normally. This may take 5 or more attempts to
refresh the display.
8. Close the DHCP console.
D. Configure WINS on the DC:
1. Install WINS on the DC if not installed.
2. Open the WINS console from Administrative tools.
3. Expand the Server container.
4. Right click on Active Registrations, select Find by Owner.
5. Click on the server's IP in the This owner window, then click the
Find Now button.
6. Select one of the active registrations in the right pane. Press
CTRL + A together to select all records. Right click in the right pane,
select delete to delete all registrations. Choose to delete all records
from the server, do not tombstone the records. All WINS clients will
dynamically reregister their records with WINS.
7. Restart the WINS server (right click on the server, select all
tasks, choose restart.)
8. Exit the WINS console.
E. Configure DNS:
1. Open the DNS console from Administrative Tools.
2. Right click on the server's name, select properties.
3. On the Interfaces tab, set the server to listen only on its
internal IP address.
4. On the Forwarders tab, enable forwarders, enter the IP addresses of
the ISP's DNS servers assigned to your Internet connection. Click apply.
5. On the Monitoring tab, select simple and recursive test types, then
click the Test Now button. Both test types should pass. The test results
will be displayed in the window provided. Uncheck test types, click apply,
then click OK.
6. Expand the containers beneath the server's name.
7. Click on the reverse lookup zone subnet. The reverse lookup zone
subnet corresponds to the Network ID of the LAN with an "x" in the last
octet (for a class C subnet mask.) If one is not present, create a reverse
lookup zone for the network, type Active Directory Integrated.
a. Verify that the server has a pointer record listed for its internal
IP (must be in the subnet) and associated with its fully qualified domain
name (FQDN) which includes the trailing period. This is in addition to
records with names listed as "(same as parent folder.)"
b. Bring up the properties of the reverse lookup zone subnet.
c. Click on the name servers tab. Ensure that the name server is the
server's FQDN with only the internal IP address listed.
d. Click on the WINS-R tab. Enable WINS reverse lookup, enter the
domain name (as explained above for the DHCP scope option 015 DNS domain.)
e. Click on the General tab. Set "Allow dynamic updates?" to Yes.
f. Click Apply then OK.
8. Click on the forward lookup zone (not the container called Forward
Lookup Zones, but on the actual zone beneath it.)
a. Examine the records in the right pane. Delete any record which is
not on the local, internal subnet.
b. Bring up the properties of the forward lookup zone.
c. Click on the name servers tab. Verify that the server's FQDN is
given and that it is associated only with the internal IP address.
d. Click on the WINS tab. Enable WINS forward loo