1st installation - lots of questions

Hi

I'm installing my first SBS and the test installation doesn't work as
expected.

Hardware:
New Dell PowerEdge 2600 Server (Dual P4 2.4, 1GB RAM, SCSI RAID, 2 NICs)
Zyxel Prestige 642R ADSL router

Software:
SBS2000 SP1 (OEM Dell installation)

Before installation I've read lots of tutorials and I'm using the SBS 2000
Best Practices book by Harry Brelsford too.

Here's my configuration:

Internal NIC: IP 192.168.16.2, DNS 192.168.16.2, Gateway empty
External NIC: IP 192.168.1.2, DNS 192.168.16.2, Gateway 192.168.1.1
(ADSL-Router)

I've run ICW (with DNS entries from ISP for DNS forwarders) and opened all
services for packet filtering
I created a new packet filter for telnet, so I'm able to configure the ADSL
router

Plugging the ADSL-router directly on a W2k workstation works perfect, so the
router configuration seems okay. Pluggin the router on my SBS server (same
network cable as before), Internet performance is slow, but not everytime:
Browsing a website (e.g. Microsoft) is mostly good for the first 2-3 pages.
After the next page, loading is extremly slow (sometime never ends). Or
browsing a google site. First or second page okay and fast....then loading,
loading....Sometimes I can stop the page and press refresh and the new page
is here immediately.
Downloading a file (e.g. w2k SP4) runs fine with good speed and no
interrupts. IF I come to the download page....:-(

The same bad Internet perfomance is when opening the OWA from the web.
Authentification window comes immediately, but load the OWA is VERY slow,
sometime hangs forever.

I did some other tests do find the source:

Plugged in a cable modem instead of the ADSL router. (had to change the
external NIC settings, rerun the ICW and rebooted server). Performance was
much better! (OWA from web was not really fast, but worked and was MUCH
faster than before). So I thought is has to be the ADSL router configuration
and not a SBS issue.
But why does the ADSL router works fine on a standalone machine? (with same
config)

okay, I've some other questions (POP3 connector), but I first want to have a
fast and stable internet connection (inbound and outbound)

Ah, one question more: For this test installation, I have connected the SBS
server on my home network HUB. My home network is only a workgroup (not a
domain!) and my w2k server has the IP 192.168.10.2. How can I access this
server from my SBS server? Can't ping! (SBS don't see my w2k server and vice
versa, but they are attached on the same HUB).

Hope you have some hints for this internet issue...

Best
Hansjoerg

Javier
Tue Oct 14 10:55:00 CDT 2003

FYI: Excellent source of information regarding SBS-
www.smallbizserver.net

Read this article->
http://www.smallbizserver.net/sbs2000/With_two_network_adapters_a_dynamic_IP_address_ISA_and_a_router.aspx

Now... check the binding order of the NICs. The internal one should be
listed first.

Probably, you can't see your Win2k server because it is not on the same
subnet as the SBS. Is is connected in the same hub as the internal card?
right? I suggest you change the Win2k server's IP address.

--
-Javier

<< SBS ROCKS !!! >>

John
Tue Oct 14 10:55:30 CDT 2003

Hans,

See inline for my thoughts,

Make sure you have locked ISA firewall down, see www.smallbizserver.net for
instructions and www.grc.com for a test of your firewall.

Don't forget to patch aswell www.shavlik.com

"Hansjoerg Watzl" <r_deckard@gmx.net> wrote in message
news:bmh4dm$1p1p$1@news.imp.ch...
> Hi
>
> I'm installing my first SBS and the test installation doesn't work as
> expected.
>
> Hardware:
> New Dell PowerEdge 2600 Server (Dual P4 2.4, 1GB RAM, SCSI RAID, 2 NICs)
> Zyxel Prestige 642R ADSL router
>
> Software:
> SBS2000 SP1 (OEM Dell installation)
>
> Before installation I've read lots of tutorials and I'm using the SBS 2000
> Best Practices book by Harry Brelsford too.
>
> Here's my configuration:
>
> Internal NIC: IP 192.168.16.2, DNS 192.168.16.2, Gateway empty
> External NIC: IP 192.168.1.2, DNS 192.168.16.2, Gateway 192.168.1.1
> (ADSL-Router)

The DNS of your External NIC should be the IP addresses of your ISP's DNS
servers not the DNS of your SBS. Your above configuration means your
External NIC will be trying to resolve external addresses i.e. www.ms.com
from your internal DNS server.

>
> I've run ICW (with DNS entries from ISP for DNS forwarders) and opened all
> services for packet filtering
> I created a new packet filter for telnet, so I'm able to configure the
ADSL
> router
>
> Plugging the ADSL-router directly on a W2k workstation works perfect, so
the
> router configuration seems okay. Pluggin the router on my SBS server (same
> network cable as before), Internet performance is slow, but not everytime:
> Browsing a website (e.g. Microsoft) is mostly good for the first 2-3
pages.
> After the next page, loading is extremly slow (sometime never ends). Or
> browsing a google site. First or second page okay and fast....then
loading,
> loading....Sometimes I can stop the page and press refresh and the new
page
> is here immediately.

Possibly related to misconfigured DNS on external NIC

> Downloading a file (e.g. w2k SP4) runs fine with good speed and no
> interrupts. IF I come to the download page....:-(

Same again

> The same bad Internet perfomance is when opening the OWA from the web.
> Authentification window comes immediately, but load the OWA is VERY slow,
> sometime hangs forever.
>
> I did some other tests do find the source:
>
> Plugged in a cable modem instead of the ADSL router. (had to change the
> external NIC settings, rerun the ICW and rebooted server). Performance was
> much better! (OWA from web was not really fast, but worked and was MUCH
> faster than before). So I thought is has to be the ADSL router
configuration
> and not a SBS issue.
> But why does the ADSL router works fine on a standalone machine? (with
same
> config)

> okay, I've some other questions (POP3 connector), but I first want to have
a
> fast and stable internet connection (inbound and outbound)

Bring em on ;)

> Ah, one question more: For this test installation, I have connected the
SBS
> server on my home network HUB. My home network is only a workgroup (not a
> domain!) and my w2k server has the IP 192.168.10.2. How can I access this
> server from my SBS server? Can't ping! (SBS don't see my w2k server and
vice
> versa, but they are attached on the same HUB).

You would need to set your server to be on the same subnet as the SBS
network, so set its IP address to be something like 192.168.16.3, then join
the Server to the domain, you can always remove it later.

Better still, set the win2k servers NIC to get its IP address via DCHP
rather than statically applying it.
>
> Hope you have some hints for this internet issue...
>
> Best
> Hansjoerg
>
>
>

Javier
Tue Oct 14 11:13:37 CDT 2003

> The DNS of your External NIC should be the IP addresses of your ISP's DNS
> servers not the DNS of your SBS. Your above configuration means your
> External NIC will be trying to resolve external addresses i.e. www.ms.com
> from your internal DNS server.

I believe this is not correct. Both NICs DNS *should* be pointing to the
internal NIC ip address.

--
-Javier

<< SBS ROCKS !!! >>

Hansjoerg
Tue Oct 14 15:10:39 CDT 2003

> The DNS of your External NIC should be the IP addresses of your ISP's DNS
> servers not the DNS of your SBS. Your above configuration means your
> External NIC will be trying to resolve external addresses i.e. www.ms.com
> from your internal DNS server.

Yes, but that's the common config, I see in most faq. The DNS forwarders
will do the job.

> You would need to set your server to be on the same subnet as the SBS
> network, so set its IP address to be something like 192.168.16.3, then
join
> the Server to the domain, you can always remove it later.
>
> Better still, set the win2k servers NIC to get its IP address via DCHP
> rather than statically applying it.

I found an easy way for this problem: Added a second IP-Address on the
internal NIC of both, SBS server and my Home-Server. Both can ping each
other, but only my Home server is able to connect to a share. But who cares
from which direction I copy some files :-) (it's only for copying some
utils between my server and the SBS)

But the other REAL problem is still there. I tried to disable proxy and
firewall services (only for some minutes of course). I tried to set
IProuterenable in registry to overcome the ISA. I tried to use an ISP proxy
address in the IE settings. No success...internet browsing is still slow and
unstable. I even can't load the shieldsup site (Java?).

How can I bring SBS to a state for better troubleshooting, where most
services are disabled and internet access is still possible? I only want to
get a config, where internet is working normal (even with ISA, proxy
deactivated). And then go on step by step...

Oh my god...and this book says SBS is perfect for easy installation of a
complete MS server environment for small business....

btw...POP3 connector and Exchange seems to work, but there's a problem. At
my ISP email-accounts are configured with user1@domain.com, user2@domain.com
and for every user there exists alias like miller@domain.com,
watson@domain.com. In exchange server, where do I enter these alias names?
At the moment, exchange server sends the internal exchange user name as real
internet email address, but these names are not configured at my ISP mail
server, so the receiver can't reply to this email. oops...hope you
understand my problem?!

Hansjoerg

Javier
Tue Oct 14 15:35:07 CDT 2003

> How can I bring SBS to a state for better troubleshooting, where most
> services are disabled and internet access is still possible? I only want
to
> get a config, where internet is working normal (even with ISA, proxy
> deactivated). And then go on step by step...

Use ISA and the ICW.Did you check the binding order? Did you check the link
I gave you? Is everything in your setup like that?

> Oh my god...and this book says SBS is perfect for easy installation of a
> complete MS server environment for small business....

SBS is easy... but from the perspective that you need to configure Win2k,
Exchange, ISA... et.at. in one box. Trust the sbs wizards... they are your
friends. Most people recomend installing it at least 2 times before the
actual installation (which is what I think you are doing).

> btw...POP3 connector and Exchange seems to work, but there's a problem. At
> my ISP email-accounts are configured with user1@domain.com,
user2@domain.com
> and for every user there exists alias like miller@domain.com,
> watson@domain.com. In exchange server, where do I enter these alias names?
> At the moment, exchange server sends the internal exchange user name as
real
> internet email address, but these names are not configured at my ISP mail
> server, so the receiver can't reply to this email. oops...hope you
> understand my problem?!

I'm not sure what you are talking about. In the ICW put the "domain.com"
(not .local as your AD domain should be)... and configure the pop3 connector
to download mail to the correct user. The best approach is that your AD
username matches your "real" internet address. Instead of creating an user
with the following username "user1"... put the actual email name like
"miller". Nothing says that the ISP's POP3 account name must match the AD
(or even the Exchange) account name (i.e. you could put user1 to download to
user2 mailbox). You could change the SMTP mail address... but why go all the
trouble?

--
-Javier

<< SBS ROCKS !!! >>

Hansjoerg
Tue Oct 14 16:25:27 CDT 2003

Hi Javier

> Use ISA and the ICW.Did you check the binding order? Did you check the
link
> I gave you? Is everything in your setup like that?
What link?? ISA was configured with ICW default settings (all packet filters
enabled) and LAT is set to internal ip only. Nothing else changed.

The problem is really weird. First or second page load of a SITE is good and
then the loading freezes. Stopping and refreshing the page shows the page
(but I guess only if there is no active content like ASP or Java??). So it
seems the page was loaded in the background (proxy?) but not shown.

> I'm not sure what you are talking about. In the ICW put the "domain.com"
> (not .local as your AD domain should be)... and configure the pop3
connector
> to download mail to the correct user. The best approach is that your AD
> username matches your "real" internet address. Instead of creating an user
> with the following username "user1"... put the actual email name like
> "miller". Nothing says that the ISP's POP3 account name must match the AD
> (or even the Exchange) account name (i.e. you could put user1 to download
to
> user2 mailbox). You could change the SMTP mail address... but why go all
the
> trouble?
Hmm...okay, let's explain. The actual situation for my customer is the
following:

- A couple of W2K workstations connected to a NT4-Server (NT-Domain) with
Internet access through an ADSL-router.
- No internal mail server.
- Theres an internet registered Domain at the ISP (for hosting and email) ->
company.com
- The ISP has configured his mailserver with "anonymous" mail accounts ->
user1@company.com, user2@company.com....
- My customers workstations Outlook is configured to get the mails from the
ISP POP3. Mail account for authentification is still user1@company.com....
- But for each mail account the ISP has configured at least one additional
alias account: e.g. miller@company.com is assigned to the "real" account
user1@company.com
- Sometimes there are more than one alias assigned to an email account (e.g.
info@company.com + support@company.com).
- In Outlook the real email account is only for authentification. Nobody
else ever sees this account. The email ADDRESS is the alias account!

Now with my new SBS configuration, I have a new situation:
- Internal domain is company.local
- Domain user names are anonymous too -> gduser00, gduser01...
- Exchange and domain user names are always the same, correct?
- Within the Exchange POP3 connector I can easily assign a pop3-mail-account
to an internal exchange account: e.g. gduser00 is mapped to
user1@company.com
- To this point, everything works fine....but when sending an email,
exchange server will send it as gduser00@company.com and that's not correct.
If the receiver replys to this address, the ISP-Mailserver will bring an
error (user not found).
- I don't want to change this alias-mail-account system of my ISP. There's
only one question: where can I set this alias email-address in exchange
server or should I do this on the client side (Outlook as in the actual
configuration)?

Sorry, I hope you'll get my problem...

And thanks for helping....I really need it

Hansjoerg

Javier
Tue Oct 14 21:08:38 CDT 2003

> What link?? ISA was configured with ICW default settings (all packet
filters
> enabled) and LAT is set to internal ip only. Nothing else changed.

Here's the link again->
http://www.smallbizserver.net/sbs2000/With_two_network_adapters_a_dynamic_IP_address_ISA_and_a_router.aspx

And what happened to the NIC binding order? Is the internal NIC first?

> - I don't want to change this alias-mail-account system of my ISP. There's
> only one question: where can I set this alias email-address in exchange
> server or should I do this on the client side (Outlook as in the actual
> configuration)?

Man... you really now how to complicate things!

I'm not going to try to figure out why on hell you are doing that or why the
logon (the "internal" exchange account name) can't be the actual "reply-to"
name.

In any case... when you run the ICW a "normal" reply address is issued
(using the username@domain.com style, where "username" is the AD username).
You can change this address by opening the "AD Users and Computers" and
going to the user info. There should be a tab there for "E-mail Address" and
just add the new "real" e-mail address there and set it to primary (and
delete the old one). Also, make sure the "automatically update" box is
unchecked (so the old address is not generated again).

Let me know how it goes :-)

--
-Javier

<< SBS ROCKS !!! >>

Les
Tue Oct 14 22:28:03 CDT 2003

Hi Hansjoerg,

For the browsing issue, in IE go to tools | internet options | Advanced tab.
Scroll down and select both HTTP 1.1 check boxes. OK your way out, close IE
and try again.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"Hansjoerg Watzl" <r_deckard@gmx.net> wrote in message
news:bmhpk7$2cdb$1@news.imp.ch...
> Hi Javier
>
> > Use ISA and the ICW.Did you check the binding order? Did you check the
> link
> > I gave you? Is everything in your setup like that?
> What link?? ISA was configured with ICW default settings (all packet
filters
> enabled) and LAT is set to internal ip only. Nothing else changed.
>
> The problem is really weird. First or second page load of a SITE is good
and
> then the loading freezes. Stopping and refreshing the page shows the page
> (but I guess only if there is no active content like ASP or Java??). So it
> seems the page was loaded in the background (proxy?) but not shown.
>
> > I'm not sure what you are talking about. In the ICW put the "domain.com"
> > (not .local as your AD domain should be)... and configure the pop3
> connector
> > to download mail to the correct user. The best approach is that your AD
> > username matches your "real" internet address. Instead of creating an
user
> > with the following username "user1"... put the actual email name like
> > "miller". Nothing says that the ISP's POP3 account name must match the
AD
> > (or even the Exchange) account name (i.e. you could put user1 to
download
> to
> > user2 mailbox). You could change the SMTP mail address... but why go all
> the
> > trouble?
> Hmm...okay, let's explain. The actual situation for my customer is the
> following:
>
> - A couple of W2K workstations connected to a NT4-Server (NT-Domain) with
> Internet access through an ADSL-router.
> - No internal mail server.
> - Theres an internet registered Domain at the ISP (for hosting and
email) ->
> company.com
> - The ISP has configured his mailserver with "anonymous" mail accounts ->
> user1@company.com, user2@company.com....
> - My customers workstations Outlook is configured to get the mails from
the
> ISP POP3. Mail account for authentification is still user1@company.com....
> - But for each mail account the ISP has configured at least one additional
> alias account: e.g. miller@company.com is assigned to the "real" account
> user1@company.com
> - Sometimes there are more than one alias assigned to an email account
(e.g.
> info@company.com + support@company.com).
> - In Outlook the real email account is only for authentification. Nobody
> else ever sees this account. The email ADDRESS is the alias account!
>
> Now with my new SBS configuration, I have a new situation:
> - Internal domain is company.local
> - Domain user names are anonymous too -> gduser00, gduser01...
> - Exchange and domain user names are always the same, correct?
> - Within the Exchange POP3 connector I can easily assign a
pop3-mail-account
> to an internal exchange account: e.g. gduser00 is mapped to
> user1@company.com
> - To this point, everything works fine....but when sending an email,
> exchange server will send it as gduser00@company.com and that's not
correct.
> If the receiver replys to this address, the ISP-Mailserver will bring an
> error (user not found).
> - I don't want to change this alias-mail-account system of my ISP. There's
> only one question: where can I set this alias email-address in exchange
> server or should I do this on the client side (Outlook as in the actual
> configuration)?
>
> Sorry, I hope you'll get my problem...
>
> And thanks for helping....I really need it
>
> Hansjoerg
>
>

Hansjoerg
Sun Oct 19 15:43:09 CDT 2003

Hi Javier

> Here's the link again->
>
http://www.smallbizserver.net/sbs2000/With_two_network_adapters_a_dynamic_IP
_address_ISA_and_a_router.aspx
>
> And what happened to the NIC binding order? Is the internal NIC first?

Yesterday I reinstalled SBS from scratch (Dell OEM server image). NIC
binding order is correct and configuration is very similar to the example
from your link (I'm using a static IP on my external NIC).

Unfortunately same problem: Loading websites in IE doesn't really work.
First 1 or 2 pages are fine (from proxy??), but then the loading of the next
page is veeeeery slow. Sometimes I can press stop and reload the page and
it's here!

I again tried to use my cablemodem instead of the ADSL connection. After
switching to the cablemodem and running ICW everything is fine! All pages
are loading fast. Switching back to ADSL and rerunning ICW I have the old
problem.

Maybe a MTU problem? I played around with testing the MTU value (ping -l
mtu_value ip_address -f -w 10000) and found the highest MTU value is 1464.
And after these tests, the system was running perfect....with ADSL
connection! I don't know why!

But after a reboot (tried to set this 1464 MTU-value with the DrTCP tool) I
got my old problem. And playing again with ping -l didn't do the
job......aaarrrgh. There's a big difference between cable and ADSL
connection. (the ADSL modem/router is working fine on another w2k
workstation computer).

Any ideas?

Hansjoerg

Hansjoerg
Sun Oct 19 15:43:57 CDT 2003

Hi Les

> For the browsing issue, in IE go to tools | internet options | Advanced
tab.
> Scroll down and select both HTTP 1.1 check boxes. OK your way out, close
IE
> and try again.

Tried it....but no success :-(

Hansjoerg

Les
Sun Oct 19 15:53:35 CDT 2003

Hi Hans,

OK, then let's go back to the router. Does it have an option to change the
MTU there? I have run into this problem, not all routers have that option.

--
Les Connor [SBS MVP]
-------------------------------------
SBS Rocks !



"Hansjoerg Watzl" <r_deckard@gmx.net> wrote in message
news:bmut2d$q5g$1@news.imp.ch...
> Hi Les
>
> > For the browsing issue, in IE go to tools | internet options | Advanced
> tab.
> > Scroll down and select both HTTP 1.1 check boxes. OK your way out, close
> IE
> > and try again.
>
> Tried it....but no success :-(
>
> Hansjoerg
>
>

Javier
Mon Oct 20 08:14:36 CDT 2003

Pardon my ignorance... but what is MTU?

--
-Javier

<< SBS ROCKS !!! >>

"Les Connor [SBS MVP]" <les.connor@cfiveDEL.ca> wrote in message
news:%235b5RMolDHA.1284@TK2MSFTNGP09.phx.gbl...
> Hi Hans,
>
> OK, then let's go back to the router. Does it have an option to change the
> MTU there? I have run into this problem, not all routers have that option.
>
> --
> Les Connor [SBS MVP]
> -------------------------------------
> SBS Rocks !
>
>
>
> "Hansjoerg Watzl" <r_deckard@gmx.net> wrote in message
> news:bmut2d$q5g$1@news.imp.ch...
> > Hi Les
> >
> > > For the browsing issue, in IE go to tools | internet options |
Advanced
> > tab.
> > > Scroll down and select both HTTP 1.1 check boxes. OK your way out,
close
> > IE
> > > and try again.
> >
> > Tried it....but no success :-(
> >
> > Hansjoerg
> >
> >
>
>

Hansjoerg
Tue Oct 21 15:51:41 CDT 2003

After several days without a clue what to do next, I tried a newer Zyxel
ADSL router (650R instead of 642R)....and you guess what? Everything works
fine...okay, not everything :-) but at least the internet connection!

Bye
Hansjoerg