Announcement

Collapse
No announcement yet.

Help! How to properly configure a win2k3 server (web, app, sql)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help! How to properly configure a win2k3 server (web, app, sql)

    I'm in need of some help from you pros, this is really fraustrating as we aint getting no help from the software company after we've been told to purchase all these hardware(server, router, T1, switches..etc etc)

    we are setting up a new server on our network to host our website, database(SQL) and it's also the application server.

    we just got T1 line installed, it came with a Cisco 1721 router, DHCP is not setup on this router.

    Should I setup the cisco router to run DHCP instead on the server? and put the server in the DMZ zone for incoming traffic?

    So here is a list of our equipment

    1 x Dell 2950 server has 2 x Gigabit NICs.
    1 x Cisco 1721 Router
    1 x Dell switch
    a few work stations
    a few VOIP adapters
    a few network printers
    T1 Line

    Server has AD deployed and DCpromo'd, DNS is setup correctly.

    Now my question is, can someone suggest how they should be connected?


    A* T1 -> Router->Switch->Server NIC_0,workstations,printers...etc , disable NIC_1

    B* T1 -> Router -> Server NIC_0 , Server NIC_1 -> Switch -> workstations, printers..etc

    C* T1 -> Router -> Switch -> Both NICs on server, workstations, printers..etc


    the server will see a lot of incoming traffic because it's running as a web server too, so we do not want the internal workstations take up too much resources, but we do use a lot of bandwidth intensive work.

    A seems like a bad idea , eh?

    if we go with B, obviously all the outbound traffic must past through the server and will take up some bandwidth on NIC_0, this will reduce the available resources on this NIC and slow down the incoming web requests, am i correct?

    if we go with C, i can assign two different IPs on both NIC, and the workstations are connected directly to the router, so it won't consume all the resources on the server.

    my current connection is setup as B, but i can not gain access to the 2nd NIC, it's not getting any IP at all.

    I have deployed DHCP and defined a scope to distribute 192.0.1.1 <> 254, subnet 255.255.255.0 and router option is set to the Cisco router, DNS query is set to server itself. (DNS service enabled and configured)


    but it's not leasing out any IPs and nothing is responding. I posted another thread about my DHCP problem hopefully someone can take a look...


    Shoud I also use NAT / RAS ?



    this is my first time doing a network setup so excuse me for any errors... please help me out.

  • #2
    Re: Help! How to properly configure a win2k3 server (web, app, sql)

    Originally posted by mike2016 View Post
    we just got T1 line installed, it came with a Cisco 1721 router, DHCP is not setup on this router.

    Should I setup the cisco router to run DHCP instead on the server? and put the server in the DMZ zone for incoming traffic?
    imo, in no way shape or form should your DC be in the DMZ. not even a little bit.

    being that the client load is minimal, there should be no impact on having DHCP running on your DC. i would say if you have a heavy load, then by all means use an appliance to serve up the DHCP, but in this case, no...



    Originally posted by mike2016 View Post

    Now my question is, can someone suggest how they should be connected?

    here is a suggestion. you may want to get a consensus with your team or a professional. i am only providing this as a sample, similar to how my network is setup, just scaled down 600%

    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Help! How to properly configure a win2k3 server (web, app, sql)

      Thanks for replying in details!!


      I have another problem, the Cisco Router is not configurable because our ISP has locked it in. but they should have no problem adding NAT to it.

      but how do i go about making the server to listen on all HTTP requests? since the router is not configurable by myself.

      I just ordered a Cisco PIX 506 firewall, how would you run this ?

      Should I create a "team" on both NICs and do NLB? since both NIC will be internal IPs.

      our network is pretty much just flat, everything is on the same subnet. we have about 10 work stations and 10 other misc devices, i guess subnet isn't really necessary for our size of network?

      Comment


      • #4
        Re: Help! How to properly configure a win2k3 server (web, app, sql)

        if your ISP is renting you the equipment, they should have no problems adding a VIP to the router and/or some conditional port forwarding rules for you. you will have to set aside an IP on the internal network, and once is it reserved/excluded and staticly set, ask the ISP to forward all port 80 traffic to 192.168.xx.yy, or 443 depending on the web service your offering.

        and i dont know if everyone calls it a VIP. i have only worked with a fortinet firewall as far as command line langs, and that is what they call a Virtual I P... like 65.97.185.10=192.168.5.100 just wanted to clarify.

        the server shouldnt need any more configuration than that if your only running one site... it will process all requests from any internal address on 80 without a problem (it should anyways...)

        now, the questions about the PIX/ASA i cant help you on. i have zero knowledge about cat os or cisco os or anything categorized as network equipment. i understand what to employ and how they function on a theoretical/conceptual level, but i cannot offer advice on the configs or subnetting of a network. i think it would be best to start another thread in the cisco forum, as that information will be beyond the scope of what i can help you with...

        Should I create a "team" on both NICs and do NLB? since both NIC will be internal IPs.
        i guess you can do what ever you want, but i was implying you have one as the external connection on which you could install an IPSec policy on for security (to avoid that thought of a DC in the DMZ !), and the other as the internal without an IPSec for your internal clients. if your network is gig right now (which i dont know) then you wont need a teamed adapter pair or a NLB NIC cluster or whatever...

        i would also check and see what other services your ISP is offering you with the package you have. make sure to utilize any DNS stuff they have and find out the extent of the service they will provide for your rented router... this will help you determine the best way to employ your PIX/ASA...

        i guess subnet isn't really necessary for our size of network?
        i dont know.. i guess it depends on how much free time your network guy has and how skilled he is at managing them.
        we have a subnet for everything... public PCs, printers, servers, vmotion, servers, network management, DR site, etc. etc... i can see that with the amount of equipment we have (i work for the city, and we have 5 satellite locations and the courthouse, so we have quite a bit of shtuff) the subnetting cut down on the ARP traffic a great bit. with all the subnets in place the ARP went from a 20% utl to 2% at peak... much better.

        with yours, you may be correct, but like i said, im not the network guy. sorry.
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: Help! How to properly configure a win2k3 server (web, app, sql)

          I had a bunch of clients with T1's and always the T1 router is open on all ports. I am pretty sure there is no NAT or firewall at all on that model router and that it is your responsibility (ie. your PIX).

          I agree with james, I would not put your DC in a DMZ, create a pinhole (NAT on the PIX) to the server.
          The Pix wan will have the Public IP that was assigned to you, hard coded in its config; (ask the Cisco guys how, I have no clue)
          Skip NLB its only a T1 and one server.

          Public will go on one nic on the server, Internal on the other. Make sure they are different subnets. Internal clients may have an issue getting to the public website, using the public URL.

          Keep in mind if you get a huge surge in traffic, your DC may go down too, not likely though since you are limited by the T1....

          You may choose to route internal to web traffic through or outside your server, but I do not think there is any big difference.

          BTW, What kind of application are you running?
          "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

          Comment


          • #6
            Re: Help! How to properly configure a win2k3 server (web, app, sql)

            We are running mainly IIS, SQL on this server. internal clients need to access the SQL on the server.

            So I should leave the router as is and setup NAT on the PIX and forward traffic to server?

            If we were to setup 1 NIC to public WAN, the other NIC to internal LAN, how should this be done? should I use network bridge or RRAS?

            How should I route the internal client workstations to access the internet?

            should both NICs connected to the same switch ?

            Comment


            • #7
              Re: Help! How to properly configure a win2k3 server (web, app, sql)

              Originally posted by mike2016 View Post
              We are running mainly IIS, SQL on this server. internal clients need to access the SQL on the server.

              So I should leave the router as is and setup NAT on the PIX and forward traffic to server?
              Yes exactly
              If we were to setup 1 NIC to public WAN, the other NIC to internal LAN, how should this be done? should I use network bridge or RRAS?
              Just plug it in, thats it
              How should I route the internal client workstations to access the internet?
              I would send them around, gives you a little more freedom if you needed to reboot the server
              should both NICs connected to the same switch ?
              In your case if you want them to go around it would have to be the same switch. However if you did use two switches then everyone would have to route through the server.

              If you have some money to spare and can still change the hardware, I would have got two servers one SBS and the other Web edition, but that is your call.
              "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

              Comment


              • #8
                Re: Help! How to properly configure a win2k3 server (web, app, sql)

                sorry about the double, triple post earlier.... i was so impatient to get the damn thing to work...

                it seems like I still have a problem, though. when I join local workstations to the domain, it's ridiculously slow.

                after the workstation reboot, and logon, it stops at the logon screen.

                is seems like it's a common problem, did i do something wrong?

                Comment


                • #9
                  Re: Help! How to properly configure a win2k3 server (web, app, sql)

                  so to recap the last post, you can join the domain (you get the "welcome to whatever.com" message) successfully, but after reboot you cant logon?

                  do you see the "creating domain list" popup?

                  do you see the domain listed in the logon box?

                  what is the status of the domains policy? have there been any changes to the GPO effecting the windows firewall? have there been any changes to the default domain policy?

                  can you post a "dcdiag /s: <netBIOS_name_here> /v"

                  this will give you detailed info on your DC and AD...

                  and whats the chance of me getting some karma for that pretty drawing?
                  Last edited by James Haynes; 10th October 2007, 18:40.
                  its easier to beg forgiveness than ask permission.
                  Give karma where karma is due...

                  Comment


                  • #10
                    Re: Help! How to properly configure a win2k3 server (web, app, sql)

                    James,
                    I appreciate your quick help! I would've bought you dinner if you were in LA!

                    On the workstations,

                    I joined domain and it poped up the Welcome to xxx domain message. It took a while to respond though.

                    after reboot, when I click on the domain drop-down, "creating domain list" poped up, it took at least 30 secs to create.

                    domain is listed in the drop down.

                    i have not change any domain policy or gpo... windows firewall has been turned off for now. no changes was made to any policy.

                    Dcdiag result

                    dcdiag /s: optionimports.com /v
                    Performing Initial setup:
                    * Connecting to directory service on server optionimports.com
                    [optionimports.com] LDAP search failed with error 58,
                    The specified server cannot perform the requested operation..
                    ***Error: The machine, optionimports.com could not be contacted, because of a bad net response. Check to make sure that this machine is a Domain Controller.


                    it seems like there's a problem in the DNS settings ?

                    but on my workstations, ipconfig-all showed DHCP, DNS, gateway all pointed to server internal IP 192.1681.1

                    I do see a problem in the domain name, because our domain optionimports.com is currently pointed to Yahoo server, the DNS resolves the IP to yahoo still. will this cause a confusion within the server ?

                    Comment


                    • #11
                      Re: Help! How to properly configure a win2k3 server (web, app, sql)

                      hahah.. no worries. i was just razzin y anayways...

                      in the dcdiag, you want the name of the computer, like in my domain:

                      c:> dcdiag /s: alpha /v <--------- you want to specify the machine name, not the domain...

                      it should give you about 2 pages worth of crap... and you can see where the results for each test are displayed... there is either a pass or fail, and the reason why.

                      i am assuming that optionimports.com is the AD domain name. what is the DCs name? put it in the *'s in the "/s: ****."

                      well, at least its creating the domain list an stuff. so at least it got that far...

                      is this happening on every computer that you join to the domain?

                      if so, then mayb ethe addition of a host file pointing to the DC, so we can rule out DNS...

                      hmmmmm. ill get back to ya... i have a heated game of FEAR going on right now... im trying to kill paxton fettel, and its not working...
                      its easier to beg forgiveness than ask permission.
                      Give karma where karma is due...

                      Comment


                      • #12
                        Re: Help! How to properly configure a win2k3 server (web, app, sql)

                        Ahh... i got it now.

                        I ran the dcdiag again and it poped up pages of crap, i uploaded to the web cuz it's way too much... http://mike.optionimports.com/dcdiag_test.txt

                        The AD name is Optionimports.com and the DC is EverestApp1

                        so the full computer name is EverestApp1.OptionImports.com

                        this happens on every computer, well i tried 2 workstations so far, which have freshly installed WinXP SP2.


                        i'm not sure if it has anything to do with our real domain OptionImports.com not being pointed to our server in the real world? because it's pointed to Yahoo at this time. when the local machines join the domain, it could've been requesting from the real OptionImports.com ?

                        thansk alot for your help, seriously. i can't get any help locally.... alright i'll let ya get back to your game.....

                        Comment


                        • #13
                          Re: Help! How to properly configure a win2k3 server (web, app, sql)

                          Originally posted by mike2016 View Post
                          i'm not sure if it has anything to do with our real domain OptionImports.com not being pointed to our server in the real world? because it's pointed to Yahoo at this time.
                          ahhh... ok. your right, and this may have something to do with it.

                          what does an 'nslookup' say about your DC?

                          for example...

                          we have a website that the public uses. in addition, the employees use it also. the site name is "www.duvalclerk.com" From the outside, "www.duvalclerk.com" is resolved as 65.97.183.171. Inside, it resolves as 192.168.10.150...

                          so can you verify the separation of the internal and external? what does an nslookup say about:
                          c:\> nslookup EverestApp1.OptionImports.com

                          you should get the internal IP back. if you go to a site like dnsstuff.com and run the same test, you should get the external... or you can set the server in nslookup to 4.2.2.2 for that session (after starting an nslooup session, type "server 4.2.2.2" and your using vnsc-bak.sys.gtei.net as your DNS server for the lookups)

                          if not, then you will need to create some records and ptr for the inside. this is why i suggested making a host file and trying to logon to the domain after adding it...

                          are you familiar with host files? check this out for an update...
                          http://en.wikipedia.org/wiki/Hosts_file
                          http://vlaurie.com/computers2/Articles/hosts.htm

                          one point to remember when using the host file:
                          Windows XP SP2 is said to ignore the hosts file entirely if the DNS Client service is running.
                          good luck man,
                          James
                          its easier to beg forgiveness than ask permission.
                          Give karma where karma is due...

                          Comment


                          • #14
                            Re: Help! How to properly configure a win2k3 server (web, app, sql)

                            i'm installing a Cisco PIX behind the router today and i'm going to run NAT on the PIX instead. so this way i can put the server in the same private subnet as the workstations, hopefully this will resolve it....

                            ok now i have a weird problem. I somehow managed to make the workstations join the domain, like it joined really fast and quick, without any lag. it seems the workstations are now using the server as DNS now. but the DNS server itself can not resolve our own domain, it just can not find the domain.. weird.

                            BUT, workstations and server can not visit the optionimports.com website no more, i think there's a problem in the DNS setting still. other website works fine, but anything relates to our domain name is not working.


                            *** Nslookup
                            Default Server: 2-155-31-216.static.tierzero.net << this is our ISP
                            Address: 216.31.155.2 << our static IP

                            ***nslookup everestapp1.optionimports.com
                            Server: 2-155-31-216.static.tierzero.net
                            Address: 216.31.155.2

                            *** 2-155-31-216.static.tierzero.net can't find everestapp1.optionimports.com: Query refused


                            so i guess using the host file is the only solution for now? damn it I need to go take a class to learn this stuff, what kind of program should I take to learn all these??

                            Comment


                            • #15
                              Re: Help! How to properly configure a win2k3 server (web, app, sql)

                              please post an IPconfig /all from the DC.
                              Marcel
                              Technical Consultant
                              Netherlands
                              http://www.phetios.com
                              http://blog.nessus.nl

                              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                              "No matter how secure, there is always the human factor."

                              "Enjoy life today, tomorrow may never come."
                              "If you're going through hell, keep going. ~Winston Churchill"

                              Comment

                              Working...
                              X