Server 2012 essentials with dual NIC?

[ubersonic]

Hi all, our current network setup is this:

However looking at all the info for Server 2012 essentials it seems to like just having one NIC and plugging straight into the switch with the client PC's. Is it possible to do it the old way? I would much prefer to do it that way for ease/simplicity if possible.

Thanks

For reference in the diagram the external NIC and router use static public IP's (as do other servers connected to the router) and the internal NIC and clients use private IP's.

 

[nightmare99]

This configuration was not supported in the later versions of SBS and in 2012 Essentials/R2.

Ideally you will need to revert it to the a single nic configuration before you migrate.

 

[ubersonic]

When you say not supported do you mean it doesn't work or that it's not MS's recommended solution? Don't really want to shell out for full blown Server 2012 if I can avoid it.

Thanks.

 

[nightmare99]

I think you just need to enable NAT on your router and revert to a single NIC config then migrate to 2012 Essentials on a new server.

It should be a matter of running the internet connection wizard in SBS 2003 to change the config I believe. Are you using ISA at all?

 

[Caged]

SBS 2003 used to come with ISA Server for some absolutely insane unknown reason considering the market it was aiming for.

If you were previously using SBS 2003 to scan incoming/outgoing internet traffic and just had your router bridged into it then you'll want some sort of UTM box in place to take over those duties.

 

[ubersonic]

I think you just need to enable NAT on your router and revert to a single NIC config then migrate to 2012 Essentials on a new server.

The issue there is the are another two servers (DNS and WWW) connected to the router on public IP's.

 

[Ploppy2k3]

in a nutshell you cant do it.

1. the 2nd NIC will be a domain network not a public one and you cant change it.
2. No ISA server so no NAT between NIC 2 and NIC 1
3. The migration will almost certainly fail.

SBS/Essentials has restrictions and you cant and shouldn't try to get around them. The current M$ methodology it NAT at the router so that's the way they make you do it.

We all know to our cost what happens to SBS when you do something outside the wizards dont we.....

 

[ubersonic]

I don't want to sound dumb here, but how is an SBS2003 to essentials 2012 migration even possible (I know it is as people have done it) if essentials can't use the same topology as 2003? how can they physically coexist?

If I enable NAT on the router to make essentials work then that will screw up the 2003 servers connected to it.

 

[nightmare99]

SBS 2003 could be setup in either single nic or dual nic configuration, to migrate you will have to revert it to the single nic configuration. You will need to change the configuration on the other servers.

Check this link here for more info http://technet.microsoft.com/en-us/library/gg563799.aspx#BKMK_VerifyTheNetworkConfigurationToPrepareForMigration

 

[ubersonic]

Thanks dude, so let me see if I understand this right, the servers and clients all connect to the router (via switches and whatnot) and the router controls DHCP, the servers like the clients are set to receive DHCP addresses instead of static and the router is set to assign them public addresses (identifying them by their MAC) and the clients private addresses. Running NAT for the clients but not for the servers.

Have I got that right (sorry I have never set a network up like this before).

 

[Boycie]

Just out of curiosity what software did you use to draw that diagram?

 

[ubersonic]

Microsoft made the diagram, it's the SBS 2000/2003 topology.

 

[Ploppy2k3]

Thanks dude, so let me see if I understand this right, the servers and clients all connect to the router (via switches and whatnot) and the router controls DHCP, the servers like the clients are set to receive DHCP addresses instead of static and the router is set to assign them public addresses (identifying them by their MAC) and the clients private addresses. Running NAT for the clients but not for the servers.

Have I got that right (sorry I have never set a network up like this before).

In a Microsoft World (god forbid) the 2012 server would run DHCP but it really doesnt matter that much. all machines inside the network would run a private IP and for server that are running public accessible services the router would be configure to use port forwarding or static NAT.

Ideally all machines running inside the perimeter should be on a private non routable address.

 

[jameshurrell]

Thanks dude, so let me see if I understand this right, the servers and clients all connect to the router (via switches and whatnot) and the router controls DHCP, the servers like the clients are set to receive DHCP addresses instead of static and the router is set to assign them public addresses (identifying them by their MAC) and the clients private addresses. Running NAT for the clients but not for the servers.

Have I got that right (sorry I have never set a network up like this before).

If you are going to revert to single NIC and get rid of ISA before you migrate, then I would recommend you let SBS run DHCP (by default it's set to do this) and DNS. It will hand out private IP addresses to the clients/servers on the internal network with the DNS pointing to SBS. SBS and client machines always seems a lot happier if you do this. And if you do, disable DHCP on the router.

This link from an SBS MVP describes what you need to do to remove ISA: http://msmvps.com/blogs/kwsupport/archive/2008/09/07/uninstalling-isa-2004.aspx

Also, depending how many client machines you have, you might consider building 2012 Essentials (if that is what you are moving to) from scratch - you'll not have to deal with the pain of a migration and you get a nice clean start, but you will have to touch all client machines on the network to remove from the old domain and join them to the new.

Lastly, if you use Exchnage on SBS 2003, you need to plan what to do with mail services. There is no Exchange built into Essentials 2012, so you'll likely want to outsource mail (MS Exchange online works well).

 

[ubersonic]

Thanks for the help guys, can somebody help clarify to me how I go about setting up the following using the modern topology:

I want the Essentials 2012 box (Main network server) and a Server 2008 R2 Standard box (DNS name server for the domain) box connected using static IP's so they can be seen properly from the outside world. One of my routers (a BT Business Hub 3 made by 2wire) manuals says it can do this by assigning those machines DHCP addresses from my public IP pool, and the rest of the clients private IP's.

My issues though are, in order to make local DNS work properly for the clients/essentials the DHCP on the router will need to specify the essentials box as the primary server no? but then the external DNS server will get that DHCP setting too, and bah.

One idea I had was to keep the current setup of router routing public IP's, but instead of it going through the SBS2003 machine to the local network put another router in that place with the connection to the first router was WAN, that way it will appear to the stuff connected to router 2 that they are alone on a normal one router network (don't know if any of this makes sense

 

[Ploppy2k3]

the correct way to do this is to have your 2 public IP;s listed on the WAN interface of the router and then port forwarded to the internet IP addresses of your servers.

so External IP 1.2.3.4 gets forwarded or static NAT to 192.168.0.10 for example
and external IP 1.2.3.5 gets forwarded or static NAT to 192.168.0.11

Your 2012 Essentials is gong to be a DC so will be running DNS anyway.

I'm not clear on what you mean by

My issues though are, in order to make local DNS work properly for the clients/essentials the DHCP on the router will need to specify the essentials box as the primary server no? but then the external DNS server will get that DHCP setting too

In an ideal world you would disable DHCP on the router and install the role on your 2012 box. once you router is configured to do NAT you will then use it as the default gateway for all devices. DNS on the 2012 and 2008 box gets configured with forwarders to your ISP DNS server. you then specify your 2012 & 2008 as the DNS servers in you r DHCP options alongside the default gateway of the router and you should be up an running.

this is sometimes hard to get your head around especially as I don't know you IP ranges etc so it wont match up exactly with your topology.

but the basics are

Static IP's for servers
Router in NAT mode.
External IP's listed on the WAN interface of the router.
Static NAT or Port forwarding from the External IP's to then internal IP's of the servers
DHCP disabled on the router and installed on 2012
DHCP configured with DNS (IP of 2012 & 2008)
DHCP configured with Default Gateway of Routers LAN address

I hope this helps

 

[ubersonic]

Hi, thanks that's very informative, what I meant by the bit you quoted was that one of the machines is a DNS nameserver for a web domain. I was unsure how that getting DHCP (and DNS settings from DHCP) would interact with that.

 

[Ploppy2k3]

Hi, thanks that's very informative, what I meant by the bit you quoted was that one of the machines is a DNS nameserver for a web domain. I was unsure how that getting DHCP (and DNS settings from DHCP) would interact with that.

one of them is an NS server? just one? no redundancy? please say that not the case.

DNS can be setup with different zones so you can set it up how you want.

the current M$ methodology is split-brain DNS where by you have you local domain name the same as you internet domain so both being XYZ.com for example. you then have XYZ.com on you internal DNS server and XYZ.COM on your external DNS servers as well. this is definitely the way to go if you can.