8

I am setting up a business server for a small office use with 5 users / 5 devices or so. Nothing elaborate here.

I've set up a SINGLE Lenovo TS440 server (single NIC) with Windows Server 2012 R2 Essentials. Step by step via install and wizards. No secondary domain controller. I will look into other secondary solutions when I can. I do not want to purchase another server, but I do understand the importance of it.

I set up a domain administrator account which I use for all the workstations and the server during this setup process. Users will not have admin privs, and no local accounts will be on the workstations so they cannot get into workstation without server authentication.

We have a Comcast Business router (CISCO DC3939B with wifi) with a dynamic external IP that hardly ever changes. We also have a TrendNet switch, TEG S80g.

The coax cable internet comes in to the router then router to switch.

The server and about 3 workstations and 2 devices feed in to the switch, and there are a couple wireless devices.

My problem is that after testing the system by removing power to the router and turning off the internet, the workstations can no longer authenticate correctly. Everything works fine with internet available, but I need to make sure that the workstations can still communicate with each other and the server when the internet goes down. I guess I need this WSE 2012 R2 server network to work as if there wasn't internet access to begin with.

Does this maybe have something to do with the router doing DHCP? I am not sure if DHCP can be disabled in the router.

The errors I get when the workstations try to connect to other workstations is that they require the username and pw again, and sometimes they fail to connect. The server isn't down, just the internet. At first I was getting a prompt to turn on Network Discovery, which I did (not public, but private), but we still have this AD problem.

If I left any important details out, please let me know and I can round those up.

timd1971
  • 287
  • 1
  • 5
  • 15
  • 2
    What DNS configuration do the clients have? And what device gives out DHCP leases for the network? – Shane Madden Jun 30 '15 at 18:02
  • 1
    The DCHP is handled by the router. – Basil Jun 30 '15 at 18:19
  • I "guess" as I am not sure, but seems to be the router is handing out ip's. Since Essentials set it all up automatically, I am not sure what is going on here. Where would I find the DNS config? Ethernet Status, Network Connection Details? I also find out later that Essentials set up the server as a .local which apparently isn't good and cannot be changed easily without jumping through a million hoops...jeez.... I needed it to be .com ... so that will be another thread. – timd1971 Jun 30 '15 at 18:21
  • 1
    You are not simulating an Internet access outage by turning off the router. You are simulating a router failure. Just unplug the coax cable. – Aaron Copley Jul 02 '15 at 18:27
  • good point!!!!! – timd1971 Jul 02 '15 at 18:38

4 Answers4

20

You should have your Small Business Server (Server Essentials) doing DHCP and DNS. SBS will automatically disable its DHCP service when it detects another DHCP server on the LAN. (You can verify this by checking the event logs, there will be DHCP errors, and the service will likely be stopped)

Since your router is likely handing out the ISPs DNS, your computers cannot authenticate when you power it down.

Connect to your Comcast router and turn off DHCP broadcast, and start your DHCP service on your SBS server. If you used the wizards to configure, the issue you are seeing will likely resolve itself.

Edit: If you are unsure who the DHCP server is, do an ipconfig /all on one of the clients to get the DHCP server IP address.

DanBig
  • 11,423
  • 1
  • 29
  • 53
  • That explains a lot of the problem. Thank you DanBig for the easy to understand advice. I will try that today when I get some time. Thank you all for your help so far. Hopefully this gets me one more step ahead and onto the next problems that will surely come about. I do have a IT guy I can go to, but I want to learn as much as I can since I have been into computers since the 80's. So I have a good grasp on computer tech, but servers are obviously a whole different animal. If it's obviously too overwhelming, even being ESSENTIALS, I look to him. ; ) – timd1971 Jun 30 '15 at 18:35
  • I found the Enable/Disable LAN DHCP in the router for IPv4. (it was checked enabled using ip like 10.1.10.1) I see the server is also using IPv6, should I also disable that int he router I would assume? It isn't as straight forward, but currently Stateless (Auto Config and Stateful (Use Dhcp Server) is checked (enabled). I guess leave that as is? (Use Dhcp Server basically) Do I also need to Assign DNS Manually for both? Currently unchecked and empty. Thank you! – timd1971 Jul 01 '15 at 05:11
  • 1
    You don't want anything at all doing any DHCP for ipV4 or IPv6 except your Essentials server. – DanBig Jul 01 '15 at 17:26
  • How do you set DHCPv6 on the server? i.e. what IPv6 address do you use? Appears to be (3) different kinds? How do you know what it is or which to use? I know I need to add the DHCP Role, and can set a IPv4 static ip, gateway, DNS's etc. Then set a scope in DHCP...easy enough...but what about DHCPv6 static and scopes? Quite mysterious to me and not much information that is easy to understand about it. – timd1971 Jul 20 '15 at 23:30
6

The DNS is the most important service in every AD setup. It is responsible for locating AD related services as LDAP, KDC etc. So every domain joined computer should have DNS client settings configured to point to a DC. The DNS server on the DC should have Forwarders to point to your ISP. This way if a DNS query gets unresolved, the DC will forward the query to it's forwarders. Here is a schematic of simple DNS query flow:

Computer -> DC (Forwarders) -> ISP

So your DHCP (DC or the router, but not both) should offer leases with DNS pointing to your DC only. Then add Forwarders in your DNS server. This way, when the Internet connection is down, all DNS queries, related to AD will be resolved and you will be able to authenticate and use Active Directory services as a whole.

Also, in a 1 DC setup, the DC should point to itself (127.0.0.1* or its IP) in the DNS settings of its network adapter.

  • 127.0.0.1 will work only if the DNS server is configured to listen to all available network adapters
iPath
  • 622
  • 4
  • 11
4

If the server is connected to a port on the router and you turn off the router, how would you expect the workstations to communicate with the server? You should connect the server to the same switch as the workstations.

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
  • In his question, he specified that the server and 3 workstations are connected to that switch. – Basil Jun 30 '15 at 18:20
  • That wasn't clear to me. The OP seems to be implying that but in one of his comments he mentions having the server connected to the router. – joeqwerty Jun 30 '15 at 18:23
  • yes, I realized that after the fact. So yes, what you just mentioned was before I moved the server to the switch FROM the router. Yes, I added the difference to one of the comments as forgot to add that VERY IMPORTANT information as I realized that was the incorrect way to do it. So it is Comcast router first, switch, then server and workstations connected to switch. Again, I am not a PRO at all, so looking for some help here, which I am finding is awesome here. – timd1971 Jun 30 '15 at 18:27
3

No. The problem is most probably with DNS. Since it is a AD setup, you also need, and probably have set up DNS on the server. Make sure the stations use this DNS as the primary. Other, more elaborate configurations are also possible.

Konrad Gajewski
  • 1,518
  • 3
  • 15
  • 29
  • DId it solve your problem? – Konrad Gajewski Jun 30 '15 at 18:08
  • Sorry. Hit ENTER for next line, but it took the comment. BEing ESSENTIALS, it seems to be easy and so everything simply and automatically. I guess the MAIN thing I forgot to enter here was at FIRST, I had the SERVER plugged in 1 of the 4 ports of the router then the switch in another router port and the workstations plugged into the switch and the 2 last router ports). I don't know if this messed up all the easy initial settings WSE did at first? – timd1971 Jun 30 '15 at 18:11