Windows Server 2003, clients w/ 2 NIC's cant get internet now ...

[tknodav1]

Okay, we have a Windows 2003 SBS at our office, which is NOT connected to the internet. 2 of our workstation PC's have a 2nd network card that plugs into our router so they can have internet access. These worked fine before when we had an NT 4.0 server, but since we got our new server, something (maybe policy restrictions or something) from logging into the domain restricts these PC's from using the 2nd connection to get on the internet. If I log in locally or manually change the IP/sub/gate of the PRIMARY (domain) connection, it works fine. It's like for some reason these workstations won't look past the DC for a connection if they are logged in.... Any ideas?? I know 2k3 server is in 'lock down' mode out of the box, so I probably just have to enable something.

Thanks in advance!
Dave

 

[kstornado]

Figure out if you can't resolve internet addresses or if you can't ping them. If it's a matter of being able to resolve domain names, it's probably because the clients are looking to the DC for name resolution as they should be in an AD domain.

 

[tknodav1]

No I can't even ping yahoo. How can I tell those 2 workstation PC's to look at their second NIC for internet access. Also, I have a 3rd workstation that also accesses the internet, and I haven't run the 'workstation configuration' that 2k3 server pushes out to each (to set up outlook, faxing, ...) That workstation CAN access the internet, so I think that setup routine locks something out ...
Thanks again!

Dave

 

[tknodav1]

Bump for an answer before monday ...

though of manually changing the DNS on the workstations so DNS1 is the server address and DNS2 is one of the ISP's addresses ... input?

Thanks in advance,
Dave

 

[n0cmonkey]

Make sure the default route (gateway? whatever it's called in Windows) is set to the internal IP address of the router. The DNS servers should be set to whatever the ISP wants you to use.

EDIT:

If the internal IP (domain side) is 10.0.0.0/8 and the external IP (internet side) is 192.168.0.0/16 the default route should be something like 192.168.0.1. If it is using 10.0.0.1 or something, you won't be able to reach the internet.

 

[Kadarin]

Capture the output of "ipconfig /all" and post, if you can.. Let's take a look.

Another thing you can do is fire up Ethereal and take a sniffer trace from the workstation while attempting to access the internet. Take a look at what's actually going out over the wire(s).

 

[Kadarin]

Capture the output of "ipconfig /all" and post, if you can.. Let's take a look.

Another thing you can do is fire up Ethereal and take a sniffer trace from the workstation while attempting to access the internet. Take a look at what's actually going out over the wire(s).

 

[tknodav1]

Well I dont have access to the workstation right now, but I can tell you an IPCONFIG that will be accurate enough to get an idea at least .. And remember, the server is NOT connected to the internet. If it was this wouldn't even be an issue, but the client requires it this way.

NIC1 (internal):
IP : 101.1.1.xxx
Sub: 255.255.255.0
Gateway : 10.1.1.1 (server)
DHCP : 10.1.1.1 (server)
DNS : 10.1.1.1 (server)

NIC2 (internet):
IP: 192.168.0.xxx
Sub: 255.255.255.0
Gateway : 192.168.0.1
DHCP : 192.168.0.1
DNS : <insert 2 ISP DNS servers here>


It's just like its ignoring the 2nd connection. Thanks for the help guys!

 

[n0cmonkey]

Can you remove the gateway for NIC1? I think, for most things, there should be only 1 gateway. But the routing processes/services/whatever on Windows should pickup that they will contact 10.0.0.0/8 through NIC1... I haven't tried it in Windows though.

 

[tknodav1]

posting my solution here ...

what I did was used an IP out of the DHCP range of the server ... in this case 10.1.1.8 and 10.1.1.9 for the two workstations. I put in the router IP for the gateway, and for DNS1 put the server (10.1.1.1) and for DNS2 put one of the ISP's DNS servers.

Works like a charm!

If anyone sees a problem with this let me know here!