From: PaulS on
Hi all,

I have 2 clients that have SBS 2003 setup the same way. Servers both have
RRAS using DHCP scope to assign VPN client addresses and DHCP to assign LAN
addresses. Only problem is that one is not assigning LAN addresses, only RRAS
clients.

I also note that the one with a problem doesn't have the option displayed to
allow choice of interface in RRAS server properties, while the other one is
set to use the internal NIC.

Any ideas where to start looking for why the server won't allocate LAN
clients DHCP addresses? It did for a while, then suddenly stopped. No errors
in the event log for DHCP.

Regards,
PaulS
From: Miles Li [MSFT] on
Hello,

Thank you for your post.

Please allow me to confirm that my understandings are correct. As I
understand it, the issue is:

You have one SBS 2003 server that does not lease IP addresses for LAN
workstations. However, it still lease IP addresses for RAS(VPN) client
properly.

If I have misunderstood your concerns please feel free to let me know.

=========================
For better understand of the issue, please answer my questions:

1. As the LAN workstations fail to obtain the IP addresses from the DHCP
server, what IP address they finally get? APIPA (169.254.X.X) or IP
addresses from other Network segments?
2. What is the connection type of the SBS server that encounter this issue?
2 NICs scenario?
3. Is the option to allow choice of interface in RRAS server
properties--->IP tab totally missing? Or it is just grey out.


- From the description, the RAS (VPN) clients can get the IP addresses
leased properly. It indicates that the DHCP server functions well. In SBS
server, we use the BindToDHCPServer registry value to control whether DHCP
service is bound to a network adapter. If the value is 0, the bounding is
disabled. If DHCP service is configured to not bound to the internal
network adapter, internal clients will not receive any DHCP IP address.
Let us perform the following steps to ensure that DHCP service to internal
network adapter bounding is enabled.

a) On the SBS server, run regedit to open the Registry Editor.
b) Expand
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\.
c) Indentify the Internal NIC's GUID through its IP address.
d) Check whehter BindToDHCPServer = 0 exists. If yes, delete it.

- I'd like to know whether ISA 2004 server is installed on the SBS server
2003. When the Internal Network defined in ISA 2004 does not include the
broadcast address for the subnet, the clients will not be able to
broadcast DHCP queries. Please follow the steps below to check the
broadcast address.

a) Open the ISA 2004 MMC.
b) Expand the <servername>, expand Configuration, and click on Networks.
c) On the right, select the Networks tab.
d) Double-click the network named Internal.
e) Click the Addresses tab.
f) Select the address range and click Edit.
g) Modify the Ending Address to include the broadcast address for the
internal subnet. This number will end in 255.

For instance: If the internal subnet is 10.1.2.0 with a subnet mask of
255.255.255.0, then the ending address would be 10.1.2.255.
h) Click OK two times and click Apply in the ISA 2004 MMC to apply the
changes.

Please note that any other 3-party firewall also may result in blocking the
DHCP requests from the clients.


Information needed:
=========================

1. On the SBS server that have the issue, please run "ipconfig /all" to
output the network settings.

2. On one SBS 2003 server and the client, capture the network traffic while
it attempt to request a IP address.

a) Log onto one client with the administrator credential.
b) Get the network monitor from the following link and install it on the
SBS server and client.

Download the NetMon3.1 from the following link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-
8d17-2f6dde7d7aac&DisplayLang=en

c) Start the capture both on the SBS server and client.
d) In the client's command prompt, run "ipconfig /renew" to lease the IP
address from the DHCP server.
e) Stop the capture and save the network trace file.


Please send me above two files with the following three lines in the email
body:

DHCP with RRAS & LAN clients
42360580
Miles Li - MSFT

If you have any questions or concerns, please do not hesitate to let me
know.


Best regards,

Miles Li

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

From: PaulS on
Hi Miles,

I'll insert answers below. Heading there in a few hours to have a crack at
it with your suggestions.

Cheers,
Paul

"Miles Li [MSFT]" wrote:

> Hello,
>
> Thank you for your post.
>
> Please allow me to confirm that my understandings are correct. As I
> understand it, the issue is:
>
> You have one SBS 2003 server that does not lease IP addresses for LAN
> workstations. However, it still lease IP addresses for RAS(VPN) client
> properly.
>
> If I have misunderstood your concerns please feel free to let me know.
******That is Correct
> =========================
> For better understand of the issue, please answer my questions:
>
> 1. As the LAN workstations fail to obtain the IP addresses from the DHCP
> server, what IP address they finally get? APIPA (169.254.X.X) or IP
> addresses from other Network segments?
*****They get APIPA (169.254.x.x) addresses.
> 2. What is the connection type of the SBS server that encounter this issue?
> 2 NICs scenario?
*****Server has 2 NICs but one is disabled. SBS Standard. No ISA Server.
> 3. Is the option to allow choice of interface in RRAS server
> properties--->IP tab totally missing? Or it is just grey out.
It's just not there, not greyed out, but not visable at all.
>
>
> - From the description, the RAS (VPN) clients can get the IP addresses
> leased properly. It indicates that the DHCP server functions well. In SBS
> server, we use the BindToDHCPServer registry value to control whether DHCP
> service is bound to a network adapter. If the value is 0, the bounding is
> disabled. If DHCP service is configured to not bound to the internal
> network adapter, internal clients will not receive any DHCP IP address.
> Let us perform the following steps to ensure that DHCP service to internal
> network adapter bounding is enabled.
>
> a) On the SBS server, run regedit to open the Registry Editor.
> b) Expand
> HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\.
> c) Indentify the Internal NIC's GUID through its IP address.
> d) Check whehter BindToDHCPServer = 0 exists. If yes, delete it.

*****I'll be trying this today.
>
> - I'd like to know whether ISA 2004 server is installed on the SBS server
> 2003. When the Internal Network defined in ISA 2004 does not include the
> broadcast address for the subnet, the clients will not be able to
> broadcast DHCP queries. Please follow the steps below to check the
> broadcast address.
******ISA not installed.
> a) Open the ISA 2004 MMC.
> b) Expand the <servername>, expand Configuration, and click on Networks.
> c) On the right, select the Networks tab.
> d) Double-click the network named Internal.
> e) Click the Addresses tab.
> f) Select the address range and click Edit.
> g) Modify the Ending Address to include the broadcast address for the
> internal subnet. This number will end in 255.
>
> For instance: If the internal subnet is 10.1.2.0 with a subnet mask of
> 255.255.255.0, then the ending address would be 10.1.2.255.
> h) Click OK two times and click Apply in the ISA 2004 MMC to apply the
> changes.
>
> Please note that any other 3-party firewall also may result in blocking the
> DHCP requests from the clients.
*****Hardware firewall (appliance at perimeter).
>
> Information needed:
> =========================
>
> 1. On the SBS server that have the issue, please run "ipconfig /all" to
> output the network settings.
>
> 2. On one SBS 2003 server and the client, capture the network traffic while
> it attempt to request a IP address.
>
> a) Log onto one client with the administrator credential.
> b) Get the network monitor from the following link and install it on the
> SBS server and client.
>
> Download the NetMon3.1 from the following link:
> http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-
> 8d17-2f6dde7d7aac&DisplayLang=en
>
> c) Start the capture both on the SBS server and client.
> d) In the client's command prompt, run "ipconfig /renew" to lease the IP
> address from the DHCP server.
> e) Stop the capture and save the network trace file.
*****Will do this too later today.
>
> Please send me above two files with the following three lines in the email
> body:
>
> DHCP with RRAS & LAN clients
> 42360580
> Miles Li - MSFT
>
> If you have any questions or concerns, please do not hesitate to let me
> know.
>
>
> Best regards,
>
> Miles Li
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
From: Miles Li [MSFT] on
Hello,

Take your time to try the troubleshooting steps and let us know the result.

Thanks for your time.

Best regards,

Miles Li

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

From: PaulS on
Hi Miles,

I tried sending the files to you but your mailhost bounced them back.
anyway, there was little to show for it as the client showed DHCP packets
requesting and address while the server never got them.

Deleted the registry key BindToDHCPServer which had a value of 1 anyway, but
that didn't make a difference.

Also deleted the scope, created a new one and restarted RRAS and DHCP. No joy.

I thought it may be the clients having a problem with sending proper
packets, but it's not just the XP Pro PCs, it's also printers.

Then I thought that maybe it's the Cisco Catalyst 500 dropping them, but it
allows VPN clients to get addresses. However I'm thinking to try a PPTP from
an internal client to the server across the LAN to see if they get a DHCP
address.

Cheers,
PaulS