Domain Names/Static IP
Back to Top

Small Office Network with a Domain Controller

SOLVED
Highlighted
CMH
Visitor

Small Office Network with a Domain Controller

Need help in setting up a small Office Network with a Domain Controller.

 

I would like to setup a small office network with the following:

1. Domain Controller managing about 10 to 12 workstations

2. Wireless Network

3. Print and File Services

 

Is there a setup or user guide available?

 

Please help.

Thanks.

CMH

Accepted Solution

Re: Small Office Network with a Domain Controller

Yes, Comcast's responsibility technically ends at the Comcast gateway; any devices past that, they are not authorized to provide support for.

 

But I am, so let's dig in Smiley Wink

 

First off, if you are using the server to provide DHCP (and you are in this case), you will need to disable DHCP on the Comcast gateway.

 

Can you possibly detail your network topology (any routers and their associated IP addresses/subnets, the server's location on the network & its associated IP address/subnet). As well, can you post the output of "ipconfig /all" from a workstation that has obtained an IP address via the WIndows DHCP server?

View solution in context
Accepted Solution

Re: Small Office Network with a Domain Controller

Hi,

 

It seems to be that some of us are in this same position of setting up a new server.  I read this post, and I'm not trying to hijack this thread but I could sure use the help.  I just received a new Comcast Cisco modem a couple of hours ago which replaced our approximate 10 year old SMC. 

 

My only diference is with the Domain Controller.  At this particular time, I'm more comfortable having the DHCP issues left with the Comcast unit.  I'm also running the Windows Server 2012 R2 Essentials product suggested by train_wreck.  I'm also not "under the gun" to have the entire system up and running since I've got my approximate 10 coworkers setup running Office 365 with Microsoft handling the Exchange server duties.  I've also established a relationship with a cloud storage provider (Egnyte) who is handling our "shared file" duties.  Our PC's are running an Egnyte sych client in real time that works for the most part pretty good.  I've created a workgroup in Win 7 and we share files that should not be in "the cloud" off of our Office Managers PC.  I recently down sized our company at which time I just couldn't afford the Data Suite Citrix Solution with 4 servers (I believe that's what we had), an Exchange server, and all the other IT Company costs.

 

My main issue is that I can't grasp the DHCP, DNS, the IP Suite of protocols, Private IP, Public IP, Subnet Masking, Port Forwarding, Gateways, and associated items.  I've studied, watched, read, etc... and I'm becoming more familiar but it's not going to happen overnight.  What our company needs is really:

 

1. Remote Access (Anywhere Access).  We work at our clients sites 75% of the time.  I also have some coworkers that may be gone for 1 week at a time.  Our end product is really just reports (Word and PDF), spreadsheets, Publisher documents, and a few others.  My issue with this has been the uPnp or lack thereof with the SMC modem.  Also, would Anywhere Access be best accomplished using a VPN?  We do have 1 static IP address and really it doesn't look like we really need it?????  What is it used for.

 

The other issues such as shared printing (we have two large capacity multi-function copier/printer/scanners, and file storage are not as baffling to me.  what I am most concerned (I should say SCARED) about is setting up the Comcast unit incorrectly, having the network go down, or leaving us exposed to in a matter which could jeopardize our clients.

 

I'd go for the domain controller being the server if it was recommended, but I'm just fearful of messing something up.  I've tried hooking up with local IT providers but they want the servers again in a Data Center and the cost is just overwhelming.

 

Any suggestions would be so helpful and I'll move this post if anyone feels I'm hijacking the thread.  But, the other posters situation is something that I could deal with so I'm just trying to learn and piggy back off of the same topic. 

View solution in context
Accepted Solution

Re: Small Office Network with a Domain Controller

Timd; Thanks for the sharing of the educational materials.  I spent yesterday watching video's on Lynda.com by a gentleman by the name of Mark Jacob.  The ipv4, ipv6, subnet masking, and the actual math behind this all really helped me greatly.  Some of the "vague references" supplied by others were explained.  I did purchase a couple of books albeit not highly technical in nature, and the IP addressing is considered "outside the scope of the book (i.e. topic).  I was dumbfounded by that since it's the inroad to the system.  But it is what it is.  Being that Eli's video's on the topic are 2010 - 2011, he really didn't even touch on ipv6 other than he's been hearing about it since 1999 when he got involved in computers.

 

I've been involved with forums (not Servervault) in my main line of work.  However, I stay back and let the people attack each other by use of sarcasm, terse one line comments, and literally making a person feel like an idiot for even posting a question, comment, or concern.  I'm also aware that the IT industry has some very highly skilled, educated, and professional people that should not be giving their knowlege away for free.  Hey, not an issue with me as I'd pay for the information I need.  I'd be happy to give the list of what I have, what I'd like to do, and fill in the information on all the devices.  If I could learn by reverse engineering or if the person doing the configuration would at least tell me why, I'd appreciate that as well.  I'm not messing with anyones' job security but I am a Scientist, and not knowing anything at all, drives me nuts.  Not to mention, I do enjoy technology as well. 

 

If you'd like to chat more off this site, you can email me at trisATgoisesDOTcom.  Replacing the usual AT and DOT with the correct characters.  I don't want to impose on the fine folks that run these forums and their helping nature.

 

Regards,

 

TG

 

 

View solution in context
Accepted Solution

MOVING MY DILEMMA TO A SEPERATE THREAD.

I've OBVIOUSLY high-jacked this thread and ALSO cross-posted with my IPv6 dilemma.

 

So here on out, anyone interested in what I got going here, here is a seperate thread with my IPv6 problem:

 

http://forums.businesshelp.comcast.com/t5/IPV6/How-to-disable-DHCP-ipv6-on-Cisco-DPC3939B-DNS-settings/m-p/26044#U26044

  

 

Thank you both train_wreck and ShifterKartRacer for the awesome detailed help!  Sorry OP!  Your post is very similar to my scenario..but the IPv6 has made it more complex.....I honestly didn't mean to step on your toes...  : )

 

View solution in context
21 REPLIES
Trusted Forum Contributor

Re: Small Office Network with a Domain Controller

If you have never configured a Windows server before, I would recommend looking into Windows Server 2012 Essentials. It has numerous configuration wizards that make it very easy to setup, and is meant for small networks.

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2012-r2-essentials/
CMH
Visitor

Re: Small Office Network with a Domain Controller

Thank you for the response. 

Yes, I don't have much expeirence with Domain Controllers and Networking and I'll surely look into the link you have posted.

 

Let me be more specific about the issue I'm having:

 

I've a small existing, semi-broken setup with one domain controller (Windows 2008 R2) and a WiFi network. 

 

I would expect that the Domain controller is the one assigning the IP addresses to the clients, but it is not. I checked and found out that the DHCP is enabled on the Comcast Router/Gateway and it is giving the IP addresses to the clients. But this is causing issues for the clients to join the domain as they are not able to find the domain. The nslookup shows that the DNS server is at Comcast. On the Clients the settings are "Automatic" for finding the IP addresses and the DNS.

 

So, when I disable the DHCP on the Comcast device, the clients get IP addresses from the DC (Domain Controller) and are able to login into the domain but then the Internet stops working on the clients. And this also breaks the Wifi network.

 

Not sure how to fix this situation? I called Comcast Customer service but they are not able to help me. They want me to contact some third party IT company for help.

 

I also tried searching for any documents or User guide on setting up a small network with a DC. 

I'm hoping someone experienced like you can help me here. 

 

Thanks.

CMH

 

Trusted Forum Contributor

Re: Small Office Network with a Domain Controller

Yes, Comcast's responsibility technically ends at the Comcast gateway; any devices past that, they are not authorized to provide support for.

 

But I am, so let's dig in Smiley Wink

 

First off, if you are using the server to provide DHCP (and you are in this case), you will need to disable DHCP on the Comcast gateway.

 

Can you possibly detail your network topology (any routers and their associated IP addresses/subnets, the server's location on the network & its associated IP address/subnet). As well, can you post the output of "ipconfig /all" from a workstation that has obtained an IP address via the WIndows DHCP server?

CMH
Visitor

Re: Small Office Network with a Domain Controller

Thank you Sir.

I'll get all the information this Saturday and will post here.

Thanks.

CMH
Visitor

Re: Small Office Network with a Domain Controller

CXX-Network.PNG

 

Here is a very basic diagram of our Network. We have more PCs but I'm showing just few here. You will get a general idea of the network topology. I'll get more information soon as you requested. Is there a way to contact you over the phone or email?  

Thanks.

CMH

Trusted Forum Contributor

Re: Small Office Network with a Domain Controller

A few things....

 

It appears you have a wireless router, but are using it just basically as an access point? If so, you'll need to make sure DHCP is off there as well.

 

In terms of the DHCP server, it should be assigning clients IP addresses from within 10.1.10.x/24 with exclusions for 10.1.10.1 and all static IP address devices (such as the domain controller itself, the wireless router, etc.), a default gateway for the clients of 10.1.10.1, and a DNS server address that is the IP of the domain controller.

 

Also, is there any reason you're not using the wireless router as a true router, with its WAN connected to the Comcast gateway and the LAN connected to the switch.....

Member

Re: Small Office Network with a Domain Controller

Hello train_wreck,

 

I'm in the same situation, but new server setup.  Windows Server 2012 R2 Essentials.

 

Same set up, but integrated WIFI access in the Cisco DPC3939B router.  everything connected to the switch.  Router in/out from internet; gateway.

 

I understand that Ipv4 DHCP needs to be disabled on the router since the SERVER will do DHCP and hand out IP addresses.

 

But what about IPv6 on this router?  How to you disable the IPv6 DHCP on this?  It isn't straight forward like the legacy IPv4 way of doing things. I grasp that part both on the router and windows server settings.

 

From what I understand I need to UNCHECK Stateful and just use IPv4 DHCP on the server? (yes, disable Ipv4 on router also).  But it seems everything is going IPv6?  Should I leave it alone?  The Ipv6 is VERY confusing and archaic.  As best practice, I prefer the SERVER handle DHCP... so I guess I don't want the router doing ipv4 or ipv6 DHCP to avoid conflict, correct?  but what is best practice handling this IPv6 dhcp?  preferably if we need to keep it in tact...which I guess from the server...  scopes?

 

Screenshot below of current DEFAULT settings...not sure exactly what to change / add here:

 

DPC3939B.jpg

ShifterKartRacer
New Contributor

Re: Small Office Network with a Domain Controller

Hi,

 

It seems to be that some of us are in this same position of setting up a new server.  I read this post, and I'm not trying to hijack this thread but I could sure use the help.  I just received a new Comcast Cisco modem a couple of hours ago which replaced our approximate 10 year old SMC. 

 

My only diference is with the Domain Controller.  At this particular time, I'm more comfortable having the DHCP issues left with the Comcast unit.  I'm also running the Windows Server 2012 R2 Essentials product suggested by train_wreck.  I'm also not "under the gun" to have the entire system up and running since I've got my approximate 10 coworkers setup running Office 365 with Microsoft handling the Exchange server duties.  I've also established a relationship with a cloud storage provider (Egnyte) who is handling our "shared file" duties.  Our PC's are running an Egnyte sych client in real time that works for the most part pretty good.  I've created a workgroup in Win 7 and we share files that should not be in "the cloud" off of our Office Managers PC.  I recently down sized our company at which time I just couldn't afford the Data Suite Citrix Solution with 4 servers (I believe that's what we had), an Exchange server, and all the other IT Company costs.

 

My main issue is that I can't grasp the DHCP, DNS, the IP Suite of protocols, Private IP, Public IP, Subnet Masking, Port Forwarding, Gateways, and associated items.  I've studied, watched, read, etc... and I'm becoming more familiar but it's not going to happen overnight.  What our company needs is really:

 

1. Remote Access (Anywhere Access).  We work at our clients sites 75% of the time.  I also have some coworkers that may be gone for 1 week at a time.  Our end product is really just reports (Word and PDF), spreadsheets, Publisher documents, and a few others.  My issue with this has been the uPnp or lack thereof with the SMC modem.  Also, would Anywhere Access be best accomplished using a VPN?  We do have 1 static IP address and really it doesn't look like we really need it?????  What is it used for.

 

The other issues such as shared printing (we have two large capacity multi-function copier/printer/scanners, and file storage are not as baffling to me.  what I am most concerned (I should say SCARED) about is setting up the Comcast unit incorrectly, having the network go down, or leaving us exposed to in a matter which could jeopardize our clients.

 

I'd go for the domain controller being the server if it was recommended, but I'm just fearful of messing something up.  I've tried hooking up with local IT providers but they want the servers again in a Data Center and the cost is just overwhelming.

 

Any suggestions would be so helpful and I'll move this post if anyone feels I'm hijacking the thread.  But, the other posters situation is something that I could deal with so I'm just trying to learn and piggy back off of the same topic. 

Trusted Forum Contributor

Re: Small Office Network with a Domain Controller

@timd1971:

 

Concerning IPv6, I would hesitate to make any recommendations as COmcast hasn't officially launched v6 for business yet. All of the gateways do support IPv6 to some degree - the Cisco DPC3939B will assign a global IPv6 address to any connected device using either RA announcement packets ("stateless", as it says in the config page) or using an integrated DHCPv6 server. At the moment, I don't think you can configure a separate DHCPv6 server on the LAN to assign addresses.   In general, the same rules that apply for IPv4 in terms of DHCP servers also applies to IPv6; you shouldn't have 2 separate DHCPv6 servers on a network, without specific configurations made on both.

 

I imagine that eventually, Comcast will provide you with a static "prefix" to which you can configure your devices in any way you like; for example, they would give you the prefix 2601:443:1480:5300::/64 (meaning that your IPv6 numbering range would be 2601:443:1480:5300:0000:0000:0000:0000 through 2601:443:1480:5300:ffff:ffff:ffff:ffff ) and you could then configure hosts statically within that range OR have your own DHCPv6 server handing out addresses from this range. This is just speculation, however. I have heard that the official rollout may happen this year.

 

You are correct in thinking that you need to have the Cisco DHCP v4 server disabled if you have the Windows server doing DHCP.

Member

Re: Small Office Network with a Domain Controller

Thank you train_wreck, you really know your stuff. IPv6 is QUITE baffling... and Comcast not supporting makes it even more difficult.
from what I understand, IPv6 is really something that needs to be implemented, so not sure why Comcast has dropped the ball here?

It doesn't look like I have any choice here. Being Business Comcast, I don't understand the limitation Comcast has imposed. That being the DPC3939B "apparently" cannot disable IPV6 so the Windows Server can then handle all DHCP. (Both IPv4 & IPv6, not JUST IPv4).

I am not sure what to do here being IPv6 is quite important now and needs to be implemented. I don't want to just disable it on both router and server. Apparently it cannot be turned off on router anyways? So even though best practice says Server should handle all DHCP, can I let the DPC3939B just do all the DHCP? Is this truly my only option to keep IPv6? I heard something about Active Directory not working correctly this way? So doomed either way? : (

I don't know anything about the BRIDGE mode, but would that be a option? Does it turn the router into a modem, and then I use a seperate wifi router (i.e. new Asus ac router). Would this maybe be a solution? Would hardware firewall help here?

This IPv6 DHCP is the one thing preventing me from setting up this new server.

I don't mean to highjack this thread, but I think this IPv6 DHCP is a real problem and needs to be addressed in order to correctly complete the server setup. The OP will no doubt run into this problem like we have. It is VERY difficult to find a solution to this. Especially if Comcast hasn't fully implemented IPv6 yet, that is just unacceptable being a Business class router and service. Not good.
ShifterKartRacer
New Contributor

Re: Small Office Network with a Domain Controller

Train_Wreck,

I have to say, understanding all of this so much easier than most of the materials I've come accross.

In a nutshell, is it better to have DNS, AD, and DHCP handled by the Windows Server 2012 R2 Essentials Server? If that's the case, the 3939B would simply be used in Bridge Mode for its' modem? One of the reasons I had Comcast change our SMC was to eliminate an old Snapgear 565 external router, firewall, gateway, and wireless. Maybe I made a mistake in decomissioning the SnapGear?

I've read that DNS is better handled by a Windows Server being that it makes "life easier". I believe this was a video I had watched but it was covering Windows Server 2012 (not R2 or Essentials). I also thought life would be simplifed by going to a "one box fits all" solution (the Comcast Cisco 3939B). Maybe I was wrong in my thinking with that subject also.

One of my thoughts was that you'd think the 3939B would be better handling all these tasks. Probably wrong on my part.

I did notice that the 3939B could not have the ipv6 disabled so I didn't know if that would effect anything. Last night, I was able to let the server obtain it's own address from the 3939B and for the first time I could get Anywhere Access working. That may be in part due to the uPNP being enabled on the 3939B.

I appreciate all this great information! Regards, TG

Trusted Forum Contributor

Re: Small Office Network with a Domain Controller


timd1971 wrote:
I am not sure what to do here being IPv6 is quite important now and needs to be implemented. I don't want to just disable it on both router and server. Apparently it cannot be turned off on router anyways? So even though best practice says Server should handle all DHCP, can I let the DPC3939B just do all the DHCP? Is this truly my only option to keep IPv6?

At the moment, yes, this is about the only option. Some of the other Comcast gateways support what is called "prefix delegation", whereby you can connect a router to the gateway and it will pull a prefix to use for clients behind its LAN.

 

I have never heard of Active Directory services failing to work if there is a separate DHCPv6 server; I would think that if anything, AD auth/replication should just fall back to v4. Haven't tried that though.

 


timd1971 wrote:
I don't know anything about the BRIDGE mode, but would that be a option? Does it turn the router into a modem, and then I use a seperate wifi router (i.e. new Asus ac router). Would this maybe be a solution? Would hardware firewall help here?

Yes, bridge mode turns the gateway into a standard cable modem, AND also deletes any static IPs you may have. This would allow you to connect a separate router that can do prefix delegation. This would NOT allow you to setup a DHCPv6 server on the Windows machine. Once again, for this I think we'll just have to wait for the static v6 rollout.

 


timd1971 wrote:
This IPv6 DHCP is the one thing preventing me from setting up this new server.

I wouldn't worry too much about it yet, unless for some reason you have a very pressing need for v6. If you must have it, consider setting up a temprary fc00:: ULA subnet on the WIndows DHCPv6 server. You would ony have local LAN connectivity, but it might help.

Trusted Forum Contributor

Re: Small Office Network with a Domain Controller


ShifterKartRacer wrote:
In a nutshell, is it better to have DNS, AD, and DHCP handled by the Windows Server 2012 R2 Essentials Server?

Usually yes, because AD is recommended to be integrated with DNS/DHCP, as the services work together to provide dynamic updates among each other. It simplifies management of network entities within the directory to keep it all on the same server. As well, the processing power in the server is much higher than in the gateways, so offloading these network infrastructure services helps conserve resources on the (already resource-strapped) gateways.

 


ShifterKartRacer wrote:
If that's the case, the 3939B would simply be used in Bridge Mode for its' modem?

It wouldn't technically be "bridge mode" at that point, because the gateway would still be doing routing capabilities (e.g., traffic from 10.1.10.0/24 LAN clients would still need to be NATted out the gateway's WAN address.)

 


ShifterKartRacer wrote:
 I also thought life would be simplifed by going to a "one box fits all" solution (the Comcast Cisco 3939B). Maybe I was wrong in my thinking with that subject also.

One of my thoughts was that you'd think the 3939B would be better handling all these tasks.

In general, I usually recommend that the policy "jack-of-all-trades, master of none" applies to most networking gear, at least until you get into enterprise-level equipment. I tend to find better results with single, dedicated devices that do one thing well. I prefer to use a standalone router, in conjunction with the Comcast gateway being in bridge mode or provisioned with rented static IPs (to which said router has the static IP configured into.)

 


ShifterKartRacer wrote:
Last night, I was able to let the server obtain it's own address from the 3939B and for the first time I could get Anywhere Access working. That may be in part due to the uPNP being enabled on the 3939B.

Likely a firewall/port forwarding rule wasn't set for the requisite ports/protocols that are used by "Anwhere Access". Keep in mind, even with DHCP disabled on the gateway, if you are still using it with the stock 10.1.10.x subnet (e.g., your LAN clients are still within that range, and have a default gateway pointing to 10.1.10.1), you will still need to configure appropriate firewall rules on the gateway. In this configuration, it is still functioning as your router.

Member

Re: Small Office Network with a Domain Controller

Wow, learning QUITE a lot from train_wreck and others here! : )

Ok, I think I am getting closer to getting a solution to get my server going.

To make it easier, I'll just explain what I need and maybe, train_wreck you can just suggest or advice what I need to do pertaining to this IPv6 problem?

Coming in from internet,
Cisco DPC3939B, port 1 connected to trendnet teg-s80g switch. (3 empty ports left on comcast router)
Lenovo ts440 server with Windows Server 2012 R2 Essentials connected to switch. Active Directory. (I also am bypassing the default .local suffix Essentials forces as default. I have my own purchased company domain, so using AD.MYDOMAIN.com versus MYDOMAIN.local).
The rest of the 8 switch ports go to win 8.1 pro clients and devices.

I do not have a hardware firewall? If I do get one, can you suggest a entry level one that will do the basic job of protection including blocking other things also? I've been suggested PFSense? Can I just install the free software on the server? Or do I need to also buy the hardware firewall? I can add this later if need be as I need to really get this server going. Where does the hardware firewall go? Right after the comast modem? The switch? Before modem?

Shouldn't the server have anti-virus software? I've read about using the free Microsoft AV hack.

I do have a spare Asus RT-AC68R wifi router.

I guess what I need to know, is what do you suggest, given this setup and the lack of the IPv6 problem you mention about having to wait for Comcast? I guess I am not clear on that. I currently don't have a external static ip from comcast and probably will use no-ip.net if I need to later and for remoting etc.

I guess I am lost what to do with this IPV6 stuff for the router and windows server.

I just don't know which route to take with it and IPv4.

From my understanding, I just need to turn off BOTH IPv4 and IPV6 on the router and create scopes on the windows server for both. Easy for ipv4, but apparently I am stuck with the ipv6/comcast thing? I am lost there. So just not sure where to go from there. I guess that I don't need or want to wait for Comcast to make ipv6 external static ip to be available? So what's the best setup here to avoid all of that?

Thank you very much. I'm getting a lot of this, but obviously not getting the last final bit to finish this. : /

ShifterKartRacer
New Contributor

Re: Small Office Network with a Domain Controller


train_wreck wrote:

ShifterKartRacer wrote:
In a nutshell, is it better to have DNS, AD, and DHCP handled by the Windows Server 2012 R2 Essentials Server?

Usually yes, because AD is recommended to be integrated with DNS/DHCP, as the services work together to provide dynamic updates among each other. It simplifies management of network entities within the directory to keep it all on the same server. As well, the processing power in the server is much higher than in the gateways, so offloading these network infrastructure services helps conserve resources on the (already resource-strapped) gateways.

 

Mr. Train Wreck;  Thank you for the clarification regarding this.  Why is it that this topic is so difficult to find reliable information on?  I'd be happy to pay you if you'd submit an invoice!  I've been watching some video's from Eli The Computer Guy.   Seems to be good information and a very talented and excellent teacher.  One of his video class explains setting up a Server as a domain controller in addition to the other server duties.  Yes it's Windows Server 2012 (not R2 or Essentials), but he emphasizes repeatedly that "a Microsoft Server should handle the DHCP" in addition to the DNS which by default would be managed and of course the other tasks mentioned.  He says that for people like me of lesser experience that "DHCP management othe than by the Microsoft Server can make us less experienced people lead a life with a lot of pain.  I feel comfotable enough to setup these services or at least flounder through the steps carefully.  I purposely went for the Essentials Edition to avoid as manay pitfals as possible keeping in mind that Office 365 and the Microsoft Suite as well as Exchange Email are being handled by Microsoft and I wouldn't have a staff of 15 - 20 users sitting around while I tried to play IT "Hero".   I'm also using 2 Servers that were purchased new several years ago when I elected to go with the Citrix Servers being located and managed in a Data Center.  Yes, they are much older HP Proliant ML 350's (Gen 5) with dual 2.0 Ghz Xeon Processors and 16 gig of ram.  Each also has 8 SAS 146 gig drives which is plenty of storage for out needs.  The typical redundant power supplies are also included.  We're Engineers and Scientists.  We generate lot's of files but they are very small in size.  Our clients still prefer written reports in addition to the electronic so we do print 15,000 pages per week on average.  The second server is sitting next to the 1st with no operating system installed.  I just took it out of the box.  Maybe that should be my "lab" or trial server?

 


ShifterKartRacer wrote:
If that's the case, the 3939B would simply be used in Bridge Mode for its' modem?

It wouldn't technically be "bridge mode" at that point, because the gateway would still be doing routing capabilities (e.g., traffic from 10.1.10.0/24 LAN clients would still need to be NATted out the gateway's WAN address.)

 

Your response above is where I really fall off a steep cliff.  I signed up last night on Lynda.com and am currently doing a 2 + hour Subnet Class.  I understand the concept of NAT and resolving "qualified domain name" (I believe that's what is a part of it), to put it into practice would not be a smart idea for me at least at this time. 


ShifterKartRacer wrote:
 I also thought life would be simplifed by going to a "one box fits all" solution (the Comcast Cisco 3939B). Maybe I was wrong in my thinking with that subject also.

One of my thoughts was that you'd think the 3939B would be better handling all these tasks.

In general, I usually recommend that the policy "jack-of-all-trades, master of none" applies to most networking gear, at least until you get into enterprise-level equipment. I tend to find better results with single, dedicated devices that do one thing well. I prefer to use a standalone router, in conjunction with the Comcast gateway being in bridge mode or provisioned with rented static IPs (to which said router has the static IP configured into.)

 

I'm sort of following.  I was fearful that the "jack of all trades, master of none would apply".  Your statement (i.e. opinion) made sense in another way while thinking about it this morning.  The Modem, Router, Gateway, and Switch(s) are needed and used 24 hours per day, 7 days a week.  If they go down, most or all of the office is down.  Our clients are then jeopardized subsequently putting us into jeopardy.  I need to share files, print, allow remote access, and whatever common tasks a typcial small office would need to handle.  But yes, security is critical to us.  If a coworkers PC (desktop or laptop) goes down, I've got spares that either are or could be configured in short order.

 


ShifterKartRacer wrote:
Last night, I was able to let the server obtain it's own address from the 3939B and for the first time I could get Anywhere Access working. That may be in part due to the uPNP being enabled on the 3939B.

Likely a firewall/port forwarding rule wasn't set for the requisite ports/protocols that are used by "Anwhere Access". Keep in mind, even with DHCP disabled on the gateway, if you are still using it with the stock 10.1.10.x subnet (e.g., your LAN clients are still within that range, and have a default gateway pointing to 10.1.10.1), you will still need to configure appropriate firewall rules on the gateway. In this configuration, it is still functioning as your router.


As I can hear Eli the Computer Guy saying repeatedly; "a router is used to allow 2 or more subnets to communicate".  That's what a router is for.  I've looked at the router incorrectly for several years.  I only have one network cable coming out of the back of the router which connects to 3 3Com 2424plus Switches.  I thought what am I routing?  Again, lack of understanding.  The Anywhere Access is the term used in the Essentials edition.  The interface is more like a Win 8 OS to me.  I'd not call it Remote Desktop.   Yes, it's empahsized that Port 443 be open and that a uPnp modem be used.   I guess I'm still going back to what my basic goals are and it you'd like to help out I'd appreciate it.  But I've got to say, you've put so much time into something that is very time consuming and for that I feel very guilty.

 

Basic Goals:

 

15 - 18 users connected to a server.

Remote Access is VERY important.

Printing and Scanning handled by 3 Savin Copier/Scanner/Printers (C2828's) 15,000 pages per week on average.

Backup of workstations and laptops by the Server (Essentials states this as a feature).

Exchange handled by Office 365

Applications are the current MS Suite provided by Office 365 (Office 2013 or a version thereof).

 

Concerns:

 

Correct setup of the Modem, Gateway, and Router.  I believe I'm hearing from you that these pieces are the critical link.

 

At least you know what I have so if you find it in your heart to help out, I'd appreciate it.

 

Regards,

 

TG

Member

Re: Small Office Network with a Domain Controller

"Correct setup of the Modem, Gateway, and Router.  I believe I'm hearing from you that these pieces are the critical link."

(firewall too!)

 

Yup.  I am in the same boat here...  got a good grasp on most of the server part, but this IPv6 is killing me.  Seems this over-complicated way of doing things these days is excellent JOB SECURITY.  : /

 

As far as your network/system going down... I think that is why Microsoft recommends more than 1 DOMAIN CONTROLLER with Active Directory also.  Seems every part of the system needs redundacy.  I cannot worry too much about it and it will drive you nuts...  my BIG thing is BACKUPS of our data is the abosulte best no matter what.  If need be, I can always pull up a spare PC and work locally if abosilutely need be...but my DATA is what is precious.  We don't have to be online 24/7 or remotely.

 

 

ShifterKartRacer
New Contributor

Re: Small Office Network with a Domain Controller


timd1971 wrote:

"Correct setup of the Modem, Gateway, and Router.  I believe I'm hearing from you that these pieces are the critical link."

(firewall too!)

 

Yup.  I am in the same boat here...  got a good grasp on most of the server part, but this IPv6 is killing me.  Seems this over-complicated way of doing things these days is excellent JOB SECURITY.  : /

 

With the knowlege of Train Wreck, I'd be much more willing to take a leap of faith but I don't have that option anymore.  I vowed to never let the network "hardware" move out of my buildings for the reason stated below.  I'm also not going to every expect to be IT Superman Over Night.  Train Wreck and others are professionals and this is their job and where they live!

 

I have to agree whole heartedly regarding the modem, gateway, router, and yes now the firewall.  I am finding that the classes on Lynda.com are very helpful as well.  I wish I would've discovered them prior to last night.  I actually started a computer company in 1986 and sold it in 1993.  Part of the sale agreement was that my other small company's would have computer support.  I've not had to really use what little skill set I had (my last network setup was Windows 3.1 over Novell).  The 5 offices connected via 9600 Baud modems.

 

I've not even paid much attention to the ipv6.  I need a better grasp of the basics first.  Unfortuantely, my geographic region is not well supported with IT Companies worth a darn.  I'd have to bring in a company from 150 miles away.  Too costly.  Giving Microsoft the "lion share" has been my salvation.  Our company was down for 16 days due to our server "farm" crashing at which time I couldn't get in touch with the company.  Attorney's involved, and clients lost will never recuperate the personal and company reputation suffering we've went through.  If I wasn't killing bandwidth by synching to the Egnyte Cloud Service (every PC runs the client synch in real time and only on a "C" local drive) I'd leave well enough alone.  I am going to be talking with Egnyte tomorrow about running a supported NAS which would syncrhonize to the Egnyte Cloud during the evenings.  My other issue being all the printing we do hurts as well.

 

As far as your network/system going down... I think that is why Microsoft recommends more than 1 DOMAIN CONTROLLER with Active Directory also.  Seems every part of the system needs redundacy.  I cannot worry too much about it and it will drive you nuts...  my BIG thing is BACKUPS of our data is the abosulte best no matter what.  If need be, I can always pull up a spare PC and work locally if abosilutely need be...but my DATA is what is precious.  We don't have to be online 24/7 or remotely.

 

Hence my option of trying 2012 R2 Essentials and a NAS Server.  The data will be local, the cloud the backup to the NAS and my redundancy is sufficient.  I have 29 years worth of data and it only totals 750 gigabyte.  I could streamline to 250 gigabyte if need be.  No video, audio, or large files whatsoever.  About 75 gigabytes of data that cannot be stored in the cloud due to security reasons.  Hence, my skepticism.  If backups are your biggest concern, don't be hesitant to store what you can in the cloud if you are legally able to.  My line of business requires certain files be stored in a "secure data center" with a whole other caveat of security issues that I don't understand. However, another entity pays that bill.  The data can only be accessed by approved "classified" computers.  I've also considered FTP (that's how I populated our Cloud Server) for data backup or even another level of redundancy.  It's probably not as trustworthy but it's an option.

 

I bet Train Wreck and others have good recommendations for the "firewall, gateway, etc..." equipment.  Creating another domain controller might be an option but I'm not dealing with that many users.  I do like the idea of having the computer handle the task as Train Wreck mentioned.  It's what a computer is used for.  I know I'll run into security ceritificate issues and other problems more than likely.

 

It's been a good learning experience though.  What a way to spend evenings and weekends (lol)!


 

Member

Re: Small Office Network with a Domain Controller

Considering your line of work and liabilty, sounds like you need a dedicated IT person handling all this.  Yeah, I know, having all that tech knowledge under your belt like me (and I am also a control freak), it's hard to give that up...especially when you got 90% of it down and just havea  little more to learn to grasp it ALL completely.  I "alos" liek learning about all this... I used to be bleeding edge with tech, but running a business sure takes a lot of your time away.  Never had a "real" need for a SERVER...but NOW I do.  SO I have feverlishly "learning" as much as I can in a short amount of time..i.e. yes, Eli the Computer Guy videos!  That man made all of this so easily learned VERY quickly!  I love that guy...he really makes it so easy for newbies like me when it comes to servers, dns, dhcp AD, etc etc.  But unfortuneatly he doens;t have really anythign on the IPv6 dilemma.

 

I don't know,  but maybe it is job security, but if I was a full fledge IT guy, I sure would make a video like Eli's does just merely showing the setup up a small business server utilizing Windows Server 2012 R2 Essentials from A to Z.  I notice the videos on youtube tend to leave out the most important parts...leads me to beleive they may not know those answers either...so they don;t cover it.  After all this learning, it's not really that complicated, but there are some things that I just don't know enough about.

 

What's rough, is going over to ServerFault.com and Spiceworks.com and trying to get this very basic help...it's like PULLING TEETH!  They KNOW I am a newbie from my basic questions, and resistance is high. Me, I am one to help, no matter how easy or difficult it may be.  I did get some help over there, but really, it's a shame the quality help you finally end up getting considering just how many millions of people are at those sites...just vague answers from a handful of people...leave you hanging...so you continue to research and learn and learn and it just takes so long when you don't have the time to get it all.  Honestly, as professionla as they are over there, I don;t think they even know the real answers to my questions...as to why they dodge them.  (again, job security...they don't want to make all this too easy or their out a job more easily...which is understandable) All in all, just useless.

 

I was amazed there are few here that really know their stuff here and are very helpful and friendly.  Cannot say that about ServerFault (and all that editing and censorshiop and ON HOLD of your questions, etc etc...it's like quora.com, people spend more time editing or bashing or nit-picking or complaining about your question, rather than JUST HELPING with an answer or advice at least!  I actaully do not like that place much anymore.) Spiceworks is better though...but still hard to get good "thorough" answers... if you aren't part of the HIGH END IT clique, you're not going to get good help if any at all it sure seems... the things I have asked should be able to be answered VERY easily, in their sleep!  Ok, done with the rant about the other sites.  Glad I gave this one a chance...seems to get more help here in just a couple posts than I have in a bunch anywhere else.

 

Here is something I had to totally learn ON MY OWN, as the people at ServerFault would not help me with this at all.  ANd it was so SIMPLE... simple but HARD to find the answer!  So I found it:

http://www.em-soft.si/myblog/elvis/?p=403

 

Essentials will FORCE you to set your domain name to what you choose, but it makes it .local suffix.  i.e. MYDOMAIN.local.

I wanted AD.MYDOMAIN.com (i own my own .com domain), so the link above shows the trick.  Basically you don;t use the WIZARD that starts after iniital install.  You cancel it...and you can set it up as if you had STANDARD, and get around the Essentials forced upon .local.  You CANNOT change this later in Essentials.  You either get it right the first time or that's it.

 

here's some IPv6 videos I found that are helpful:

https://www.youtube.com/watch?v=qaWR5r7owyc

 

https://www.youtube.com/watch?v=knu0folNoCs

 

Instructor: Anthony Sequeira, CCIE,CCSI,VCP ↓↓↓↓ Click on "Show more" for timeline markers ↓↓↓↓ 00:00 introduction to IPV6 08:47 IPv6 addressing 12:12 IPv6 addressing: Syntax 16:22 IPv6 addressing: Subnet mask representation 17:19 IPv6 addressing: Network and node addressing: EUI-64 22:31 IPv6 ...
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Member

Re: Small Office Network with a Domain Controller

"It's been a good learning experience though.  What a way to spend evenings and weekends (lol)!"

 

Yeah...but I would much rather spend it with my (2) young daughters...it's hard enough running a business and finding that time...but this server stuff has really slowed me down.  I really need to get over this hurdle so i can got on to the next one.

ShifterKartRacer
New Contributor

Re: Small Office Network with a Domain Controller

Timd; Thanks for the sharing of the educational materials.  I spent yesterday watching video's on Lynda.com by a gentleman by the name of Mark Jacob.  The ipv4, ipv6, subnet masking, and the actual math behind this all really helped me greatly.  Some of the "vague references" supplied by others were explained.  I did purchase a couple of books albeit not highly technical in nature, and the IP addressing is considered "outside the scope of the book (i.e. topic).  I was dumbfounded by that since it's the inroad to the system.  But it is what it is.  Being that Eli's video's on the topic are 2010 - 2011, he really didn't even touch on ipv6 other than he's been hearing about it since 1999 when he got involved in computers.

 

I've been involved with forums (not Servervault) in my main line of work.  However, I stay back and let the people attack each other by use of sarcasm, terse one line comments, and literally making a person feel like an idiot for even posting a question, comment, or concern.  I'm also aware that the IT industry has some very highly skilled, educated, and professional people that should not be giving their knowlege away for free.  Hey, not an issue with me as I'd pay for the information I need.  I'd be happy to give the list of what I have, what I'd like to do, and fill in the information on all the devices.  If I could learn by reverse engineering or if the person doing the configuration would at least tell me why, I'd appreciate that as well.  I'm not messing with anyones' job security but I am a Scientist, and not knowing anything at all, drives me nuts.  Not to mention, I do enjoy technology as well. 

 

If you'd like to chat more off this site, you can email me at trisATgoisesDOTcom.  Replacing the usual AT and DOT with the correct characters.  I don't want to impose on the fine folks that run these forums and their helping nature.

 

Regards,

 

TG

 

 

Member

MOVING MY DILEMMA TO A SEPERATE THREAD.

I've OBVIOUSLY high-jacked this thread and ALSO cross-posted with my IPv6 dilemma.

 

So here on out, anyone interested in what I got going here, here is a seperate thread with my IPv6 problem:

 

http://forums.businesshelp.comcast.com/t5/IPV6/How-to-disable-DHCP-ipv6-on-Cisco-DPC3939B-DNS-settin...

  

 

Thank you both train_wreck and ShifterKartRacer for the awesome detailed help!  Sorry OP!  Your post is very similar to my scenario..but the IPv6 has made it more complex.....I honestly didn't mean to step on your toes...  : )

 

Discussion stats
  • 21 replies
  • 9105 views
  • 8 kudos
  • 4 in conversation