If you’ve used Windows Small Business Server in the past, you’ve probably figured out exactly how DNS works. With the SBS 2008 and SBS 2011 the Connect to the Internet Wizard would analyze your network and determine a static IP address to use, and then ensure you like it before making it the server’s IP address. Then as we all know, the DNS server runs on SBS and resolves local network addresses, like “domain.local” or “server” or the internal fully qualified domain (FQDN) “server.domain.local”
Since SBS 2008 and SBS 2011 are DHCP servers by default, that means they hand out IP addresses, and the server’s IP as the DNS server. DNS works flawlessly in such an environment. Internet based addresses (such as Microsoft.com) are first sent to the SBS box for resolution, and then forwarded on to the ISPs DNS servers for name resolution.
Ultimately SBS is a middle man in the peer to peer DNS infrastructure and gives the full power of DNS to the local network
So how is SBS 2011 Essentials Different?
SBS 2011 Essentials doesn’t assign itself a static IP address, and it doesn’t have a Connect to the Internet Wizard. Essentials will automatically connect to the Internet just like any client computer, using the DHCP assigned address. It does however use its local DNS server to resolve both local and Internet based names by overriding the DHCP assigned IP address to 127.0.0.1 (localhost). If you dig into the DNS settings, you’ll notice that the DNS Server picks up the routers IP as a forwarder. Routers by default will hand out their own IP as the DNS Server and proxy DNS out to the WAN configured (usually DHCP but sometimes services like OpenDNS) DNS servers. This means that if the server were to ask for an Internet based address, like technet.com, it would forward that request to the router, which would intern forward it to the ISP, which could hopefully resolve it for you.
Clients on the network also still need to use the SBS DNS Server in order for Active Directory to work, or to resolve the server and other services on the network (for example, client backup doesn’t work unless DNS is operating correctly). Clients *also* get their IP and DNS Server from the DHCP server, which in Essentials, by default, is the router. This means that the DNS server is the router, essentially skipping the SBS name resolution step. Once the client goes to http://server/connect, a service is installed called LAN Configuration Service. This service monitors client IP address changes, when the client gets a new IP (ie, it turns on, or it changes locations) it immediately sends out a UPnP query looking for the server (note, this only works on single subnet environments). If a server is found, the DHCP assigned DNS address is overwritten by the server’s IP address (obtained in the return call from UPnP). If no server is found, the DHCP DNS assigned address is kept.
This means that client computers get the SBS DNS address within the SBS network, but the DHCP assigned address at a place like StarBucks. Clients can always resolve the Internet, and inside of the SBS network, they can also resolve the SBS server and Active Directory domain.
Now, for those paying attention, you’ll have recalled that the SBS server’s address is also DHCP assigned, which means it can change if the router deems it necessary. There is a similar service on the SBS server that will broadcast when it’s IP address changes, the clients on the network pick this up and update DNS, the clients off the network will just re-do the process above to get the right IP address.
A side-effect/pro of this design over the SBS 2008 or 2011 Standard design is that if the server is down for patching (we all know how long those reboots take), or another reason, the client will revert back to the DHCP assigned address after a short period of time and can continue to resolve the Internet until the server comes back online.
Can I set things up the old way?
Of course you can. SBS 2011 Essentials is still a full blow copy of server, and all the power that you’re familiar with is there. You can just jump into the NIC settings on the server and give it a static IP address of your choice. No problems there.
Additionally, if you absolutely wanted to run DHCP on the SBS Essentials server, no problems there either, simply open up the Server Manager, install the roll and configure DHCP. Don’t forget to turn off DHCP on your router, and away you go. If you’re not familiar with DHCP settings though, I suggest you leave it the way it was.
42 comments:
Sean,
Your DNS article does not discuss how SBSe sets the DNS forwarders entries in the Server's DNS properties. One problem I encountered is that I set up the server on a network where the router was at 192.168.1.1 -- and then transported the server to the intended site where the router was at a different 192.168.x.x address. DNS did not work after the move. The Forwarders entry for the (missing) old router IP address was preventing proper name resolution, and had to be manually deleted to restore that functionality. Some server process had inserted the new router entry after the missing router entry, so I did not need to add it. That process should remove the 'missing' router, if this is to be a truely 'plug and play' solution. People are going to move these things! Thanks for your time and the original post.
That's a very good point. Yes, that is the case. This is nothing to do with SBS, the standard server DNS server will obtain forwarders on install and not update them in the event that the server is moved to a new subnet.
This article does help me to configure my SBSe DNS.
But one thing I noticed is, even my workstation on the same network as SBSe that haven't go through the http://server/connect wizard can still resolve my SBSe using ISP DNS. This puzzled me. I have the default configuration as you described, the only different is the SBSe DNS Server picked up the ISP DNS as forwarder, this is because my router relayed the ISP DNS information to SBSe.
Would you able to explain this?
Great contribution you have there!
This can be of help for people who wants to have a small business.
sugar
i have read your blog you have potted very good sort of information on your blog i like to visit here thanks for sharing this information with us
sbs 2008
Sean,
I have setup my first SBS Essentials network for one of my clinets a couple of weeks ago. Everything works fine for the majority of users where they get assigned the SBS's IP as a static DNS when they are connected to the office network and the DHCP DNS when they are at home. However, I have one user that always has the SBS IP assigned as the static DNS. I have had to have him manually change it back to "Obtain DNS server address automatically" about 3 times now. That fixes it fine until he comes back to the office and it gets changed back to "Use the following DNS server addresses," assigned to the SBS's IP address, upon returning to the office. What could be causing this and what would you suggest as far as troubleshooting steps?
As mentioned above, this is how the SBS client code works. We statically set the DNS address to the SBS server with our LAN CONFIG service. if you leave the network, it should get set back to dynamically assigned.
I just reread my original comment and it wasn't very clear. What I'm attempting to say is that one laptop user on our SBS 2011 domain is getting assigned a static DNS by the LAN Config service when he is connected in the office, but the service is failing to revert him back to dynamically assigned DNS when he leaves the office network. He has to manually revert the configuration back to "Obtain DNS server address automatically." Is there anything you've seen that would cause the LAN Config service to set the Static DNS correctly when in the office but fail to revert it to Dynamic DNS when away? Any suggestions on what could be causing the problem and how to fix it are greatly appreciated.
Hi Jim,
Did you make sure the LAN Configuration service is started? It should be, but I've seen one or two instances where it wasn't started. if you re-kick it (stop/start)... does it fix the issue?
Thanks for the very informative article. I'm also installing SBS essentials and was having a hard time figuring out exactly what was going on. When I saw that it had not given the server a static IP, I decided that I better go ahead and give it one. Then I thought that they must be up to something, so I put it back to dynamic. With the changes back and forth it seemed to get messed up, because now the client (I've only connected one so far) isn't resolving names on the internet, but the server is. Also, the client is even resolving //Server/connect. Maybe the LAN Configuration service got turned off. I'm not worried about it because I've about decided to just do it "the old way". It seems like Microsoft is assuming that anyone who is installing Essentials isn't going to be paying any attention to the NIC config. settings, so they don't bother telling you. That is a bad assumption. There are other reasons to go with Essentials instead of Standard or 2008 Foundation, other than that you are not aware of TCP/IP. All they had to do was put a screen in the connector program explaining it. It would have saved many people some time, I'm sure. Anyway, that is my anti-Microsoft rant for the day. My only question is, if I set it up to do it the old way, should I turn off the LAN Configuration Service? And what about the similar service that the Server is running? What is it called, and should I turn it off? Thanks.
Correction to above. I meant to say "the client is NOT even resolving //Server/connect."
Hi Bryan,
Thanks for your feedback. Typically partners that are out in the community like yourself understand NIC settings and such. Many do not, and SBS essentials was also designed to be installed by people less technical than yourself.
You can absolutely set it up the old way, it's designed to work both ways. You can even disable the LAN CONFIG service no the client if you want, but you don't have to.
I'm actually the person who made the decision to do it this way. The reasoning was that people like yourself will know how to do it properly, and can just set it up that way, while people who don't understand static IP addresses, and probably will never read this post, it just kinda works for them in most cases.
Hope that helps,
Sean
Thanks for the reply. I joined one client to the network "the old way" this evening and it is working, so that is the way I will go. I also should mention that it did work the first time using the connector program, and my problem was just that I didn't expect it to work that way and figured I needed to change it, then decided to change it back, and that is when something didn't work right. Anyway, I definitely see the value of a server OS that really can configure the IP addresses automatically, and all you have to do is follow on screen directions. I guess my main suggestion is a short, prominent statement somewhere that briefly explains the choice, and then gives a link to your article. But I can also see that they may not want to confuse people who really don't care about it, so it might be a tough balance. Thanks again.
Hey Sean,
Just wondering if you have run into this.. I am trying to use OpenDNS on my network to enable website filtering.. The server is set up with a static IP, I am also running DHCP from the server, and I have the OpenDNS servers set up as forwarders in DNS..
Every time the server restarts for updates or whatever, my router 192.168.0.1 keeps getting put back into the forwarders table - I can't figure out how to disable this feature.. I changed Windows Update to not install automatically so that I can try to monitor this and delete the entry after a reboots..
Do you know of any way to delete or stop this feature?
DNS will automatically detect forwarders. I'd suggest also adding OpenDNS into your router DNS configuration and then you'll be set regardless of what happens. I believe Windows DNS will use your forwarders first.
Just a followup and a couple questions. I ended up trying a system restore to get the connector program to work. That took care of it, and I decided to go that way after all. However, Launchpad seems to add significantly to the start up time of the client computers. (We shut down our computers at night.) If I decide to give the server a static IP address, could I uninstall Launchpad from the clients? If I did, could I get access to Backup and Dashboard another way? Thanks.
The launchpad is the client UX for entry. You can always do the backup from the server. You can also create a RDP link on your desktop to get to the dashboard, it's just a remote application.
Interesting, but I am not seeing this automatic behavior function properly. Having come from previous SBS environments, I habitually set the DHCP DNS from the router to point to the static IP of the SBS box on site. Every machine works great on site with the SBS. But the first time I took a notebook offsite to test VPN connectivity, I found that the DNS was hardcoded to the SBS address, so internet anywhere else was broken. I set DNS back to DHCP assigned and everything worked as expected. The DNS settings even were broken on Verizon Wireless adapters on some machines with built-in 3G and 4G connections, though fixing DNS once appears to be a permanent solution on those adapters.
I found that the LAN Config service was supposed to be responsible for doing this so disabled it, set the adapter to DHCP again, and thought we were good. But these machines are regularly reset to point to the SBS box every time they come back to the office, which then breaks DNS the next time they leave. The wireless adapter is always hardcoded with the LAN IP of the SBS box. It clearly did not work with the default configuration, and something breaks it with "the old way" (or a reasonable facsimile thereof - since the SBS box is not doing DHCP) by turning off DHCP DNS without regard to whether or not DNS is currently pointing to the SBS. These machines are in and out of the office several times a week or more, attempting to get online on other WLANs and connect to the VPN when they are out of the office, so this issue is troublesome.
Can you tell me what else needs to be disabled to make SBS leave the DNS settings alone? I haven't dug through the group policy yet but I imagine that's a likely place for that setting to be pushed to the client. Or what action forces a reset with LAN Config running? I am not stuck to the "old way" as long as I can configure it in a way that works every time to end user frustration.
Played with the LAN Configuration service today on my client's machines that were having the DNS issues. The behavior I found is that when the LCS sees the server, it hard codes DNS for every adapter (Wifi, Ethernet, and 3G/4G) until a network connection is made and identified at a time when the server cannot be contacted. Several seconds after that, the DNS settings go back to DHCP assigned servers. This appeared to be mostly reliable although sometimes it seemed the settings took a little while to kick in.
Where this appears problematic is when the client connects to the VPN. All DNS servers are set to the private IP of the SBS, which is fine. But when the VPN is disconnected, the DNS settings do not revert, leaving Internet broken until that network is disconnected and reconnected. This behavior occurs on both Wifi and cellular data, ethernet was not tested. I left this alone because the likely use case is that when the client is done with the VPN he will also be done with his machine, but this may not necessarily always be the case.
Additionally, I attempted to reenable the service via Group Policy so as not to have to touch all the machines this service was disabled on. However, on the server's service list, there is no LAN Configuration service and instead a Network Helper service in its location in the list but not present on client PCs. Creating and enabling a GPO to set this service to Automatic appeared to have no effect on client machines.
OK -- we should be a little clearer here guys. In the Windows Services console (services.msc), it's referred to as "Windows Server LAN Configuration" -- not "LAN Config" or "LAN Configuration".
I quickly opened services.msc and searched for both of those terms -- couldn't find either. Came across this page (http://blogs.technet.com/b/sbs/archive/2011/09/22/running-dhcp-server-on-sbs-2011-essentials-with-a-static-ip.aspx) which clarified the name for me.
I have a similar question. In my previous post I said I had decided to use the automatic connect function. I did and it worked well. However, we soon noticed intermittent internet connection problems. To make a long story short, I thought there was reason to suspect that DNS was not working fast enough, and it was timing out. I couldn't find an easy way to increase the time, so I added the router as a secondary DNS pointer on each client's NIC configuration. So I now have it that each client points first to the server and then to the router. This is the way we had them set up before. The only two people who take their computer home apparently have the same address for their router at home so it works. I also made the server static, because I am not letting DHCP give the DNS pointers to the client. Since I am hard coding them in, it had to be static. This worked to fix the intermittant problem. The only thing is that sometimes SBS is taking over and making the server the only DNS pointer. I think it may happen only when a computer is already powered up when the server is started up, but I'm not sure. Anyway, (Like Chris above) I would like to disable this.
I found the "Windows Server LAN Configuration" service on the clients. On the server I found "Windows Server Networking Helper" service and "Windows Server UPnP Device Service". From its description in the services list, and from the original blog, I suspect this may be the one. Which of these services should be turned off to get SBS to leave the NIC settings alone? And will turning it (them?) off cause any problems? Thanks.
Lots of good discussion here, which I am loving.
The "Windows Server Lan Configuration" service is the one that changes the DNS settings pending discovery of the server, so that's the only one you can choose to disable if you set up DHCP/DNS manually and give the server a static IP address. Do not disable the "Windows Server Networking Helper" service, and the "Windows Server UPnP Device Service" has a totally different cause.
Hi Sean and others,
I'd like to report I'm seeing the same behavior as Chris Melancon and others, where a SBS Essentials client keeps having its DNS statically set to the server IP even when it is not connected to the SBS network.
The machine has a wired and wireless connection. Only the wireless connection is used. It runs Windows 7 Home Premium. I have previously configured the "Windows Server LAN Configuration" service to be stopped and set it to disabled.
Yesterday afternoon, the user called from home again to say they could not connect to the internet, and the cause was again that the wireless NIC was manually set to use a single IP, the IP of the SBS Essentials server. The wired NIC was configured to use automatic DNS assignment as I had previously configured it.
So, is there something else in the SBS client software stack, maybe the launchpad app, that has the ability to change client DNS settings?
I just want to turn this behaviour completely off so the client always stays on Automatic settings and functions like any other Windows client OS.
Thanks,
Tim Miller Dyck
For those of you who are having issues in the comments regarding IP addresses switching back to dynamic, we can't seem to reproduce this in house, and would like you to report the issue with logs attached.
Please report the issue in Microsoft's Connect Website and also ensure you collect the appropriate logs on you client and server using the new log collector.
this will ensure that our support team gets the required information to investigate the root cause and potentially releaese a fix for the issue you're having.
I am also experiencing the same issue on my laptop. Dell Vostro 1520. I'm wondering if it could be an adapter (hardware) issue.
Sometimes when I leave my house/domain it goes back to automatic DNS config, but other times, it stays on the static IP of my server in the domain and I have to manually change back to dynamic dns acquire to get internet connectivity working again.
I just tried out the step of disabling Windows Server LAN Configuration Service and well report back on how that works.
I don't know how to use the log collector effectively to capture these instances without sending you a bunch of other irrelevant log info.
Cheers,
Ben
Hi Sean, I have posted server and client log files on the Connector web site. Thanks for asking about it. -Tim Miller Dyck
Glad to have stumbled across this thread - I have the same issue with DNS not reverting to 'Obtain DNS server address automatically' when not connected to the SBSe network.
I too have posted Server and Client log files to the Connect website.
Sean - this is a great write-up. My issue is similar to those above but slightly different. When my laptop is at a client's location, and I connect via SSL VPN (outside of SBS), my DNS servers get changed to the SBS server as expected. However, that means that I can no longer access intranet sites and services at the client's location, since my DNS queries are now running thru the SBS machine.
Perhaps the Lan config client should copy the DHCP server assigned DNS address as the alternate, and make the SBS DNS the primary? this way, the resolution would work on all fronts?
Hi Sean,
If/when you see this ... I was able to resolve my issue by disabling the Lan Config Service. I don't see any side effects of doing so. Technet
Post
I've got no issue with the way MS does DNS in SBSe IFF it actually worked.
For some reason an entire site went down this morning because after their internet dropped the LANConfig service gave every computer a manual DNS of 169.254.x.x and never bothered to switch it back once the internet was restored.
#nothappy
I wanted to post a workaround I have deployed for the user that has this issue. Unfortunately, the user needs to be a local administrator to run this.
Create a shortcut to cmd.exe, setting Shortcut > Advanced… > Run as Administrator to enabled, and setting the command to be:
%windir%\system32\cmd.exe /c netsh interface ip set dns "Wireless Network Connection" dhcp
Where "Wireless Network Connection" is the name of the wireless network connection.
There is still a UAC prompt when the cmd.exe icon is clicked but no right-clicking, Run as Administrator is required.
This just changes the NIC settings back to get DNS through DHCP instead of using specially set DHCP server IPs.
Regards,
Tim Miller Dyck
Hi Sean,
Which DNS address should be configured in my SBS Server's NIC? I had to set my router's IP because, if not, client PCs couldn't connect to the Internet.
Thanks!
Emiliano
The SBS Server's NIC should be 127.0.0.1 (local host), and then inside DNS, the DNS forwarders should either point to your router's IP, or to your ISPs (or even OpenDNS or the like) DNS servers. Your clients DNS server should always be the server in SBS scenarios.
This approach is very unreliable, slowly reacting (if at all), confusing, frustrating... Sorry, but this is our experience.
Why don't you just install DHCP on the SBS and configure it to assign the correct DNS? Maybe automatically assign two DNS: router and server to omit the forwarder?
Hi Sam,
Thanks for the feedback. I'm sure the readers of this blog are all excluded from this comment, but one of the highest support calls we get in SBS is miss-configured DNS on the local network. This was put in place to address it. if you set up DNS correctly on your network, then this sort of fades away.
So to sumarize,
If I want to setup DHCP the old fasion way I should:
1) Set static IP on the server
2) Install & configure DHCP
3) Stop & Disable "Windows Server LAN Configuration" service on the server
4) Stop & Disable "LAN Configuration Service" service on the clients
Is that correct ?
Can the last part be done using GPO at Windows Setting\Security Settings\System Services ?
I would leave the server one running (ie, don't do step 3), and yes you can use GPO for the later. I don't have steps for that.
Sean, I'm also seeing the same behavior with my laptops connected to SBSe. All of these laptops use the wired LAN connection, but when they go home, they use their home wireless connection. And with the Windows Server LAN Configuration service automatically assigning the DNS on all NICs including the wireless cards, they cannot surf. My thought was to simply add 8.8.8.8 to the secondary DNS entry for the wireless cards, which would allow for surfing while away. I just don't know if the service will remove this other static DNS entry upon reboot.
Thanks for your suggestions.
Ken
it's typically poor practice to use DNS servers in the primary and secondary DNS entries that have different scope. This is because Windows doesn't always try the primary first, and then the secondary. if one fails, it moves to the secondary and only moves back when that one fails.
I suggest manually configuring your DNS correctly within DHCP on your server and disabling the LAN service as mentioned in above comments.
Thanks.
I have configured my SBSe server to use a static of 192.168.1.2 and my router uses 192.168.1.1. The router is also hosting DHCP, but I have set it to issue 192.168.1.2 for DNS back to the internal clients. I cannot move DHCP to the SBSe box as my Netgear router is a dual WAN device that has an auto-fallover setup for multiple ISPs. RWW doesn't work during fallover mode, but it's more critical for the internal clients to maintain Internet.
Can I disable the LAN service on my clients PCs in this setup so that the wifi card will not revert to the 192.168.1.2 DNS? All of the laptops are using the wired connection for better performance.
Ken
I'm experiencing this same issue. I have setup to small businesses recently, the first on an HP Microserver prior to them preinstalling the OS and then the second one where I got a HP microserver with SBSe 2011 preloaded. I have the same Samsung Series 9 laptops on both networks for mobile users, but the one network with the preinstalled OS from HP is experiencing the static DNS "sticky" situation where it won't revert back to automatic DHCP when off the SBSe LAN. I'm still wondering if there is a better way to troubleshoot this issue as my client is not all too happy about this....ah slight "inconvenience" based on this "upgrade" from SBS 2003 to SBSe. You would think the network part would work right on an 8 year difference in the version!
-Stonemeel
Post a Comment