Windows SBS2003 unable to get DHCP leases

dcabot

The SBS2003 is a domain controller, but is not the router nor the DHCP server.  In the RAS (Remote Access System) setup (wizard) it allows to use a DHCP server that it will forward the requests to.  The SBS2003 is also not the DNS server; the router is.  To avoid problems with Domain authentification the DHCP is configured for the clients to go to the SBS2003 server and the SBS2003 server is configured to go to the router (pfSense).  This is configured in the Internet Connection Setup on the SBS2003.

dotdash

This is just my opinion, and I'm just trying to be helpful, so don't be offended- but you are crazy and doing it wrong. The SBS server, NOT the firewall, should be running your DNS and DHCP. This will avoid many headaches, trust me on this one. The SBS server should point to it's own address for DNS, as well as the windows clients, or your AD will be sad.

rsw686

Yep with AD I'd run the DNS and DHCP on the SBS server. They integrate nicely together and I think you will find your life much easier.

ballerh3

@rsw686:

Yep with AD I'd run the DNS and DHCP on the SBS server. They integrate nicely together and I think you will find your life much easier.

Is that the prefered way when using Windows Server 2k3 with AD too?
Cause right now at work IPCOP handling the DHCP.
The server is setup with an static configuration and is pointing to itself like it should.

dcabot

That's correct.  IPCOP does this like a charm, but pfSense won't.  I know there's opinions out there, but I'm in the camp that the router should be doing the DNS & DHCP.

jahonix

@dcabot:

That's correct.  IPCOP does this like a charm, but pfSense won't.

I don't get your point.
pfSense does DNS and DHCP nicely but doesn't know about AD obviously.
If you are running an AD domain, shifting the necessary services to the DC is best practice. Can't imaging what another router might be doing more charmingly here.

fribert

@jahonix:

@dcabot:

That's correct.  IPCOP does this like a charm, but pfSense won't.

pfSense does DNS and DHCP nicely but doesn't know about AD obviously.

Exactly right, the problem being that with MS DNS and DHCP isn't just DNS and DHCP, "it's something wonderfull and fantastic" that MShit just couldn't keep within the standard (what else is new)  :-\

sullrich

Try capturing the traffic with wireshark on pfS and on IPCOP and lets try to find out what is different.  They are both isc-dhcp-server3 after all…

ballerh3

Can both IPCop or pfSense be used at the same time has an backup? Like a failover.

hoba

I wouldn't think so unless ipcop supports CARP (which it doesn't afaik).