Tuesday 19 June 2007

SBS 2K3 Premium - ISP changes the static IP, now what?

As was mentioned earlier, our clients affected by the extended Internet outage had their static IP changed during the upgrade to DSL 2.0.

With SBS 2K3 Standard, all one needs to do is change the IP, Subnet, and Gateway on the second adapter (if installed). Or, the same changes would need to be made on the Router/Gateway box protecting the SBS network. Obviously this would have to be done on-site by someone with admin access, or via a service call by us.

The second thing common to both versions is to update the client Internet domain name's DNS settings for e-mail if the client has their domain e-mail coming to the SBS box via SMTP. This involves updating the IP associated with the MX and A record pointing to the old IP:

  • MX 10 mail.mydomain.com
  • A mail.mydomain.com (old IP)
Updated to:

  • A mail.mydomain.com (new IP)
If any updates in WSUS were approved just before the connection went down and hadn't yet had a chance to synchronize and download, they will have errors beside them (shown by a red x in the WSUS Web console). One will need to approve them again in order to get them to download and install properly. In this case we were dealing with WSUS 2.0. Once should verify the WSUS 3.0 updates status as well.

Once the above steps have been completed, then on the Premium boxes, we need to make some changes to ISA as well.

  1. On the second NIC (WAN=ISA), the IP, Subnet, and Gateway need to be changed to the new settings. Note that DNS on this adapter always points to the SBS IP!
  2. ISA Services need to be rebooted:
    • Click on Restart the service
    • Click on "Yes" to the "Restart Other Services" warning dialogue:

  3. Verify the settings in ISA:
    1. Open the ISA Manager
    2. Click on Firewall Policy
    3. Double click any one of the SBS Rules: SharePoint, OWA, etc
    4. Click the Listener tab
    5. Click the Properties button
    6. Click on the Networks tab
    7. Double Click the "External " (or click the Address button)
    8. Note that the correct IP is now present:

  4. The server should be rebooted after hours.
The server reboot is a precaution. This is especially true for one of our client's servers since it was quite plugged up after not being connected to the Internet for 5 whole days.

One can log on later to reboot the server via remote connection, or one can schedule a reboot (previous blog post how-to).

As always, let your client know that the reboot will be happening later on in the evening, and check RRAS to verify that no clients are connected via VPN so that no files may be corrupted:

As a rule, if anyone was connected to their desktop via RWW/RDP at the time of the server reboot, they will be able to reconnect to their session after the server reboots. In the event that they are not able to, their workstation should remain locked with their work there for them in the morning. The exception to this rule is a workstation reboot forced by the overnight updates.

Thus the request for the server reboot in the first place! :D

Philip Elder
Microsoft Small Business Specialists

No comments: