• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

unable to set static IP address

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> unable to set static IP address Page: [1]
Login
Message << Older Topic   Newer Topic >>
unable to set static IP address - 17.Oct.2008 11:31:33 AM   
jaccog

 

Posts: 8
Joined: 30.Jun.2005
From: Netherlands
Status: offline
Hi,

I'm installing a new ISA server and having a problem. Don;t know if it's ISA related but I thought I might try here.

When I set my internal LAN adapter to static IP, and apply the network properties dialog, it is accepting the changes. However, at every boot or at every re-open of the TCP-properties, the dialog's "Assing IP addresses automatically" is checked again.
So, basically, I can not set my IP addresses static, any clue what I'm overlooking here?

I'm using windows 2003 server, ISA 2006.

Maybe this event-log item has something to do with it? but here as well, I have no clue why this is)

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date:  10/17/2008
Time:  5:20:08 PM
User:  NT AUTHORITY\SYSTEM
Computer: FW02
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Any help is greatly appreciated!

Jacco.
Post #: 1
RE: unable to set static IP address - 18.Oct.2008 9:18:19 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jacco,

Try setting the IP addressing information on the firewall using netsh

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jaccog)
Post #: 2
RE: unable to set static IP address - 19.Oct.2008 7:11:37 AM   
jaccog

 

Posts: 8
Joined: 30.Jun.2005
From: Netherlands
Status: offline
Hi Tom,

thanks for the suggestion. It's not working though. when I use "netsh interface ip set address ISP static 1.2.3.4 255.255.255.0 1.2.3.5 0" it waits a while and replies with OK
if I check later, using "netsh interface ip show address isp" is says it is still using DHCP.

Any clues? Could it be some kind of domain policy I should check maybe?

and yes, I have full admininistrator rights ;)

thanks for any reply!

(in reply to tshinder)
Post #: 3
RE: unable to set static IP address - 20.Oct.2008 8:53:27 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Ouch! That is a strange problem. I don't know what might be causing that problem, never seen such a thing before.

Is this a new NIC, installed after ISA was installed?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jaccog)
Post #: 4
RE: unable to set static IP address - 20.Oct.2008 8:55:57 AM   
jaccog

 

Posts: 8
Joined: 30.Jun.2005
From: Netherlands
Status: offline
Hi Tom,

It's an brand new Dell server (Poweredge 1950 with 2 onboard broadcom netxtreme II controllers).
We installed the OS (windows 2003 server) and joined into our domain. after that ISA was installed

HTH.

thanks for your reply!

(in reply to tshinder)
Post #: 5
RE: unable to set static IP address - 21.Oct.2008 1:59:33 PM   
mascalia

 

Posts: 44
Joined: 13.Feb.2008
Status: offline
As an old MCSE, the ominous phrase "...Group Policy processing aborted..." tells me something else might be going on behind the scenes.

One of several datacenter protection mechanisms is to use AD Group Policy to prevent the use of static IP addresses.  It forces the use of DHCP, which could be good for centralized admin.  It also prevents IP impersonation on your network by someone with less than honorable intentions.

And the fact that your NIC configuration resets itself after rebooting makes me a little more sure about this, since Windows will reload all AD Policies on a reboot.

I may be wrong, but I'd check with your AD group to see if this is being pushed out as part of a Group Policy.

Hope that helps.

Mike

(in reply to jaccog)
Post #: 6
RE: unable to set static IP address - 22.Oct.2008 5:01:15 AM   
jaccog

 

Posts: 8
Joined: 30.Jun.2005
From: Netherlands
Status: offline
Solved :)

After 3 reinstalls of the entire OS, I found out using our best friend google that this "TCP Offload Engine" integrated in the motherboard was causing some problems.
I removed the TOE option and reinstalled again, after which everything worked just fine!

For future reference: I am using a Dell Poweredge 1950, which has 2 Broadcom BCM5708C NetXtremeII lan controllers. I removed the hardware TOE-key on the motherboard to disable the TOE capability.

Not an ISA issue after all, but I want to thank you for your help anyway!
Jacco

(in reply to mascalia)
Post #: 7
RE: unable to set static IP address - 22.Oct.2008 8:55:58 AM   
mascalia

 

Posts: 44
Joined: 13.Feb.2008
Status: offline
Wow, Jacco.  Good detective work!

I'm not having your problem, but we are also using Dell 1950's in our array, with the onboard Broadcomm NIC's.  I'll have to check that TOE setting (don't remember anything about a hardware TOE key, but I'll check on that as well).

I wonder what other little gremlins and goblins that setting can turn loose in your ISA system....

Mike

(in reply to jaccog)
Post #: 8
RE: unable to set static IP address - 22.Oct.2008 9:01:52 AM   
jaccog

 

Posts: 8
Joined: 30.Jun.2005
From: Netherlands
Status: offline
You can remove the TOE key (some sort of internal dongle) inside of your PE1950. remove the black airflow sheet and look for an RJ11 connector near the PSU unit(s).
I disabled it using the bios first but that didn't make any difference.

(in reply to mascalia)
Post #: 9
RE: unable to set static IP address - 22.Oct.2008 3:50:48 PM   
mascalia

 

Posts: 44
Joined: 13.Feb.2008
Status: offline
Yep, I've been researching the EVIL THAT IS DELL TOE all day.  We can't disable it in BIOS, via BACS3, or even with netsh.  While Windows may stop attempting to use TOE, that doesn't stop the little Broadcom demon from trying to mess up your network traffic with TOE at the hardware level - regardless of the O/S or driver configuration.

On the Dell support forums, there are pages and pages of folks having TOE-related problems with the "9th Generation" Broadcom NIC's ports on the new Dell servers.  Besides the fact that TOE isn't compatible with NLB or NAT (even when it's properly configured), I've read horror stories about situations where TOE should have helped, but instead caused major headaches. 

Name your app:  Exchange, Citrix, SQL Server, and especially Windows file transfers seemed to suffer when TOE was enabled (or supposedly disabled).  Indeed, these poor souls also had to resort to physically neutering the Broadcom chipset by giving it a licensekeyectomy before they found any relief.

After neutering, the onboard Broadcom NIC ports seem to be remarkably well behaved, and didn't cause any further problems .

It would seem that, for now, if you have a Dell PE server with the new Broadcomm chipset, and it has the TOE license key installed, the best bet is to simply yank the little bugger.  Any performance gains you might gain from TOE are extremely counterbalanced by the potential negative consequences of leaving it enabled.

Yank the chip and be done with it.  Or, as so many other Dell customers seem to be doing, disable the Broadcom NICs entirely and install some Intel GigE server adapters.

Thanks,
Mike

(in reply to jaccog)
Post #: 10
RE: unable to set static IP address - 24.Oct.2008 7:45:10 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

What a great thread! Thanks for the great sleuthing and troubleshooting.

Indeed! The Broadcom NICs are true evil and when I order new servers, I just disable the onboard NICs and use Intel NICs in them.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mascalia)
Post #: 11
RE: unable to set static IP address - 24.Oct.2008 9:25:34 AM   
mascalia

 

Posts: 44
Joined: 13.Feb.2008
Status: offline
Hi Tom.

Actually, unless you just WANT Intel cards, you don't have to abandon the two onboard Broadcom NICs.  If you remove the TOE License Key from the motherboard, those NICs perform very well.

It was pretty funny - when I asked our server folks to "remove the TOE License Key" from our PE1950's, they came back and said "is this what was causing all your problems?"

It's a little (and I mean little) plastic beige button, about as big as a dime, with (I think) an RJ11 plug on the bottom (looks exactly like a plug on the end of a telephone line).  It says "TOExx" on it (mine says "TOE2").  It's near the middle of the motherboard.  Here's a link to a thread on the Dell forums with a picture of where the little monster is attached:

http://www.dellcommunity.com/supportforums/board/message?board.id=netwkint&thread.id=30001&view=by_date_ascending&page=2

Picture is about halfway down. 

From what I've read, with these specific NIC's it's a three part process:
  1. Disable SNP (which includes TOE) in Windows.  Here's a link:  http://support.microsoft.com/kb/948496.
  2. Disable RSS and all offloading options in the NIC driver (can be done from Device Manager or from Network Connections.  Click "Configure", then click "Advanced", and turn off RSS and all offload functions.
  3. Power down, unplug the hardware key, power up.
  4. You're done.

While YMMV, this tamed our rebellious Broadcom NIC's into models of networking propriety.

One other note:  Don't believe the Broadcom propaganda (better known as the BACS documentation and help files).  Broadcom claims that you can use their network driver admin software (currently BACS3) to disable TOE.  That may work for some, but not for me and others. 

Supposedly, TOE is automatically disabled whenever a firewall is running (including ISA and the Microsoft firewall).  Not true with this particular chipset.  However, the BACS software detects that Windows has attempted to stop using TOE, so all the functions to actually disable it with BACS are greyed out.

Maybe, if I had attempted to use BACS3 to turn off TOE prior to installing ISA (or running the Microsoft hotfix to disable TOE), BACS would allow me to disable it in the hardware.  Too late for me to try, but I'll give it a go on the next batch of serves that come in.  (If someone else tries it and it works, let me know).

Also, the ONLY sure-fire way to KNOW if TOE is turned off in the hardware is to install and use Dell OpenManage Server Administrator.  On my system, you navigate to System\Main System Chassis\Network, click on one of the Broadcom NICs, and near the bottom will be two entries:
  • TOE Capable - Available (it's always available, since it's built in to the chipset).
  • TOE Enabled - NO (should be disabled because you've removed the license key).

In BACS, Under Licenses in the Configuration tab, it will also show zero connections for TOE (no available TOE licenses for this server).

Whew, that's a mouthful.  But for those that want to use the Broadcom NICs and not suffer the bipolar swings of TOE, this is the best way I've found to disable it - and confirm that it's been disabled.

As always, if I'm wrong, or if there'a s better way, please feel free to let me know so everyone has the best, most correct information on how to deal with this issue.

Mike



quote:

ORIGINAL: tshinder

Hey guys,

What a great thread! Thanks for the great sleuthing and troubleshooting.

Indeed! The Broadcom NICs are true evil and when I order new servers, I just disable the onboard NICs and use Intel NICs in them.

Thanks!
Tom

(in reply to tshinder)
Post #: 12
RE: unable to set static IP address - 28.Oct.2008 7:08:10 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mike,

Great tip!

I'll make sure to include it in next month's newsletter.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mascalia)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> unable to set static IP address Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts