THE OFFICIAL BLOG OF THE SBS "DIVA"

One of the best resources for information ... I think... is the Partner managed newsgroups.  Lately they've been publishing these "tech bulletins" in there.  Check it out:

This is the second round of this Tech bulletin regarding SBS 2008.

After installing SBS 2008, we need to run several wizards to configure the
network. In SBS 2003, the Configure E-Mail and Internet Connection Wizard
(CEICW) was available to administrators for configuring the firewall,
Internet connection, self-signed certificate, and email settings from a
single wizard. The SBS 2003 CEICW is now broken into 5 different wizards in
SBS 2008:

. Connect to the Internet Wizard for outbound connectivity
. Internet Address Management Wizard for inbound connectivity, which also
configures domain names with participating domain name providers
. Add a Trusted Certificate Wizard for adding certs to the box
. Configure a Smart Host Wizard for outbound e-mail smarthost configuration
. Fix-My-Network wizard for continuous re-runs to reset configuration to
factory defaults

In this topic, we would like to introduce one of the major networking
wizards Connect to the Internet Wizard (CTIW) and gives some insight on how
setup handles networking.

The job of the CTIW is to detect a third party firewall device or ISA server
and an existing DHCP server, while trying to gather information about the
current network settings so it can properly configure the server to
communicate with the Internet. This is only a small part of what the CEICW
did in SBS 2003. Public domain name, certificate, and Exchange configuration
are done using other wizards.

To first understand how the CTIW works, you must first be aware of the
networking requirements of SBS 2008 and understand what steps are occurring
during setup to configure the network connection of the server. Whether or
not you need to run the CTIW depends directly on a successful networking
configuration performed by setup.

SBS 2008 has been designed primarily to move existing peer to peer networks
to an integrated server solution. In the typical peer to peer network, a
hardware device is acting as the DHCP server and firewall for the local area
network (LAN). SBS 2008 setup has been designed to automatically detect the
presence of DHCP and the default gateway on the LAN, and then use this
information to configure the server's network settings. The goal is to
connect the server to the Internet with as little user intervention as
possible. If the automatic configuration of the network fails during setup,
then it will be clearly marked in the Getting Started tasks in the
Administrator Console. If it is successful, then the CTIW does not need to
be run.

SBS 2008 must be installed with a single network interface card connected to
the LAN, which is protected by either a 3rd party firewall or an ISA server.
The Premium SKU includes a second copy of Windows Server 2008 Standard to
install on another machine. If you wish, you can install a second NIC and
ISA on this machine and place it on the edge of your network.

**The SBSAnswerFile.xml is used to enter either Migration Mode or Advanced
Mode during setup. In either case, you are manually entering the network
settings of the server and automatic detection is skipped. **

Network detection during setup
During a clean install of SBS 2008 (no answer file), the following steps are
occurring to determine current network settings:
. SBS setup will attempt to detect an existing DHCP service. If DHCP is
properly configured, we will also find the router.
. If DHCP is detected, and we are not in a migration mode, SBS uses the DHCP
network to obtain updates and skips the rest of the network configuration.
We will use the DHCP assigned IP address as our static IP to get through
DCPROMO. Afterwards, the CTIW will ask that you disable the existing DHCP
service and enable it on SBS.
. If it doesn't detect DHCP, it will attempt to detect the router primarily
on 192.168.x.1 or 192.168.x.254.  It will not automatically detect routers
in 172.x.x.x or 10.x.x.x networks.
. If we do not detect a router, we will use a temporary static IP for the
DCPROMO process. The CTIW will need to be run after setup completes
. If we detect a router and an internet connection, setup will complete the
internet connection process and you will not have to run the CTIW.
.
Network Interface Cards
In the case of setup detecting multiple network interface cards (NICs), one
of the following will occur:
. If 1 private and 1 public NIC is detected, the public NIC is disabled and
the private is configured.
. If no private NICs are detected and one or more public NICs are, setup is
blocked.
. If multiple private NICs are detected and no public NICs, then setup
chooses the first NIC detected and disables the rest.
. If no NIC is detected, setup is blocked until a network card is installed
and plugged in. If you need to add drivers for your network card, you can
add them when Windows prompts you for drivers for your disk.

How the router is discovered
If not discovered through DHCP, the server does the following both during
setup and during the CTIW:
. Sends an ICMP Router Discovery Message on multicast address 224.0.0.2.
Routers on the LAN that support RFC 1256 will respond with a Router
Advertisement.
. It uses the Simple Service Discovery Protocol Discovery Service (SSDP) to
find routers that do not support RFC 1256.
. It will send ARP requests to 192.168.*.1 and 192.168.*.255, checking 255
subnets for the router.
If a router is found, then the following is done:
. It will attempt to ping the router for a response.
. It will try to resolve 3 requests for WWW.MICROSOFT.COM from 3 randomly
chosen root hint DNS servers through the detected router. During setup, the
list of root hints is hard coded, but after install the list is dynamically
chosen from the server's DNS. Note: it doesn't actually connect to
WWW.MICROSOFT.COM, just looks for a successful response from the root hint
DNS server
. If it cannot resolve WWW.MICROSOFT.COM, then the user will be prompted to
manually configure the router and test the internet connection.
When dealing with an ipv6 router with DHCP disabled, SBS relies on stateless
auto-configuration to be enabled on the router. In this case, a router
discovery broadcast will return a response from the router including the
site prefix and gateway address of the network. IPv6 routers must support
stateless auto-configuration to properly work in the SBS 2008 environment.
IPv4 must still be enabled, as some SBS features, specifically Exchange,
requires IPv4.

CTIW Flow
You can launch the CTIW from two places in the Windows SBS Console; either
under the Getting Started Tasks, or under Network > Connectivity:
After the welcome screen, the number of network cards is detected and the
wizard will attempt to automatically detect the router once more (if we have
not detected a DHCP service). It does this in case the user has changed
routers since setup or since the last time the wizard was run. The wizard
will detect the presence of the router and an Internet connection in the
same fashion that setup uses, described above.
If the router is detected, if we receive a reply from the root hints server,
and there is no existing DHCP server on the network, then the wizard will
complete without incident.

If DHCP is detected on the network
If the wizard detects a DHCP presence, the following occurs:
. It uses the current DHCP subnet settings to configure the DHCP scope on
the server. It configures the new scope to hand out Class-C addresses on the
same network as the router, from .1 to .254 with .1 through .10 excluded.
. It asks the user to manually disable it, and then check the network once
again. If you cannot disable DHCP at the moment, it will ask you to postpone
it and the DHCP service will remain disabled on SBS. You will be constantly
reminded of this.

If no router or Internet connection detected
If no router is found, then you are prompted to enter the IP address of both
the router and server. At this point auto discovery is stopped.
The wizard will assign a subnet mask of 255.255.255.0 to the server and
configure DNS to use root hints. It will also test to see if the router
responds to the IP address entered and attempt to resolve WWW.MICROSOFT.COM
through root hints.
If the wizard fails to receive a reply from the router, it will notify us
and allow us to continue without detecting a router. If the DNS query fails,
we are prompted to login to the router to manually configure it for Internet
access, and then test the connection.
We can skip the test only after attempting it at least once. This will allow
us to complete the wizard without detecting the router or an Internet
connection.