INove Theme Menubar

Windows Time Service and Internet Communication

November 1, 2009 Leave a comment

©2009 Microsoft Corporation. All rights reserved.

Windows Time Service and Internet Communication

This section provides information about the following:

  • The benefits of Windows Time Service
  • How Windows Time Service communicates with sites on the Internet
  • How to control Windows Time Service to limit the flow of information to and from the Internet
  • How to monitor and troubleshoot Windows Time Service after configuration is complete

Benefits and Purposes of Windows Time Service

Many components of Microsoft Windows Server 2003 rely on accurate and synchronized time to function correctly. For example, without clocks that are synchronized to the correct time on all computers, Windows Server 2003 authentication might falsely interpret logon requests as intrusion attempts and consequently deny access to users.

With time synchronization, you can correlate events on different computers in an enterprise. With synchronized clocks on all of your computers, you ensure that you can correctly analyze events that happen in sequence on multiple computers. Windows Time Service automatically synchronizes a local computer’s time with other computers on a network to improve security and performance in your organization.

Overview: Using Windows Time Service in a Managed Environment

Computers keep the time on their internal clocks, which allows them to perform any function that requires the date or time. For scheduling purposes, however, the clocks must be set to the correct date and time, and they must be synchronized with the other clocks in the network. Without some other method in place, these clocks must be set manually.

With time synchronization, computers set their clocks automatically to match another computer’s clock. One computer maintains very accurate time, and then all other computers set their clocks to match that computer. In this way, you can set accurate time on all computers.

Windows Time Service is installed by default on all computers running Windows Server 2003 and Windows XP. Windows Time Service uses Coordinated Universal Time (UTC), which is independent of time zone. Time zone information is stored in the computer’s registry and is added to the system time just before it is displayed to the user.

By default, Windows Time Service starts automatically on computers running Windows XP. In a domain, time synchronization takes place when Windows Time Service turns on during system startup and periodically while the system is running. In the default configuration, the Net Logon service looks for a domain controller that can authenticate and synchronize time with the client. When a domain controller is found, the client sends a request for time and waits for a reply from the domain controller. This communication is an exchange of Network Time Protocol (NTP) packets intended to calculate the time offset and round-trip delay between the two computers.

Note that computers running Windows Server 2003 use the Network Time Protocol (NTP), while computers running Windows 2000 use the Simple Network Time Protocol (SNTP).

How Windows Time Service Communicates with Sites on the Internet

In Windows Server 2003, Windows Time Service automatically synchronizes the local computer’s time with other computers on the network. The time source for this synchronization varies, depending on whether the computer is joined to a domain in the Active Directory directory service or to a workgroup.

When a Server Running Windows Server 2003 is Part of a Workgroup

In this scenario, the default setting for the time synchronization frequency is set to “once per week,” and this default setting uses the time.windows.com site as the trusted time synchronization source. This setting will remain until you manually set it otherwise. One or more computers might be identified as a locally reliable time source by configuring Windows Time Service on those computers to use a known accurate time source, either by using special hardware or a time source available on the Internet. All other workgroup computers can be configured manually to synchronize their time with these local time sources.

When a Server Running Windows Server 2003 is a Member of a Domain

In this scenario, Windows Time Service configures itself automatically, using the Windows Time Service that is available on the domain controllers.

Windows Time Service on a domain controller can be configured as either a reliable or an unreliable time source. Windows Time Service running on a client will attempt to synchronize its time source with servers that are indicated as reliable. Windows Time Service can configure a domain controller within its domain as a reliable time source, and it synchronizes itself periodically with this source. These settings can be modified or overwritten, depending on specific needs.

Communication Between Windows Time Service and the Internet

The following list describes various aspects of Windows Time Service data that is sent to and from the Internet and how the exchange of information takes place.

  • Specific information sent or received: The service sends information in the form of a Network Time Protocol (NTP) packet. For more information about Windows Time Service and NTP packets, see the references listed in “Related Links,” later in this section.
  • Default and recommended settings: Computers that are members of an Active Directory domain synchronize time with domain controllers by default. Domain controllers synchronize time with their parent domain controller. By default, the root parent domain controller will not synchronize to a time source. The root parent domain controller can be set to either synchronize to a known and trusted Internet-based time source, or a hardware time device that provides an NTP or SNTP interface. Its time accuracy can also be maintained manually.We recommend that you configure the authoritative time server to synchronize to a hardware source, not an Internet time source. For more information, see article 884776, “Configuring the Windows Time service against a large time offset” in the Microsoft Knowledge Base at:http://go.microsoft.com/fwlink/?LinkId=46021 [ http://go.microsoft.com/fwlink/?LinkId=46021 ]
  • Triggers and user notification: Windows Time Service is started when the computer starts. Additionally, the service will continue to synchronize time with the designated network time source and adjust the computer time of the local computer when necessary. Notification is not sent to the user.
  • Logging: Information related to the service is stored in the Windows System event log. The time and network address of the time synchronization source is contained in the Windows event log entries. Additionally, warning or error condition information related to the service is stored in the Windows System event log.
  • Encryption: Encryption is not used in the network time synchronization for domain peers. (Authentication, however, is used.)
  • Information storage: The service does not store information, as all information that results from the time synchronization process is lost when the time synchronization service request is completed.
  • Port: NTP and SNTP use User Datagram Protocol (UDP) port 123 on time servers. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP or NTP servers.
  • Protocol: The service on Windows Server 2003 implements NTP to communicate with other computers on the network.
  • Ability to disable: Disabling the service might have indirect effects on applications or other services. Applications and services that depend on time synchronization, such as Kerberos V5 authentication protocol, may fail, or they may yield undesirable results if there is a significant time discrepancy among computers. Because most computers’ hardware-based clocks are imprecise, the difference between computer clocks on the network usually increases over time.

Controlling Windows Time Service to Limit the Flow of Information to and from the Internet

Group Policy can be used to control Windows Time Service for computers that are running Windows Server 2003 to limit the flow of information to and from the Internet.

The synchronization type and NTP time server information can be managed and controlled through Group Policy. The Windows Time Service Group Policy object (GPO) contains configuration settings that specify the synchronization type. When the synchronization type is set to NT5DS, Windows Time Service synchronizes its time resource with the network domain controller. Alternatively, setting the type attribute to NTP configures Windows Time Service to synchronize with a specified NTP time server. The NTP server is specified by either its Domain Name System (DNS) name or its IP address when you select NTP as the synchronization type.

For more information about configuring Windows Time Service during deployment of products in the Windows Server 2003 family, see Designing and Deploying Directory and Security Services and Designing a Managed Environment in the Microsoft Windows Server 2003 Deployment Kit at:

http://go.microsoft.com/fwlink/?linkid=44319 [ http://go.microsoft.com/fwlink/?linkid=44319 ]

Clients on a managed network can be configured to synchronize computer clock settings to an NTP server on the network to minimize traffic out to the Internet and to ensure that the clients synchronize to a single reliable time source. If you choose to do so, you can disable time synchronization for both non-domain and domain computers running Windows Server 2003 by using Group Policy. The procedures for configuring Windows Time Service are given at the end of this section of the white paper.

How Windows Time Service Can Affect Users and Applications

Windows components and services depend on time synchronization. For example, the Kerberos V5 authentication protocol on a Windows Server 2003 family domain has a default time synchronization threshold of five minutes. Computers that are more than five minutes out of synchronization on the domain will fail to authenticate using the Kerberos protocol. This time value is also configurable, allowing for greater or lesser thresholds. Failure to authenticate using the Kerberos protocol can prevent logons and access to Web sites, file shares, printers, and other resources or services within a domain.

When the local clock offset has been determined, the following adjustments are made to the time:

  • If the local clock time of the client differs from the time on the server by more than the threshold amount, Windows Time Service will change the local clock time immediately. The threshold is five minutes if the computer is part of a domain. For more information about Windows Time Service settings in a domain, see “Related Links” later in this section.The threshold is one second if the computer is part of a workgroup. However, if a computer is part of a workgroup and the time differs from the time source by more than 15 hours, the time is not synchronized, as described later in this list.
  • If the local clock time of the client differs from the server by less than the threshold amount, the service will gradually synchronize the client with the correct time.
  • In a workgroup, if the local clock time of the client differs from the time on a time source by more than 15 hours, a workstation running Windows Time Service and using default settings will not synchronize with the time source. Such occurrences are rare, and are often caused by configuration setting errors. For example, if a user sets the date on the computer incorrectly, the time does not synchronize. Under these circumstances, most often the time is off by a day or more. Be sure to check the computer’s calendar and ensure that the correct date has been set.

Configuration Settings for Windows Time Service

You can set the global configuration settings for Windows Time Service by using Group Policy. The settings that might be relevant to communication between Windows Time Service and the Internet are described in this subsection.

In Computer Configuration\Administrative Templates\System\Windows Time Service\Global Configuration Settings, there is only one setting that might, in certain scenarios, affect the way that Windows Time Service communicates when the computer is in a domain. This setting is AnnounceFlags, which controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server. The settings are as follows:

  • 0 Not a time server
  • 1 Always a time server
  • 2 Automatic time server, meaning the role is decided by Windows Time Service
  • 4 Always a reliable time server
  • Automatic reliable time server, meaning the role is decided by Windows Time Service

The default is 10, meaning that Windows Time Service decides the role.

In the Group Policy settings located in Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers, there are a number of settings that might affect the way that Windows Time Service communicates across the Internet. The following table describes some of these policy settings.

noteNote
The table lists the settings that most directly affect the way Windows Time Service communicates with time sources, but the table does not list all settings. For example, it does not list the setting that specifies the location of the Windows Time Service DLL or the setting that controls the logging of events for Windows Time Service.

Selected Group Policy Settings for Configuring the Windows Time Service NTP Client for Computers Running Windows Server 2003

Policy Setting Effect of Setting Default Setting
NtpServer Establishes a space-delimited list of peers from which a computer obtains time stamps, consisting of one or more DNS names or IP addresses per line. Computers connected to a domain must synchronize with a more reliable time source, such as the official U.S. time clock. This setting is used only when Type is set to NTP or AllSync.0x01 SpecialInterval0x02 UseAsFallbackOnly0x04 SymmetricActive

0x08 NTP request in Client mode

time.windows.com, 0x1
Type Indicates which peers to accept synchronization from:NoSync. The time service does not synchronize with other sources.NTP. The time service synchronizes from the servers specified in the NtpServer registry entry.NT5DS. The time service synchronizes from the domain hierarchy.

AllSync. The time service uses all the available synchronization mechanisms.

Default optionsNTP. Use on computers that are not joined to a domain.NT5DS. Use on computers that are joined to a domain.
CrossSiteSyncFlags Determines whether the service chooses synchronization partners outside the domain of the computer.None 0PdcOnly 1All 2

This value is ignored if the NT5DS value is not set.

2
ResolvePeerBackoffMinutes Specifies the initial interval to wait, in minutes, before attempting to locate a peer to synchronize with. If the Windows Time Service cannot successfully synchronize with a time source, it will keep retrying, using the settings specified in ResolvePeerBackOffMinutes and ResolvePeerBackoffMaxTimes. 15
ResolvePeerBackoffMaxTimes Specifies the maximum number of times to double the wait interval when repeated attempts fail to locate a peer to synchronize with. A value of zero means that the wait interval is always the initial interval in ResolvePeerBackoffMinutes. 7
SpecialPollInterval Specifies the special poll interval in seconds for peers that have been configured manually. When a special poll is enabled, Windows Time Service will use this poll interval instead of a dynamic one that is determined by synchronization algorithms built into Windows Time Service. 604800 (workgroup)3600 (domain)

For other sources of information about Group Policy, see Appendix B: Resources for Learning About Group Policy [ http://technet.microsoft.com/en-us/library/cc759176(WS.10).aspx ] .

For information about configuring the authoritative time server in a domain, see article 884776, “Configuring the Windows Time service against a large time offset” in the Microsoft Knowledge Base at:

http://go.microsoft.com/fwlink/?LinkId=46021 [ http://go.microsoft.com/fwlink/?LinkId=46021 ]

Procedures for Configuring Windows Time Service

The following procedures explain how to set some of the Windows Time Service configuration settings available in Group Policy. For details about other Group Policy settings for Windows Time Service, see the table earlier in this section.

To Set Group Policy for Windows Time Service Global Configuration Settings

  1. See Appendix B: Resources for Learning About Group Policy [ http://technet.microsoft.com/en-us/library/cc759176(WS.10).aspx ] , for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.
  2. Click Computer Configuration, click Administrative Templates, click System, and then click Windows Time Service.
  3. In the details pane, double-click Global Configuration Settings, and then click Enabled. Configure settings as appropriate for your environment.

To Configure the Group Policy Setting to Prevent Your Computer from Servicing Time Synchronization Requests from Other Computers on the Network

  1. See Appendix B: Resources for Learning About Group Policy [ http://technet.microsoft.com/en-us/library/cc759176(WS.10).aspx ] , for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.
  2. Click Computer Configuration, click Administrative Templates, click System, click Windows Time Service, and then click Time Providers.
  3. In the details pane, double-click Enable Windows NTP Server, and then select Disabled.

Starting and Stopping Windows Time Service

By default, Windows Time Service starts automatically at system startup. You can, however, start or stop the service manually by accessing services in Administrative Tools or by using the net command.

To Manually Start Windows Time Service Using the Graphical Interface

  1. Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.
  2. Double-click Administrative Tools, and then double-click Services.
  3. Select Windows Time from the list of services.
  4. On the Action menu, click Start to begin the service.

To Manually Stop Windows Time Service Using the Graphical Interface

  1. Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.
  2. Double-click Administrative Tools, and then double-click Services.
  3. Select Windows Time from the list of services.
  4. On the Action menu, click Stop to discontinue the service.

To Manually Start Windows Time Service Using the Net Command

  1. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type net start w32time, and then press ENTER.

To Manually Stop Windows Time Service Using the Net Command

  1. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type net stop w32time, and then press ENTER.

Synchronizing Computers with Time Sources

Use the following procedures to synchronize the internal time server with an external time source, and to synchronize the client time with a time server.

To Synchronize an Internal Time Server with an External Time Source

  1. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following, where PeerList is a comma-separated list of Domain Name System (DNS) names or Internet protocol (IP) addresses of the desired time sources:w32tm /config /syncfromflags:manual /manualpeerlist:PeerListand then press ENTER.
  3. Type w32tm /config /update and then press ENTER.
    noteNote
    The most common use of this procedure is to synchronize the internal network’s authoritative time source with precise external time source. This procedure can be run on any computer running Windows 2000, Windows XP, or Windows Server 2003.
    noteNote
    If the computer cannot reach the servers, the procedure fails and an entry is written to the Windows System event log.

To Synchronize the Client Time with a Time Server

  1. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type w32tm /resync, and then press ENTER.
    noteNote
    The W32tm command-line tool is used for diagnosing problems that can occur with Windows Time Service.

Monitoring and Troubleshooting Windows Time Service

In many cases, problems with Windows Time Service can be attributed to network configuration. If the network is not configured correctly, computers might not be able to communicate to send time samples back and forth. Viewing the contents of NTP packets can help you to identify exactly where a packet is blocked on a network. An error associated with Windows Time Service might occur when a computer is unable to synchronize with an authoritative source. You can use the W32tm command-line tool to assist you in troubleshooting this and other types of errors associated with Windows Time Service.

The W32tm command-line tool is the preferred command-line tool for configuring, monitoring, and troubleshooting Windows Time Service. For more information, search for “W32tm” in Help and Support Center.

Procedure to Follow When a Computer Is Unable to Synchronize

By default, a computer running Windows Time Service will not synchronize with a time source if the computer’s time is more than 15 hours off. For information about scenarios in which this can occur, see “How Windows Time Service Can Affect Users and Applications,” earlier in this section.

To Resynchronize the Client Time with a Time Server

  1. To open a Command Prompt window, click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type w32tm /resync /rediscover and then press ENTER.
noteNote
When you run the preceding command, it redetects the network configuration and rediscovers network resources, causing resynchronization. You can then view the event log for more information about why the time service does not synchronize.

Related Links

For more information about configuring Windows Time Service during deployment of products in the Windows Server 2003 family, see Designing and Deploying Directory and Security Services and Designing a Managed Environment in the Microsoft Windows Server 2003 Deployment Kit at:

http://go.microsoft.com/fwlink/?LinkId=44319 [ http://go.microsoft.com/fwlink/?LinkId=44319 ]

For information about configuring the authoritative time server in a domain, see article 884776, “Configuring the Windows Time service against a large time offset” in the Microsoft Knowledge Base at:

http://go.microsoft.com/fwlink/?LinkId=46021 [ http://go.microsoft.com/fwlink/?LinkId=46021 ]

Tags: 
Community Content

Data De-duplication

October 28, 2009 Leave a comment

Data De-duplication.  In an effort to learn more about this technology and help our clients make sense of it all,  I will be blogging my findings.

I predict Data De-duplication will be a common occurrence in all types of data storage systems.  At this point the industry – so it appears – is rushing to be more Green conscience, however IT Management Staff is also concern in storage cost reduction, reduction of bandwidth utilization and Transfer Speed.  I will focus my findings in these areas and ask for help from you and other industry leaders to add notes and comments.

Like always, I want to find and recommend the right solution (product).  The products I have review thus far are all over the map.  Some of them have their own proprietary technology and others make claims to be faster or better in some way.

I started this project trying to find an answer to a backup problem.  According to some experts Corporate data storage requirements is increasing at an alarming 60% annual rate.  As a consulting company we have seen this first hand in a number of clients.  Data Storage requirements has increase for a number of reasons;

  • Scan Images  are very common in small to large companies.  Technically, the storage of scan documents  is simpler and more cost effective then traditional paper storage.  With the proper solution Images could be  catalogue or index  to make them searchable and easy to find.  However, this solution adds to the total backup storage requirements.
  • Everyone for one reason or another is reducing the use of paper either because they want to be more IT Green or just because it is much easier to store  everything onto some type of a data storage device like a Hard Drive.  Traditionally people would write a document,  print it and then mailed it.  With the introduction of electronic mail there is no need to print,  stuff the envelope, spent money on the stamp or spent  time going to the post office; now, you simply write your document and emailed it.  You may want to email this document to group of co-workers, again the process is simple – However after years of doing this process the same document may be stored in multiple locations throughout your Internal Computer Network.  Likewise, other duplicated large-in-size data of all kinds – Pictures, Music, Videos and Movies are now  increasing backup storage requirements.

The practice of storing all corporate data and keeping it for historic or legal reasons is now more complex and harder to manage.  You have Database Servers managing production, inventory, sales  and accounting data.  You also have email servers with years worth of history.  Other Application Servers equally important may contain Electronic Data Exchange (EDI) transactions,  client information or patient medical records.  All these data is important to secure and keep.  Not all critical data is stored in servers in some cases critical data sits on local users computers and in some cases it is never backup! –  Users tend to store data onto their local Desktop not being aware that it points to the local Hard Drive.

The problem

Tape Backup Systems are no longer able to meet the challenging  demanded from the up sized data increased.

Solution

The answer lies in a mix environment where backups happen automatically from any source and onto any storage media.  The solution has to be reliable, it should be easy to manage,  it has to be fast – specially when it comes to restoring, it also has to have low bandwidth utilization and finally it should be economically feasible so companies of any size can utilize it.

Data De-duplication technology – no matter what flavor of implementation – offers  huge number of advantages over traditional tape backups.  The best advantage, from my point of view,  is automation as no matter how good of a tape backup system you have it all requires human intervention and  this intervention always fails – not if it happens but when it happen it is at an unfortunately crucial time. File-and block-level de-duplication eliminates backup copies of the same data and delivers substantial storage cost savings.

For mid to large companies,  the leading comercial vendor for Data Deduplication Systems is Data Domain (part of EMC).   Other vendors like Computer Associates, Symantec and Barracuda have solutions suited for smaller, midsize or even  departments of large companies.

Comcast Installation: Private Business

 

After weeks of planning here we are … Waiting for the cable man!

Oh, but this time he is arriving to a business site – not my house. The good thing… he did called and said he was running late.  An hour later two men  are here, tools on waist and ready to install  new phone service and new Internet Access.  This service will be replacing a traditional Cimco Communications T1 circuit and a tradition POT analog phone service from ATT.  The coax-cables were ran prior to this visit.

The price and the Technology – Broadband – all too familiar to home users is now available to the business sector!  Several questions are in the back of my mind at this point – While the price and the promised  speed-gain (1.5Mb 20Mb download!) are great,  can’t help but to ask myself will it be reliable?  We will have to wait and see.  I love Comcast speed at home but outages are all to comon in my area .   Too common and too frequent…

While waiting for the green light to do my part; Router configuration, firewall configuration, and Remote Desktop Access configuration – I do other things…  My goal is to configure a Cisco Router pass their access point (gateway / Modem).  Traditionally the use of Cisco Access List  is one way to protect intruders from accessing the private network.  In this case the Router I will be using is the existing Cimco Router. ( At this point My understanding is that this is an Ethernet to Ethernet Router – Right? So I charge on and work on the script to add to this router … NAT table configuration, Allow Access List, Deny list… 

I mapped the LAN and now I have all my internal MAC and IP Addresses for each of the computers I need to access remotely… I am also waiting on Cimco to contact me back with the user ID and the Password for the existing Cisco Router (My client is buying this router ) so I can change the internal script code … all alone users are using the Internet to send and receive email messages – or perhaps using the internet to viewing their favorite fantasy team who knows?

An hour later one of the men – The one with all the cool tools on the waist – is here and ready to hand out the IP addresses I need to configure the Cisco Router.  Ready? Yes… Local IP Address on the modem is such and the Public IP Addresses are such and the DNS are… and so on.  I get all the information … Meanwhile the other man is on the phone calling Comcast, testing the phone lines while at the same time helping a team member solve other problems (using a two way radio) at another site with another client – Fun stuff ! 

I can’t connect at this point he needs to get the phone lines punch down and active.    … another 40 minutes later,   They are ready and walking out the door.  “Oh, here is the user ID and the Password to the SMC modem… Just in case you need to do changes!”  Ok, I said… I take the information, shake hands and wave good bye.

First things first… Do I have access to the existing Cisco Router?  No, Cimco has not called back… Ok, Lets use my laptop to test the Comcast Circuit? – (or Connection).  Wow,  this SMC Modem, has a DHCP Built in!… lets look deeper … while they are calling this a modem I found it is much more than that.  Features like Firewall and NAT are also built into this modem – ….   I got a call from Cimco,  I ask  for the user ID and password to the existing router- they do not want to give it to me – they have to change it first…    I explain to the Tech at Cimco that the client is buying the Cisco router from them after the contract is over -5 days from now.  So I’m put on hold … 

He is now back… I continue to explain what I need to do to the router.  I will be assigning a public IP Address to one of the Ethernet ports and a Private Ethernet address ( 192.168.1.1) to the Local Ethernet Segment.  Great, one problem !!! This Cisco Router is a T1 Router and it only has one Ethernet port and a WIC card for their T1 service.

Plan number 2? ok, it way my first plan. To purchase a new Cisco 800 modem router with Ethernet to Ethernet Router firewall and NAT features – about $400 to $500.   So here we are…

I have my laptop connected to the Comcast SMC modem and “speedtest.net” is showing 37mg download and 1.5Mb upload — this is too cool, I can’t deprived my client from the benefit of this download speed – right?  so Idigg into the features of these SMC Router and found that it has a DHCP Server built in, it also has a port redirector built in, Plus a NAT 1-to-1 function – This feature to be used if I wanted to connect the Cisco router to it and assign a public IP Address… However in the absence of the Cisco Router ….

I tested and play with the settings and found that I could in fact use this modem – now I think that this is more than a traditional modem – this is a router with lots of cool features built in.  Did I mention that it also has a Firewall feature, plus the ability to block access to web sites?  All too cool.

So, I change the Local Ethernet segment IP Address to match the IP address of the old Cisco Router turn off the DHCP Function since we are using the Local MS 2003 server to do this.  Now I disconnect the old router and connect the ethernet cable to the switch port.  Bingo!  It all works.  Some local computers have to be restarted but most of them are able to access the internet right away.  Lets do some more testing,  …connect to www.thewb.com  – for testing purpose only- and started playing a movie at several computers at the same time – wow it works!

Finish the remote access list using the port redirection feature in the SCM modem configuration. Found that he public IP Address used on the modem/router is working and as it needs to be static it should not change.  I also have 5 extra public IP addresses to be redirect via a 1-to-1 NAT or via direct connection to the SMC extra Ethernet ports.   However,  in this case all I need is the IP address already assign to the SMC Router!   This is a static public IP Address.   I now call the DNS Manager and ask for the A record to be change to the new public IP address and Bingo!  few minutes later it is propagated and available to be use.

I Did some testing using  Windows XP’s  “Remote Desktop”   connected to an external computer and from that external computer  remote access  into the local computers – It all works.

So, No need to purchase a new Cisco Router!  with the build in NAT port redirector in the SMC modem the day was saved!

Speed during the initial testing was great…. some sites appear faster than others  … but keep in mind that the speed is at the least common denominator.  If the site you are connecting  is set for 1Mb upstream access that’s all you will get but, there is the potential for higher download bandwidth.

Cesar Lopez

Best Networks Inc

(773) 908-7378

Categories: Uncategorized Tags: ,