The Company




Custom Server Builds ISA Routing Solutions Remote Admin Network Design Consulting/Support Network Security Certificate Services Web Applications Resources/Tools Contact Support

Will I need client access licenses for all computers using a Windows router?  
No.  Microsoft does not require additional CALs for computers making use of Windows 2000 routers because users are not logging onto the server.  In general, any Windows service that makes use of anonymous authentication, or does not require any authentication, can be used without purchasing additional CALs.  This includes services such as DNS, DHCP, RRAS, websites, SMTP, ect.  ISA licensing for its routing features works the same for slightly different reasons.  Even though ISA server may be asking for authentication, it is licensed per processor.  Out of the box, ISA server standard edition also allows unlimited connections to a box with one processor to its routing features.    
What is the biggest improvement in Windows 2003 over Windows 2000 Server?  
Microsoft Windows Server 2003 comes with a firewall.  This feature adds additional security to your server and network.  Other noted improvements in Server 2003 are a built in pop service, enhanced DFS, and a more robust web server service. 
Can a Windows router be used as a non-NAT router?  
Microsoft Windows Server has all the functionality required to serve as a major addition to your organizations routing infrastructure.  It does not have to use NAT.  It does support routing protocols such as RIP and OSPF. 
Where can I find out how to configure my Windows 2000 or 2003 as a router?  
In the Central Ohio area, Network Decisions can be tasked to install the router for you.  However, Microsoft Windows Server is easy to configure for routing, NAT, DHCP, firewall, and DNS services.  For step by step instructions on Windows 2003 server NAT from Microsoft, go here.  For information on using Windows 2000 as a non-NAT router, download the NSA  Microsoft Windows 2000 Router Configuration Guide. (This PDF make take up to 30 seconds to render).   A presentation overview on enterprise VPN/Wireless configuration is available from Microsoft here:  Deploying a Secure Mobile Network Access Infrastructure (This has concepts that apply to major rollouts.  Small office and home users should not be put off by the terminology or details.  Smaller scale secure VPNs and Wireless networks can be rolled out in far simpler fashion).  Information on ISA server can be found here.  Detailed configuration and troubleshooting information is always available through searches at www.Microsoft.com.
How does the DHCP service know which DHCP scope should be used for each NIC?  
The Microsoft DHCP service looks at the static IP assigned to each NIC.  It assigns IP address out on NICs that are within the the same IP range as the DHCP scope.  Consider this example:  You are using the standard Microsoft DHCP service and have disabled the one included in the NAT configuration.  You have 4 internal NICs.  You have created four DHCP scopes/subnets.  Scope one assigns addresses withing the subnet to with a subnet mask of  Scope two uses the range to with a subnet mask of  Scopes 3 and four continue in the same pattern.  To get a particular NIC to assign address out from only scope one, simply assign it a static IP within that scope such as  Then create an exclusion within the scope so that the IP address you assigned to the NIC is not leased out to any other computer via DHCP. 
Should I use the standard DNS and DHCP services or the scaled down versions included in the NAT service?  
In general, if you are using multiple NICS and subnets, or planning to in the future, you will want to disable the NAT versions of DNS and DHCP and use the standard versions included in the server software.  If you plan on possibly upgrading to ISA server in the future, you will also want to use the standard DHCP and DNS services.  When you upgrade to ISA, you will have to turn off NAT to use ISA's secure NAT.  If you are using one subnet, the NAT versions will be your best choice.
My DHCP service keeps turning off on my stand alone Windows router.  Why?  
This is happening because the DHCP service on your stand alone, non-domain, workgroup oriented Windows router is detecting another DHCP server on the same subnet.   Disable the other DHCP servers on the subnet, or stop using the one on your Windows router.
My Active Directory Domain will not let me get DHCP leases from the Windows router.  Why?
This is happening because the DHCP service on your Windows router is not authorized in active directory.  Authorize the server so active directory can tell the network your Windows router is allowed to assign DHCP leases to clients.  Authorization has to be done whether the device giving the leases has joined the domain or not. 
Can I use my ISPs DHCP on my external NIC and still use NAT?
Yes.  If you are using active directory, and have joined your Windows router to the domain, remember to authorize your ISPs DHCP server in active directory. 
Can ISA Server be installed on Windows 2003 Server?
Microsoft Windows Server 2003 uses the same version of ISA server as Microsoft Windows server 2000 uses.  There is not currently a 2003 version of ISA server.  You can upgrade your Windows 2000 based ISA Server to 2003 or do a fresh install.  Using 2003 server with ISA server does require a patch provided by Microsoft.  Before making the decision to run ISA on a 2003 server read the instructions on this link including all potential issues and bug fixes.   
How are RIP and OSPF activated on an ISA Server?
RIP and OSFP are added to an interface through the standard RRAS console on an ISA server.  Enable RRAS as a manually configured server.  Under IP Routing, right click on the general tab and choose "add protocol".  Add the RIP or OSFP protocol.  Once added, the protocol will appear as an option in the RRAS console under IP Routing.  Right click on the protocol and choose "new interface".  Choose the inferface you want to enable  the routing protocol on.   

How do I perform port forwarding on Windows 2000 and 2003 Servers to publish my internal servers to the internet? Microsoft has step-by-step instructions on how to publish your internal servers to the internet using RRAS here.    

How do I publish internal servers using Microsoft ISA Server?
Microsoft has step-by-step instructions on how to publish your internal servers to the internet using Microsoft ISA Server here.  Do not put the firewall client on internal servers.   Servers should be ISA Secure NAT clients.     
How do I add a route to a Windows router or ISA server?
In the RRAS console, expand the "IP routing" element.  You will see a selection labeled "static routes".  Right click on "static routes" and choose "new static route".  A window will open asking for input.  You will be required to choose the interface on which you are adding the route, the destination network, the destination network's mask, the metric, and the gateway.  The gateway is the next hop on the way to the destination network, or if the destination network is a local subnet, the interface it is on.  The metric is a value used to assign preference for cases where there are multiple routes available.   Routes can also be added through the command line.  Detailed instructions are available from Microsoft here.       
When I configure my Windows RRAS router as a VPN server, I lose all network connectivity.  How can I use it as a router and a VPN server?
When initially configuring your Windows RRAS router, do not choose the VPN server option, unless you only want it to be a VPN server and nothing else.  The VPN option creates packet filters which screen out all other protocols other than the VPN protocols.  To use the server as a VPN server and router, you could choose the manually configured server option.  This will automatically set the server up as a functioning VPN server and allow you to add whatever other services or feature you require.       
How do I game through ISA server?
To begin gaming fast, without adding protocol and content rules for each game, do the following:   If ISA is in firewall or integrated mode, install the firewall client on your client PC.  Set up an allow all "protocol rule" on the server.  Set up an allow all "site and content rule" on the server.  Creating these "allow all" policies will maintain your firewall protection and remove the default protocol and site restrictions for outgoing traffic.  It is possible to have these "allow all" rules in effect, and then to add individual protocol and content restrictions on top of them to lock down the system as required.  If you are filtering by Windows groups or usernames on the ISA server, you will have difficulty downloading server lists for some online games.      
Where can I purchase the hardware and software needed for a Microsoft RRAS or ISA routing solution?
The hardware and software packages needed for a Microsoft routing solution are available from the Network Decisions Router Page.      
My video card is not working properly with Server 2003.  How do I set it up to allow gaming and DirectX on the server? 
Following is the 4 step process to ensure that video is set up to allow gaming on Windows 2003 Server with a GeForce MX440 (gaming on production equipment is never recommended).  Other video cards may require slight variations of this process.  First, make sure you have the latest video drivers for your video card.  Second, make sure you have the latest version of  DirectX (available here ).  Third, on your server, go to Start -->  Control Panel -->  Display.  Click on the "Settings" tab.  Click on the "Advanced" button.  Click on the "Troubleshooting" tab.  Slide the "Hardware Acceleration" bar all the way to the right.  Click "Ok" as many times as required to exit the display settings.  Fourth, open Start--> Run.  Type dxdiag.exe.  Click on the "Display" tab.  Make sure that all the DirectX features now say "Enabled".  Click "Exit".   Your video card should now function properly.           
How can I enable sound on my Windows 2003 Server?  
Sound is disabled by default on Windows 2003 Server.  You can enable it using the Sounds and Audio icon in the Control Panel.            
How can I enable surfing the internet on my Windows 2003 Server?  
Surfing the internet with Internet Explorer is disabled by default on Windows 2003 Server.  To enable it use Add/Remove programs in Control Panel to remove the addition Internet Explorer security feature.         
How can I change the default port for Terminal Server?  
Microsoft has detailed instructions for setting up your terminal server on a non-default port here: Terminal Server non-default port.      
I am unable to map shares on Windows file servers over a Windows RRAS VPN connection.  Why?
To resolve this issue, properly implement WINS on your network.