Ever wanted to monitor your customers servers using 1 Spiceworks «master» in your own office, without installing Spiceworks at all your clients? Read on, here is how I did it.

Pros and Cons:

— First off, we are going to be using a dedicated machine with Server 2003 installed.

— We will be using a RRAS VPN Dial Up Adapter to connect to our clients. These can be permanent connections and DNS settings can be applied. A normal VPN connection will drop the line when you log-off from the server.

Here is the hard and bad one:
— All your clients should be running on different IP subnets.
e.g. You: 10.0.0.x, Client: 10.0.1.x, Client 2: 10.0.2.x, etc. I know this is going to be hard when you already have a lot of clients, or large client networks, but I could not find another way.

— We will use an RDP session to open and use the Spiceworks console on the dedicated server from your workstation. You could try to setup Terminal Services, but I have not tested this. I just use Remote Desktop for administration.
Because of the limitations of RRAS and SBS you WILL be able to open Spiceworks on your workstation using your webbrowser, but you WILL NOT be able to ping the DNS name or remote control a client. For full functionality you should use the RDP session to the server.

— Last of I tested this and use this on Small Business Server to Small Business Server networks. Now SBS does not support trust domains and stuff, so there will not be another way than use the RDP session.
If anybody has some extra information to make this work, I would be very pleased if you drop me a note.

1. Check your own network

No really, it took me some days to figure out why I could not get this to work and it appeared I had a messed DNS and WINS database. So check your DHCP, DNS and WINS.
Remove any double entries and make sure you have the reverse lookups for DNS. These reverse lookups appear to be missing for Vista clients for instance. Also in WINS make sure all old and double entries are removed. Run an ipconfig /flushdns, to clean thing up.
2. Check your (new) clients network

Same issue here, open up DHCP, DNS and WINS at the clients SBS server and make sure all is well as described above.

3. Install the new server.

This is the easy part I guess. So I am not going to explain a lot.
Install the Server 2003 OS, give it a solid IP, update it and optionaly join it to your own SBS domain.
I would recommend not to install any firewall or other security software at this time, so they do not interfere. After the last reboot make sure you can connect to it using RPD from your workstation. In a default installation you might have to switch on Remote Desktop in system properties.

4. Install RRAS on the new server.

This is the tricky part.
— Open up Routing and RAS from Start — System Management.
— Right click on you servername.
— Select the First option, Install and Configure Routering and RAS.
— Click Next.
— Select ‘Secure connection between two private networks’ and click next.
— Make sure Yes is selected for dial-up on demand and hit next.
— I always want to make sure where my IP’s come from and where they go, so I selected the second option for a specified range of IP’s. Hit Next.
— Click New and select a range.
Now SBS is also a RRAS server which is using ‘dynamic’ IP’s from the start of your DHCP range. In my situation on our SBS I excluded all IP’s before x.x.x.150, for servers, dedicated machines etc. This meaning RRAS from SBS will use the first 7 addresses from 150 to 157 and reserve them. Your first DHCP client will therefore get 158. Make sure you do not select anything between 150 and 157, or you will mess up you DHCP. Check the DHCP on your SBS to see what is reserved there and make note of it.
I always make reservations of 10 IP’s per server. So SBS is on 1, our Spiworks is on 10 and our SQL Server is on 20, etc.
In my case Spiceworks server is at 10. So I reserverd 11 to 19 for Spiceworks Server as well. This comes in handy now. If you have 9 customers max. to monitor you could use 11 to 19 for RRAS. If you have more, you will need something else.
I entered x.x.x.11 for starting range and x.x.x.19 for end. Hit OK and then next.
— Hit apply and your RRAS server will be installed.
— After a couple of seconds the next screen will pop-up.
We will now create a new adapter for your first clients connection. Hit Next.
— Give the adapter a clear name for reference, eg. Client-1.
— Select VPN
— SBS is default using PPTP, unless you made changes in the default configuration at your client select PPTP.
— Enter the IP or host name from your client.
— Select only option 1 Route IP packets trough this adapter.
— Select Add and enter the IP range from your customer, eg. 10.0.1.0 (mind the zero at the end)
Subnet will most likely be 255.255.255.0 and metric is therefore 1. Hit OK.
— Hit Next.
— Now you did create a new mobile username on your clients site, didn’t you?
You can, of course, use the admin account, but I would not recommend it.
You better create a new Mobile User at your clients server, without mailbox and stuff, just for this connection.
Enter the credentials of this user here and hit next.
— Hit Finish and your new adapter will be created.
— Now click on Network Interfaces and your Client-1 adapter should be there, but disconnected.

— Select the Client-1 adapter and right click to select properties.
— Select the options tab and under connection type select permanent connection, so it will be always conncted.
— Select the Network tab and click on TCP/IP, click properties to open up the IP details.
— Hit Advanced and then hit the DNS tab.
Now I am not a master in DNS settings, but here is how I got it to work.
— First add the DNS server address of your clients server.
— Enter the Domain.Local FROM YOUR CLIENT after «DNS-Suffix for this connection» in this format: CLIENTDOMAIN.LOCAL (or whatever your clients domain is called).
— Select both «Register these address in DNS» and «Use DNS suffix of this connection....»
Your screen will look like the picture on the right.
— Last I also entered the clients WINS server address and disabled Netbios on the WINS tab.
Hit OK to close the screen. and go back to the initial IP settings.

I did not fill in an IP here, because I simply could not connect afterwords. I really do not now why. I checked up the ip's after connected and filled in this IP, but it would fail afterwards. Leaving this to dynamic will work.

— Hit OK until you are back in RRAS and right click on the CLIENT-1 connection.
— Click on connect and if everything went well you should now be connected to your client.

Now open up a command prompt and check the following:
— ping the clients servers IP. (If it fails, check your connection).
— ping the clients server by sername.domain.local. (If it fails, your DNS server adress is of).
— ping the clients server by servename. (If it fails your DOMAIN.LCOAL is of).
5. Install Spiceworks:

Another easy part.
— Just start the setup on your new server and follow the wizard. Having Spiceworks run on port 80 makes life real easy, but you can not install IIS on this server then.
— Start Spiceworks and wait for the initial scan.
I stopped the setup at this point and made Spicworks run as a service.
Now reboot the server and make sure you can still ping the clients server after this.

6. Setup Spiceworks:

Did you get yourself a cup of coffee yet?
Go ahead and get one. We will fire up the first scan soon which will take some time.
— Open Spiceworks, Go to Settings – Network Scan.
I am gonna take this the easy way, so first enter only your own IP range and admin credentials.
In my case x.x.0.1-254
— Now exclude the RRAS ranges from both you SBS and Spiceworks server or you will get double entries in your inventory.
In my case x.x.0.11-19 and x.x.0.150-157 are excluded from the scan.
I also deleted the entry for 127.x.x.x (localhost).
— Now fire up the scan and have that coffee. This could take some time.
— After this scan make sure everything is ok. Are your servers listed, are your workstations there, any DNS issue’s, exchange widget. If not fix it now.

— Now go back to Settings – Network Scan and add the ranges for your client.
IP x.x.1.1-254 with admin credential from your client.
Exclude the RRAS range or you will see your own server twice.
x.x.1.150-157 are to be excluded in a default config, but check your clients DHCP for that.

Oke, fire up another scan and have another coffee.
If all goes well you will now also see your clients network assets showing up in Inventory.
Go ahead and clean any issue’s. On the Exchange Widget you can even change to your clients Exchange. Funny…
I noticed DNS issue’s for all my clients assets. Because your client is not integrated in your AD and domain DNS, no reverse lookup is there. I was not able to solve this, because SBS does not support trust domains.
Anybody??

7. Configure Groups in Spiceworks:

Now that all is there I made 1 more personal settings for convenience.
— Create a new Group in your Inventory and filter this by IP.
eg. Client-1 IP range starts with «x.x.1.» This will have all your clients assets in one group.
— I created a second one for our own network.

8. Use it from your own workstation:

Ok. Log off the Spiceworks Server and go to your own workstation.
Open up a RDP to the Spiceworks Server and start Spiceworks from there.
Now click on inventory and select any clients asset.
Click Troubleshoot and hit Ping.
This will ping the short DNS name and should work out fine.
You can even remote control to a clients asset from here.
Have you tried a web interface for the clients router??

Conclusion

I know this is not the most beautiful way, but it rocks over here.

There are some issue's still to be solved.
— I could not set the RRAS IP to static. Even if I use an IP from the reserved ranges.
— If you use RDP in admin mode, only two sessions can be opened at a time. It might be worth giving full Terminal Services a try.
— Every time the scheduled scan runs you will get a login attemp at your clients site from your own admin account. This entry pops up 1 time for every asset. So if your client has 4 assets, you will get 4 failed login attemps. I think this is a bug in Spiceworks.
— Also I noticed that browsing you local network shares from within the Spiceworks RDP, slows down a little. Probably because Windows Explorer also searches the clients network (by VPN). You will not notice this on your normal workstations.
— Just last week I noticed, when installing the ISA VPN client on the Spicworks server you will not be able to remote control any clients asset anymore. I am still investigating this, but I think MS RDP does not work well with the VPN client.

If anybody has suggestions for the last issue’s I would be very pleased if you drop me a PM.
That way we could fine-tune this document.

Oh yeah, sorry for some rough translations.