Icon explained    
Articles marked with this logo are 'subscriber' only articles. Click here to become a subscriber
Small Business Server articles and howto's    

Current Articles | Search

Articles from Branch offices
How to add an additional Domain Controller from a remote office to the SBS domain - Part 3
How to add an additional Domain Controller from a remote office to the SBS domain - Part 3
By Marina Roos :: 9 Comments :: :: SBS 2003, Subscriber articles, Branch offices
When the branch office server has successfully joined the SBS network and when replication has succeeded, there are still a few steps that will need to be done on the SBS server as well as on the Branchoffice server to finish the Branch Office setup.
 
In this third part of the series "How to add an additional Domain Controller from a remote office to the SBS domain" we will review some common events and errors that will always appear whenever a SBS server is rebooted. Those can be safely ignored, as long as no other errors or warnings show up after both servers are fully up and running. The Directory Services event log is very important and it should not show any errors or warnings on the remote Branchoffice server ever. It will also have the steps to create an email alert when the RRAS VPN connection is down.
 
The next step will be to modify the SBS Windows XP Firewall GPO so it will include the remote subnet in a few settings. We will then modify the Default Website in IIS to include the remote subnet. You will have to mind though, that each time you would need to rerun the CEICW wizard, you will have to correct the IIS settings manually again.
 
If you have run the SBS BPA tool on a SBS server that has the Windows 2003 SP2 installed, you will have been noted to adjust a few registry settings for the TCP/IP service. It is a good thing to make those same changes on the remote Branchoffice server as well and the complete steps will be described.
 
RRAS on a SBS server which has ISA 2004 installed, is behaving a bit different from a common server without ISA. This is because most settings in RRAS are being dictated by ISA 2004 and there are not many settings you can change without it being reset by ISA every time the ISA services are being restarted. This also has consequences for WINS and DNS and the behavior is being described as well as some solutions. You will have to realize though, that when you browse the Network Neighborhood from the SBS network, you will never see the remote machines appear. In the remote office however, you will see the SBS machines appear in Network Neighborhood. This is totally due to using this kind of site-to-site VPN connection with RRAS and ISA 2004.
 
The last page has a graphical overview of the ComputerWorks network with the public and private IP's that have been used in this series of articles.
 
The contributions from Justin Crosby from Microsoft CSS were very valuable for the last chapter and I want to thank him again.
 
These steps are covered in the following chapters:
Read More..

How to add an additional Domain Controller from a remote office to the SBS domain - Part 2
How to add an additional Domain Controller from a remote office to the SBS domain - Part 2
By Marina Roos :: 0 Comments :: :: SBS 2003, Subscriber articles, SBS 2003 R2, Branch offices
In the first article of the series "How to add an additional Domain Controller from a remote office to the SBS domain" we have configured the SBS server and prepared it for a new additional domain controller. In this second article we will configure the Windows 2003 server that is located at the remote office so it can be joined to the SBS domain and promoted.
 
We will want the new server to be running DHCP, WINS and DNS, so these services are going to be added. We will configure RRAS so it will have a persistent VPN connection to the SBS network. DCPROMO will be run so the server is becoming an additional Domain Controller in the SBS network. We will correct the network adapters configuration, configure DHCP server and correct DNS server. Then we will check if the replication has completed and enable remote desktop so we can RDP to this new Domain Controller from within the SBS network.
 
The third article will have the finishing steps that will need to be done to complete the remote office setup. These steps are different for the SBS server and the additional Domain Controller.
 
I would like to thank Brian Desmond, Directory Services MVP, for his valuable additions, in particular about the DHCP event 1056 and the add new subnet in Active Directory Sites and Services (part 1).
 
The following chapters are included in this article:
Read More..

How to add an additional Domain Controller from a remote office to the SBS domain - Part 1
How to add an additional Domain Controller from a remote office to the SBS domain - Part 1
By Marina Roos :: 5 Comments :: :: SBS 2003, Subscriber articles, SBS 2003 R2, Branch offices
In this series of three articles (the first article has been published, the other two will follow later) we will explain step by step how to add a DC that will be serving clients at a remote location to the SBS network. The remote DC will be connecting through a VPN connection to the SBS. There are several ways to establish this VPN connection and it all depends on the hardware and software.
  1. Hardware VPN from remote router to SBS router: this is a very stable connection and will always be up so the remote server and its clients will be connecting to the domain from boot, but the SBS server should only have one network adapter and thus can't be running ISA.
  2. Hardware VPN from remote router to a second SBS router that is directly connected to the internal SBS network: this is also very stable but can only be done if the SBS network has multiple public IP's and if the SBS internet device is capable of routing the several public IP's to different internal IP's. The SBS server can have two network adapters and can have ISA installed. Javier (SBS-MVP) has described the layout of this kind of a VPN connection here: Javier's SBS Wonderland : Site to Site VPN while keeping ISA in the Mix: http://msmvps.com/blogs/javier/archive/2004/12/08/23045.aspx
    An article with the complete steps to create such a branch office connection will be published soon.
  3. Software VPN from remote DC to SBS: 
    1. on the remote DC we could create a VPN connection just like you would normally do that on a remote client machine to connect to the SBS network. The disadvantage of this kind of a connection is, that the remote DC needs to be logged in to start up the VPN connection.
    2. we can use RAS on the remote DC to create a persistent VPN connection to the SBS server which will automatically start when this remote DC is rebooted and doesn't need to be logged in. This will only work when the SBS has two nics and ISA 2004 installed. Disadvantage of this kind of a connection is that it will take a little while after a reboot before RAS will connect automatically to the SBS with a dial in on the remote DC, which will give some warnings in the event log. Another disadvantage is that although the remote network will see all machines in its Network Neighborhood, the remote machines will NOT be visible in the SBS internal Network Neighborhood. This will mean you will have to map a drive manually if that is needed, as the browse won’t show the remote machines.

I would like to thank Justin Crosby from Microsoft CSS for additional investigation he has done to help me write these articles.

The first article will describe the steps that will need to be done on the SBS server to prepare for a remote additional domain controller. The second article will describe the steps that will need to be done on the remote Windows 2003 server up to including the joining and promoting this server to an additional DC. The third article (not yet available) has the steps that will need to be done after the remote DC has successfully replicated and will include some fine tuning on the SBS server as well as on the remote DC.

In this article we will show the steps to prepare the SBS server for a remote additional Domain Controller where the SBS server has two network adapters with ISA installed and it includes the following chapters:
Read More..

How to create a static VPN tunnel between a SBS 2003 Premium and a remote Windows 2003 Server
How to create a static VPN tunnel between a SBS 2003 Premium and a remote Windows 2003 Server
By Mariette Knap :: 0 Comments :: :: Remote Access, Server issues, ISA Server 2004, SBS 2003, Subscriber articles, SBS 2003 R2, Branch offices
Connecting a remote Windows 2003 server to a SBS 2003 Premium is probably one of the most requested procedures in our forums. After working several days on this subject, I have written an article that describes the configuration on the SBS 2003 Premium and the remote Windows 2003 Server. The remote server is not yet joined or promoted; it is just a plain vanilla Windows 2003 server. We start using standard PPtP, in a future article we will make it more secure by using IPsec. The chapters in this article are:
Read More..

How to prepare the SBS domain for an additional R2 Domain Controller
How to prepare the SBS domain for an additional R2 Domain Controller
By Marina Roos :: 0 Comments :: :: SBS 2003, SBS 2000, Public articles, SBS 2003 R2, Branch offices
Before you can add an additional Domain Controller that will be running Windows 2003 R2 to the SBS domain, you will need to prepare the domain. This procedure needs to be done only once on the SBS server.
Read More..

Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3437522 seconds.   :   Terms Of Use   :   Privacy Statement