Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Remote RAS authorization

Posted on 1997-04-07
Medium Priority
Last Modified: 2013-12-23
I have a NT 3.51, 200 MHZ, 128 MB Ram server with service pack 5, 4 terminal server cards made by Rocketport and Cyclades serving 80 analog modems.
I have been told I need to divide these 4 cards onto two different machines because of resource problems.

My question is, how do I have PC#2 look to PC#1 for RAS authorization? Also do I have to re-format my current PC which is configured as a server and change it to a domain server? (It will be the one with the user database).

Is the PC that has the RAS user database supposed to be the primary domain and the second PC without the database the secondary domain? What steps do I go through to setup the computers to be a domain server and how to I tell PC#2 to look to PC#1 for user name and password authorization?

Please be elementary in your answer, I am dumb.... <g>
Step one, do this
Step two, do that
Step three, do this and that....

Thanks in advance...
Question by:alpha
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3

Expert Comment

ID: 1559675
You set up PC#1 as PDC (primary domain controller)
PC#2 is a server that joins the domain (it is NOT a domain on its own).
Now #1 and #2 akt as one and #2 automatically asks #1 for authentication.
I was told to avoid problems in the future it is better to reinstall #1 as PDC and not to upgrade it. I am not sure if this is true. I think upgrading must be possible in the servermanager or somewhere else in the control panel.

Sorry I have no steps for dumb users. Please try on your own first.


Accepted Solution

jmataso earned 400 total points
ID: 1559676
You cannot upgrade from a Workstation to a Domain Controller (or from a domain server to a domain controller).  You need to reinstall, see my answer to the 4/8/97 question titled "Trust Relationships" for more information on why.

The simplest solution is to create a domain (with either machine) and set it up with your accounts for RAS.  The second machine can either be a Backup Domain Controller or a Domain Server.  If it is a BDC, it will be able to authenticate even if the other machine is down, otherwise it will be down whenever the PDC goes down (for new connections).

Your steps in this process hould probably be as follows (I am assuming you are going to format PC#1):

-Copy down you account info from PC#1 (to paper)
-Reinstall PC#1 as PDC (w/ RAS)
-Reenter account info from paper (you will probably have some
 upset users at their accounts being reset, but it can't be
-Manually transfer the accounts from PC#2 to PC#1 (essentially
 the same process you did above, only you may not need to write
 them down on paper.  Once again, you may have some upset users).
-Now, optionally, you can reinstall the second server as a BDC.

email:  john.matasovsky@bigfoot.com

Author Comment

ID: 1559677
I do use the server for dialup RAS and I have over 1000 customers,
that's a lot of retyping. After I reformat the server and change it to a
PDC, isn't their a way to just restore my "SAM" RAS user database
without restoring the other registry keys and messing the whole thing
Can I then put two terminal server cards in this PDC and put two other
terminal server cards in my BDC and they both work? Does it matter that
my BDC will be 3.51 and the PDC will be version 4.0?
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.


Expert Comment

ID: 1559678
Alpha sent me this comment via e-mail, and so I am posting it, as well as my response here on-line:
I would like to ask you just one simple followup question if you don't mind.

I do use the server for dialup RAS and I have over 1000 customers, that's a lot of retyping. After I reformat the server and change it to a PDC, isn't their a way to just restore my "SAM" RAS user database without restoring the other registry keys and messing the whole thing up?

Can I then put two terminal server cards in this PDC and put two other terminal server cards in my BDC and they both work? Does it matter that my BDC will be 3.51 and the PDC will be version 4.0?

1000+ users does pose a problem.  I was wondering if both of your machines are currently up and running, or if only the first of the two is up?  What I am concerned about, is where is your accounts are located at.  Once you have things merged into a single domain, the same accounts can be used from all of your RAS servers, but until that point you may get stuck retyping.

As far as restoring your old SAM, I am fairly certain that the SAM DB CANNOT be restored, as it does not just contain user accounts, it also contains accounts for machines in the domain, trust relationships, etc. that would get blown out of the water by a restore.  To be honest, I am not entirely sure either that the machine would work after doing that, or how things would work.  It is definitely NOT supported by MS support (if you get that far).

Once the migration is done, you can string up as many different NT servers w/ modems attached as you like and set all of them to authenticate with the domain.  Any user account on the domain can then login through any of the servers (so you can have them all on a common rollover, if you want).  I just want to clarify one point, in that you mention "terminal server cards with modems attached", by this I assume you mean multiple serial port cards with modems hanging off of them (of a Digiboard-ish nature).  If you are talking about a different sort of technology, let me know.

As far as I know, the shouldn't be any problems with different versions of NT for the domain controllers.  Several other people that I know are doing it at their sites, and they aren't having any problems.

Back to the question of retyping, I know there are some utilities in the resource kit that allow for automated entry of large numbers of accounts from a text-file format, but I am not sure about dumping a SAM to disk and then reloading.  That might be a good place to start looking for that info.  Unforunately, I am not sure you will be able to get around it.  Sorry I can't be of more help on that point.

email:  john.matasovsky@bigfoot.com


Author Comment

ID: 1559679
I have two NT servers one is sitting there as a emergency hardware backup PC. The main server is a 3.51, server pack 5, dual CPU, 128MB ram system. Both systems are currently setup as servers and not PDCs or BDCs.
It only recognizes one CPU, but that's another story...

I am using RocketPort and Cyclades terminal servers cards which are multiport serial cards attached to 80 analog modems.
(It's a mess and digitial is coming).
According to what you are saying, I need to do a backup, reformat the dual CPU server and configure it as a PDC (I will use version 4.0) and then put two cards in it and two cards in my backup PC which is currently configured as a server and not a BDC. It's my understanding that ther server (version 3.51) will connect to my dual CPU PDC and use that SAM database on the PDC for authentication. I assume I have to go into the "network" settings and tell it to look at the dual CPU PDC for authentication.
It sounds like I am ready to go. I can either keep PC#2 as a v3.51 server or change it to a BDC and it will work either way, right?
The only problem now is figuring out how to import just the SAM database.
Thanks for all your help.


Expert Comment

ID: 1559680
No problem.  Like I said, you might start with the ResKit, as it has a utility for bulk loading accounts from a file, it may also have one for dumping info to a file.

One other thought, you can transition over time as follows:

You make the backup server your PDC and add the currently active server to that domain.  You now begin the migration of accounts over in groups to the domain (users can still login through the old server in the interim).  This way, you will not have as big a problem of trying to immediately having to switch the accounts over.  One note is that I am not sure how the users will have to specify what account they want to use when they are logging in (if they are using a non-MS dialer).  When authenticating through the server to the domain, they may need to specify a username of the following format:  <DOMAIN>\<USERNAME> for the server to recognize that they are specifying a domain account.  When the server is a BDC, that would not be necessary, as it will default to checking its local SAM, and find them.

email:  john.matasovsky@bigfoot.com

Author Comment

ID: 1559681
Great idea! Thanks again!

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question