Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

Two Small Business Servers (SBS) on same network.

We have 2 sites each with a SBS 4.5 - one running File, Print and Exchange and the other running File, Print and SQL 7. However, 1 site is moving in with the other, and we wish to combine both networks. Is there a way I can use both servers? Maybe demote 1 of them? Maybe separate Windows domains? (Internal security is NOT an issue) Maybe TCP/IP on one server and IPX or NetBeui on the other? (And all clients having both protocols).

Thanks in advance.
Michael
0
mikhael
Asked:
mikhael
  • 8
  • 5
  • 4
1 Solution
 
Netman66Commented:
Hmm...

From what I remember SBS is locked to 50 users and a single domain and forces installation of all the product you want on one box.

I think the best option is two separate domains on separate networks.  You can still utilize Inter-forest Trusts for resource sharing.

You either have to use a VLAN configuration to separate the networks or use a second internal interface on the router (best solution - most money).

This solution would be the least painful initially until you can create a large domain.

Of course, you could always migrate the users to the first domain and buy a separate W2K server and SQL server licence and CALs and run SQL on the other box as a member server.

0
 
mikhaelAuthor Commented:
Some more reading I have been doing.....

I can't *install* SBS on a machine when there is another SBS already on the n/w. However, here I am relocating a working SBS (complete with the n/w) to another working SBS network. Now, initially, they will have separate IP ranges, so I'm not expecting problems at that point. Or will I have probs?

Then after a week or so, ALL the users will be needing the resources from both servers. And I will convert the IP range to be common. What will happen? Server won't boot? Freeze up? BSOD?

What's stopping me from having different domain names (not FQDN's) for the 2 servers? Simply all the users login to 1 domain and have accounts on BOTH servers with common usernames and pwd's.

Netman, I don't know what you mean by "utilize Inter-forest Trusts for resource sharing". Remember, we aren't worried about internal security. All users currently have the same pwd!!

btw, SBS *is* locked to 50 users, but that won't bother me since total will only be about 20 users.

Thanks
0
 
Netman66Commented:
You will have problems if the two Domain Controllers are on the same subnet - absolutely.

You are best to keep both networks as they are but have them on the same "wire".  This is perfectly fine.

What I mean about Inter-Forest Trusts is that both Domains are two separate Forests, complete with all the FSMO (Flexible Single Master Operators) in each domain.  In order to access a resource across this invisible boundary you must create two one-way trusts between both forest root (first) domain controllers in each domain.

This explains how to do it (it applies to Windows 2000 too)

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B309682

You will also need this:

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243629


Because workstations are joined to either one domain or the other, it is necessary to add the UPN to each domain of the opposite domain so that once the trusts have been created any domain member can log on to either domain using the UPN.

This is not a truly clean solution, but during the transition it will make your life much easier and create less impact to the end-user.

Let me know if you are still unclear.


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mikhaelAuthor Commented:
Thanks Netman

I am unclear on this.

Both above URL's refer to W2K - we are using WinNT4 (SBS 4.5).

Do you mean that you can't have 2 DC's on the one network or 2 PDC's??

When you talk about Inter-Forest Trusts, do you mean the 2 networks are in the same IP range? Or separated by a router or multihomed PC?
0
 
Netman66Commented:
Oops....all along I've been thinking of Windows 2000 as SBS 4.5 and it's not....my apologies.

All the info I gave you is still valid to an extent.  It isn't wise to have 2 PDCs on the same network segment - browsing issues for one thing, as well as a host of other problems.

You can still have a pair of one-way trusts set up between both PDCs that have the same effect as I was mentioning before and allow resource access between domains.

Please tell me that the domain names are different....

If not, we have a bigger issue and one domain will have to go away.  This will force you to rebuild one office and at the same time merge them.

Trusts are set up a little differently in NT, but are mainly the same effect.

On the Windows NT 4.0 primary DC (PDC), start User Manager For Domains. Open Policies, and then open Trust Relationships. Under Trusting Domain, click Add.  Add the other domain and pick a strong password (write it down temporarily).  On the other PDC do the same, entering the first domain and a the password you wrote down.

Repeat the process, but select trusted domain and enter the domains as above using the same passwords.  You will get a message stating Trust with the other domain has been established successfully.

Now you can share resources between domains.





0
 
mikhaelAuthor Commented:
Netman please pardon me for questioning you. Are we making this more difficult than it needs be?

Currently the 2 domain names are different and can stay that way.

Can we prevent browsing probs by sticking to mapped network drives? "host of other problems" What sort of probs?

Remember internal security is NOT an issue. We will be giving ALL users (except admin) the same pwd. And it's fairly trivial to create the same accounts on BOTH servers.

Thanks
0
 
Netman66Commented:
You cannot log into two domains at once - not going to happen.

I'm not making it more difficult - I'm trying to help you make it easier.

PDCs take on the role of Master Browser.  If 2 PDCs exist in the same network segment there will be browsing issues do to the conflict.

I'm not giving security a second thought since you already stated it wasn't a concern and both domains are yours and will exist in one location.

If you're not satisfied with what I'm saying - try to do what you think should work and see what happens.  It's the only way for sure you will find out.

0
 
mikhaelAuthor Commented:
Wohhhh! I really DO appreciate your knowledge and willingness to help.

Have increased the points.
0
 
Netman66Commented:
Ok then, this is what I would do:

In the office that will become the final resting place for both domains, create 2 VLANS or add a new internal LAN connection on my router.

The domain that already exists in this office would get the following IP network - 192.168.1.0, subnet 255.255.255.0 - this will give you 254 host addresses for the network.  The router LAN address for this segment would be 192.168.1.1

On the second LAN interface I would use the network address of 10.10.1.0, subnet 255.255.255.0 (again, 254 hosts) and the router would get 10.10.1.1 for this interface.

Ensure that the router is setup so that routing between networks is permitted, but broadcasts are not.

Place the newly arrived domain on the 10.10.1.0 network and address the computers accordingly.

Next, create a two-way transitive trust between both PDCs so that communication between domains for resource sharing is possible.

Now, the users can just log in the way they are used to with no noticeable change to their end.  The two networks will co-exist in the same location, sharing the same router for outgoing internet access and mail with no interference from each other.  Each PDC will control their own Domain on their own network segment.  Most importantly, the servers can still perform their functions just as they are doing it now.

Once this is done you have some time to take a look at what you want to accomplish in terms of domain restructuring and network design, etc.  Plan carefully and take your time.  

Anything you plan to do now can be done slowly and in a controlled manner since you have both domains on the same wire.  You can merge and use some of Microsoft's migration utilities to move user and machine accounts into whatever domain you choose to be the host domain.  You can then reconstitute the left-over server into the host domain.

I only suggest this method because you are using SBS, which is very inflexible.  Since it is locked and (from what I can recall), you must make the server a domain controller and install everything you want to use out of SBS on the single server only - you cannot legally split products out to multiple servers.  If you had full products for each domain, this would change my suggestions to you greatly besides being a little easier to deal with.

I hope this better shows you what's on my mind.
0
 
bruceb7Commented:
*grin*
This is going to be a complex task, and I am not to sure on the Trust issue (SBS4.5 has issues with trusts)

Fact: you are going to have to rebuild a server.

I would tend to do this:

Get ahold of a Machine that you can build with NT or 2000.
Backup, Backup, Backup
Try to migrate your data onto this server (if you do anything wrong you will not loose live data on a live server)
If you can get (lets say) sql working on the other server, then you could rebuild your current server with NT or Win2K and migrate everyting back.

The trust issue might work but long term you are still goig to ave to do someting similar, and an extra macine would make life a little easier, depending on how you do it, a decent PC could be used, as it would only bee running for a couple of days (depending if you are willing to pull an all nighter over the weekend)

If you are interested in this method, let me know, I can go into more detail.
If not, best of luck with the trust thing (I would be keen to know if it works:)
0
 
mikhaelAuthor Commented:
OK guys, here's where we are up to...

Have relocated and put the servers together on "the same wire" and SAME IP ranges (tried different IP's but had trouble with 1 of the networks accessing the Net - trying to use a Netgear ADSL router as a standard Eth to Eth router). They seem to coexist fine. I have another Netgear DSL router acting as DHCP server to the 2 domains, except the 2 servers have static IP's.

Haven't yet tried to share resources as that will be phase 2. For now, it seems to be working well. Shall keep you posted.
0
 
bruceb7Commented:
As a mater of interest, are you getting an Master browser problems? or Have you disabled one of them?

Let me know what happens when you try to share the resourses, I woyuld be very interested to see what problems you have as I have a project comming up that this would give a little insight to( a domain upgrade with an sbs4.5 server in controll).

Hope it all works out :)
0
 
mikhaelAuthor Commented:
OK Sorry for delay. Here's how it ended up.

Both SBS4.5's on same subnet !!!  Both left as were, (except of course the IP change to become common). i.e. no reinstall. All computers have same gateway and DNS. Workstations (mixture of 98SE's and 2000's) have DHCP (from the Netgear) and the 2 SBS's are static.

Some PC's share from both SBS's (because they need to) but most only from one.

There are NO browsing issues. The SBS that is NOT the PDC comes up in Net Neigh. in a sec or so. (of course you have to drill thru Entire Network). Likewise quickly thru \\2nd_PDC

Appreciate your input Bruce, but Netman shd get the points.
0
 
mikhaelAuthor Commented:
For the benefit of others looking up my question and subsequent answers, I **didn't** follow the advice of Netman. (See my last 2 comments)

I would appreciate a further comment however, on how this worked. What I did contradicts Microsft's help pages (and also your comments).

Thanks again
0
 
bruceb7Commented:
I am curious as to how the clients can access both servers?
Do you have the same username/user accounts and passwords on both? If so, I could see Win9.x being able to access both, possibbly the Win2K, but with some effort.

I asume that both Servers host a different domain?
Are you expierenceing any slow network issues?

Glad to hear you got it all up and running, I suppose that is the main task, it doesnt matter how you did it :)
Keep us posted as to any probs you are having, would like to know for futre reference, as MS claims what you are doing is imposible by design.
0
 
mikhaelAuthor Commented:
Yep - I am curious as well, Bruce.

No effort whatsoever!!!

Yes all the accounts are common - same usernames and pwds, on both SBS's. No trusts or exporting etc. Just manually re-typing the accounts and pwds. (But remember they have COMMON passwords - i.e. all users have the same simple password)

Yes they are 2 different domains.

Absolutely no slow network issues!!!

Go figure - Microsft spin I think.

Regards, Michael

p.s. Once again, I would appreciate a further comment from someone, on how we got this to work. Surely, we didn't fluke it.
0
 
bruceb7Commented:
I think that because the usernames and password are the same for both domains, when the client tries to authenticate it will use its cached account information, which will be the same on the 2nd domain/server resource.

Kind of like a workgroup, but obviously not.

I think that if you wanted to be stricter with security, that is when you would have a problem.
I believe the official response from MS is that you can not create a trust with an SBS 4.5 box, but if you want to set it up in a non-standard (and unsupported) way, there are always possibilities.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 8
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now