?
Solved

Two  Small Business Servers (SBS) on same network.

Posted on 2003-03-25
17
Medium Priority
?
372 Views
Last Modified: 2008-02-01
We have 2 sites each with a SBS 4.5 - one running File, Print and Exchange and the other running File, Print and SQL 7. However, 1 site is moving in with the other, and we wish to combine both networks. Is there a way I can use both servers? Maybe demote 1 of them? Maybe separate Windows domains? (Internal security is NOT an issue) Maybe TCP/IP on one server and IPX or NetBeui on the other? (And all clients having both protocols).

Thanks in advance.
Michael
0
Comment
Question by:mikhael
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 4
17 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 8204352
Hmm...

From what I remember SBS is locked to 50 users and a single domain and forces installation of all the product you want on one box.

I think the best option is two separate domains on separate networks.  You can still utilize Inter-forest Trusts for resource sharing.

You either have to use a VLAN configuration to separate the networks or use a second internal interface on the router (best solution - most money).

This solution would be the least painful initially until you can create a large domain.

Of course, you could always migrate the users to the first domain and buy a separate W2K server and SQL server licence and CALs and run SQL on the other box as a member server.

0
 

Author Comment

by:mikhael
ID: 8207106
Some more reading I have been doing.....

I can't *install* SBS on a machine when there is another SBS already on the n/w. However, here I am relocating a working SBS (complete with the n/w) to another working SBS network. Now, initially, they will have separate IP ranges, so I'm not expecting problems at that point. Or will I have probs?

Then after a week or so, ALL the users will be needing the resources from both servers. And I will convert the IP range to be common. What will happen? Server won't boot? Freeze up? BSOD?

What's stopping me from having different domain names (not FQDN's) for the 2 servers? Simply all the users login to 1 domain and have accounts on BOTH servers with common usernames and pwd's.

Netman, I don't know what you mean by "utilize Inter-forest Trusts for resource sharing". Remember, we aren't worried about internal security. All users currently have the same pwd!!

btw, SBS *is* locked to 50 users, but that won't bother me since total will only be about 20 users.

Thanks
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8207678
You will have problems if the two Domain Controllers are on the same subnet - absolutely.

You are best to keep both networks as they are but have them on the same "wire".  This is perfectly fine.

What I mean about Inter-Forest Trusts is that both Domains are two separate Forests, complete with all the FSMO (Flexible Single Master Operators) in each domain.  In order to access a resource across this invisible boundary you must create two one-way trusts between both forest root (first) domain controllers in each domain.

This explains how to do it (it applies to Windows 2000 too)

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B309682

You will also need this:

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B243629


Because workstations are joined to either one domain or the other, it is necessary to add the UPN to each domain of the opposite domain so that once the trusts have been created any domain member can log on to either domain using the UPN.

This is not a truly clean solution, but during the transition it will make your life much easier and create less impact to the end-user.

Let me know if you are still unclear.


0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 

Author Comment

by:mikhael
ID: 8208488
Thanks Netman

I am unclear on this.

Both above URL's refer to W2K - we are using WinNT4 (SBS 4.5).

Do you mean that you can't have 2 DC's on the one network or 2 PDC's??

When you talk about Inter-Forest Trusts, do you mean the 2 networks are in the same IP range? Or separated by a router or multihomed PC?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8210902
Oops....all along I've been thinking of Windows 2000 as SBS 4.5 and it's not....my apologies.

All the info I gave you is still valid to an extent.  It isn't wise to have 2 PDCs on the same network segment - browsing issues for one thing, as well as a host of other problems.

You can still have a pair of one-way trusts set up between both PDCs that have the same effect as I was mentioning before and allow resource access between domains.

Please tell me that the domain names are different....

If not, we have a bigger issue and one domain will have to go away.  This will force you to rebuild one office and at the same time merge them.

Trusts are set up a little differently in NT, but are mainly the same effect.

On the Windows NT 4.0 primary DC (PDC), start User Manager For Domains. Open Policies, and then open Trust Relationships. Under Trusting Domain, click Add.  Add the other domain and pick a strong password (write it down temporarily).  On the other PDC do the same, entering the first domain and a the password you wrote down.

Repeat the process, but select trusted domain and enter the domains as above using the same passwords.  You will get a message stating Trust with the other domain has been established successfully.

Now you can share resources between domains.





0
 

Author Comment

by:mikhael
ID: 8214389
Netman please pardon me for questioning you. Are we making this more difficult than it needs be?

Currently the 2 domain names are different and can stay that way.

Can we prevent browsing probs by sticking to mapped network drives? "host of other problems" What sort of probs?

Remember internal security is NOT an issue. We will be giving ALL users (except admin) the same pwd. And it's fairly trivial to create the same accounts on BOTH servers.

Thanks
0
 
LVL 51

Expert Comment

by:Netman66
ID: 8214626
You cannot log into two domains at once - not going to happen.

I'm not making it more difficult - I'm trying to help you make it easier.

PDCs take on the role of Master Browser.  If 2 PDCs exist in the same network segment there will be browsing issues do to the conflict.

I'm not giving security a second thought since you already stated it wasn't a concern and both domains are yours and will exist in one location.

If you're not satisfied with what I'm saying - try to do what you think should work and see what happens.  It's the only way for sure you will find out.

0
 

Author Comment

by:mikhael
ID: 8214887
Wohhhh! I really DO appreciate your knowledge and willingness to help.

Have increased the points.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 700 total points
ID: 8215285
Ok then, this is what I would do:

In the office that will become the final resting place for both domains, create 2 VLANS or add a new internal LAN connection on my router.

The domain that already exists in this office would get the following IP network - 192.168.1.0, subnet 255.255.255.0 - this will give you 254 host addresses for the network.  The router LAN address for this segment would be 192.168.1.1

On the second LAN interface I would use the network address of 10.10.1.0, subnet 255.255.255.0 (again, 254 hosts) and the router would get 10.10.1.1 for this interface.

Ensure that the router is setup so that routing between networks is permitted, but broadcasts are not.

Place the newly arrived domain on the 10.10.1.0 network and address the computers accordingly.

Next, create a two-way transitive trust between both PDCs so that communication between domains for resource sharing is possible.

Now, the users can just log in the way they are used to with no noticeable change to their end.  The two networks will co-exist in the same location, sharing the same router for outgoing internet access and mail with no interference from each other.  Each PDC will control their own Domain on their own network segment.  Most importantly, the servers can still perform their functions just as they are doing it now.

Once this is done you have some time to take a look at what you want to accomplish in terms of domain restructuring and network design, etc.  Plan carefully and take your time.  

Anything you plan to do now can be done slowly and in a controlled manner since you have both domains on the same wire.  You can merge and use some of Microsoft's migration utilities to move user and machine accounts into whatever domain you choose to be the host domain.  You can then reconstitute the left-over server into the host domain.

I only suggest this method because you are using SBS, which is very inflexible.  Since it is locked and (from what I can recall), you must make the server a domain controller and install everything you want to use out of SBS on the single server only - you cannot legally split products out to multiple servers.  If you had full products for each domain, this would change my suggestions to you greatly besides being a little easier to deal with.

I hope this better shows you what's on my mind.
0
 
LVL 1

Expert Comment

by:bruceb7
ID: 8268662
*grin*
This is going to be a complex task, and I am not to sure on the Trust issue (SBS4.5 has issues with trusts)

Fact: you are going to have to rebuild a server.

I would tend to do this:

Get ahold of a Machine that you can build with NT or 2000.
Backup, Backup, Backup
Try to migrate your data onto this server (if you do anything wrong you will not loose live data on a live server)
If you can get (lets say) sql working on the other server, then you could rebuild your current server with NT or Win2K and migrate everyting back.

The trust issue might work but long term you are still goig to ave to do someting similar, and an extra macine would make life a little easier, depending on how you do it, a decent PC could be used, as it would only bee running for a couple of days (depending if you are willing to pull an all nighter over the weekend)

If you are interested in this method, let me know, I can go into more detail.
If not, best of luck with the trust thing (I would be keen to know if it works:)
0
 

Author Comment

by:mikhael
ID: 8272314
OK guys, here's where we are up to...

Have relocated and put the servers together on "the same wire" and SAME IP ranges (tried different IP's but had trouble with 1 of the networks accessing the Net - trying to use a Netgear ADSL router as a standard Eth to Eth router). They seem to coexist fine. I have another Netgear DSL router acting as DHCP server to the 2 domains, except the 2 servers have static IP's.

Haven't yet tried to share resources as that will be phase 2. For now, it seems to be working well. Shall keep you posted.
0
 
LVL 1

Expert Comment

by:bruceb7
ID: 8282895
As a mater of interest, are you getting an Master browser problems? or Have you disabled one of them?

Let me know what happens when you try to share the resourses, I woyuld be very interested to see what problems you have as I have a project comming up that this would give a little insight to( a domain upgrade with an sbs4.5 server in controll).

Hope it all works out :)
0
 

Author Comment

by:mikhael
ID: 9169980
OK Sorry for delay. Here's how it ended up.

Both SBS4.5's on same subnet !!!  Both left as were, (except of course the IP change to become common). i.e. no reinstall. All computers have same gateway and DNS. Workstations (mixture of 98SE's and 2000's) have DHCP (from the Netgear) and the 2 SBS's are static.

Some PC's share from both SBS's (because they need to) but most only from one.

There are NO browsing issues. The SBS that is NOT the PDC comes up in Net Neigh. in a sec or so. (of course you have to drill thru Entire Network). Likewise quickly thru \\2nd_PDC

Appreciate your input Bruce, but Netman shd get the points.
0
 

Author Comment

by:mikhael
ID: 9170001
For the benefit of others looking up my question and subsequent answers, I **didn't** follow the advice of Netman. (See my last 2 comments)

I would appreciate a further comment however, on how this worked. What I did contradicts Microsft's help pages (and also your comments).

Thanks again
0
 
LVL 1

Expert Comment

by:bruceb7
ID: 9172329
I am curious as to how the clients can access both servers?
Do you have the same username/user accounts and passwords on both? If so, I could see Win9.x being able to access both, possibbly the Win2K, but with some effort.

I asume that both Servers host a different domain?
Are you expierenceing any slow network issues?

Glad to hear you got it all up and running, I suppose that is the main task, it doesnt matter how you did it :)
Keep us posted as to any probs you are having, would like to know for futre reference, as MS claims what you are doing is imposible by design.
0
 

Author Comment

by:mikhael
ID: 9172359
Yep - I am curious as well, Bruce.

No effort whatsoever!!!

Yes all the accounts are common - same usernames and pwds, on both SBS's. No trusts or exporting etc. Just manually re-typing the accounts and pwds. (But remember they have COMMON passwords - i.e. all users have the same simple password)

Yes they are 2 different domains.

Absolutely no slow network issues!!!

Go figure - Microsft spin I think.

Regards, Michael

p.s. Once again, I would appreciate a further comment from someone, on how we got this to work. Surely, we didn't fluke it.
0
 
LVL 1

Expert Comment

by:bruceb7
ID: 9172377
I think that because the usernames and password are the same for both domains, when the client tries to authenticate it will use its cached account information, which will be the same on the 2nd domain/server resource.

Kind of like a workgroup, but obviously not.

I think that if you wanted to be stricter with security, that is when you would have a problem.
I believe the official response from MS is that you can not create a trust with an SBS 4.5 box, but if you want to set it up in a non-standard (and unsupported) way, there are always possibilities.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question