Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.
Solved
Use of Windows2003 Server as DNS/DC/Web Server/Email Server behind a router with a broadband connection
Posted on 2004-08-21
My question is very general because I am very new to all of this, please ignore my ignorance :-).
I would like to establish a domain that is apart of an active directory for an intranet. I would like to establish a webserver that can host ASP.NET pages for this domain in both internet and intranet settings. I would like to use Exchange as an email server for this domain on the internet.
I have tried this once and failed miserably! Let me tell you what I've tried.
I registered the domain praeclarum.org (currently points to a webhosting company). I installed Server2003. I named the computer SOLOMON. I made it a domain controller for praeclarum.org. I learned that it needed a DNS server, so I set that up too. However, I did not setup a reverse lookup table becuse I couldn't figureout the right settings (should I give public IP or router assigned IP, I know, I'm pathetic). I setup IIS to run with a default site. I renamed my zone because that seemed simple enough. During all of this, I received two errors/warnings. One stated that setting up DNS with a dynamic IP is a BAD idea. I clicked through since I really had no idea what else to do. The other stated that praeclarum.org's name servers were not correct (I honestly can't remember the exact error).
So I created one user account and joined an XP machine to the domain (PRAECLARUM). That worked! I could even view the web page by going to \\solomon. Nice! I then tried to setup folder redirection for My Documents as outlined in the book "The Ultimate Windows Server2003 Adminstration Guide". No errors, but the XP machine refused to use the network path for My COMputer. Also, it then took _absolutely forever_ for the XP machine to login to the domain. Obviously something was amiss, but I had no idea what.
I came to the conclusion that I had no idea what I was doing. I didn't even try pointing my domain to my computer for DNS. I didn't try installing Exchange either.
I have heard that it is a "bad idea" to have the DNS server and webserver/DC as the same machine. COupled with the fact that I have a dynamic IP it probably is a "really bad idea". So I am happy to use a service such as DynDNS. I just am tired of not knowing exactly what I am doing.
Please can someone give me tips/links/words of wisdom to accomplish my goals? I would really like a nice private intranet but also all the wonder of a proper internet server. I really want my domain name of praeclarum.org.
Thankyou very much!
I would like to establish a domain that is apart of an active directory for an intranet. I would like to establish a webserver that can host ASP.NET pages for this domain in both internet and intranet settings. I would like to use Exchange as an email server for this domain on the internet.
I have tried this once and failed miserably! Let me tell you what I've tried.
I registered the domain praeclarum.org (currently points to a webhosting company). I installed Server2003. I named the computer SOLOMON. I made it a domain controller for praeclarum.org. I learned that it needed a DNS server, so I set that up too. However, I did not setup a reverse lookup table becuse I couldn't figureout the right settings (should I give public IP or router assigned IP, I know, I'm pathetic). I setup IIS to run with a default site. I renamed my zone because that seemed simple enough. During all of this, I received two errors/warnings. One stated that setting up DNS with a dynamic IP is a BAD idea. I clicked through since I really had no idea what else to do. The other stated that praeclarum.org's name servers were not correct (I honestly can't remember the exact error).
So I created one user account and joined an XP machine to the domain (PRAECLARUM). That worked! I could even view the web page by going to \\solomon. Nice! I then tried to setup folder redirection for My Documents as outlined in the book "The Ultimate Windows Server2003 Adminstration Guide". No errors, but the XP machine refused to use the network path for My COMputer. Also, it then took _absolutely forever_ for the XP machine to login to the domain. Obviously something was amiss, but I had no idea what.
I came to the conclusion that I had no idea what I was doing. I didn't even try pointing my domain to my computer for DNS. I didn't try installing Exchange either.
I have heard that it is a "bad idea" to have the DNS server and webserver/DC as the same machine. COupled with the fact that I have a dynamic IP it probably is a "really bad idea". So I am happy to use a service such as DynDNS. I just am tired of not knowing exactly what I am doing.
Please can someone give me tips/links/words of wisdom to accomplish my goals? I would really like a nice private intranet but also all the wonder of a proper internet server. I really want my domain name of praeclarum.org.
Thankyou very much!
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
4 Comments
1. Get a router. Although you may have a Dynamic DNS from your ISP, you can still setup a STATIC IP address for your Internal LAN. Use port forwarding instead. You DO need a stitic IP for what you are trying to do, or you'll have a lot of troubles.
2. It is a "bad idea" to have a lot of services on your computer for security reasons and CPU usage reasons. But that isn't your problem with your first installation
3. It is typically better, especially in your situation, to have TWO seperate DNS.. one for Internal and one for External. For example, you might want to call your Internal LAN (Active Directory Domain) praeclarum.local. Then setup a praeclarum.org DNS (not active-directory-integrate
So... what you need to do is:
1. Get a router and either forward port 80, etc to your Internal server (i.e. 192.168.1.100, for example), or just do the DMZ thing and forward all traffice to 192.168.1.100.
2. Assign a static IP of 192.168.1.100 (or something like that) to your server. Install DNS, then make it a DC. On the DNS setup, make sure that it can forward DNS queries to your External ISP's DNS server... So anything being resolved for your internal network will be hosted by your DC, but anything outside will be answered by your ISP.
3. Join your other workstations to the Domain. Make sure the workstations' DNS entry is pointed to the DC instead. You're going to have a lot of problems if the DNS is pointed, somehow, to a public DNS server.
In a nut shell, I think that is all you need to do to get yourself up and running. In the long run, you might want to consider moving some of the services to another server, to spread out the risk.
- Info
2. It is a "bad idea" to have a lot of services on your computer for security reasons and CPU usage reasons. But that isn't your problem with your first installation
3. It is typically better, especially in your situation, to have TWO seperate DNS.. one for Internal and one for External. For example, you might want to call your Internal LAN (Active Directory Domain) praeclarum.local. Then setup a praeclarum.org DNS (not active-directory-integrate
So... what you need to do is:
1. Get a router and either forward port 80, etc to your Internal server (i.e. 192.168.1.100, for example), or just do the DMZ thing and forward all traffice to 192.168.1.100.
2. Assign a static IP of 192.168.1.100 (or something like that) to your server. Install DNS, then make it a DC. On the DNS setup, make sure that it can forward DNS queries to your External ISP's DNS server... So anything being resolved for your internal network will be hosted by your DC, but anything outside will be answered by your ISP.
3. Join your other workstations to the Domain. Make sure the workstations' DNS entry is pointed to the DC instead. You're going to have a lot of problems if the DNS is pointed, somehow, to a public DNS server.
In a nut shell, I think that is all you need to do to get yourself up and running. In the long run, you might want to consider moving some of the services to another server, to spread out the risk.
- Info
Thanks for the info. I have re-installed 2003 just to start with a clean slate. I configured my router to assign the same IP 192.168.2.35 to the machine forever. After applying updates, I installed the domain controller for the domain praeclarum.local. After this process I installed and DNS server for praeclarum.local that had forward and reverse table (the reverse Network ID was set to 192.168.2). During this process, I still received the "dynamic ip" warnings. So I went to the network adapter and fixed its IP to 192.168.2.35, set the mask to 255.255.255.0 and the gateway to (the router) 192.168.2.1. Then I set its DNS to 192.168.2.35 (itself). The router is set to forward udp port 53 to the server. In the DNS setup, I selected forwarding to my ISP's servers: 204.127.198.4 (comcast). I then installed IIS because I love to jump the gun.
I thought I was doing really well since I only now receive to warnings and one error in the event logs. The two warnings are from Ldap and say something to the effect of: Lsasrv 40960 (no logon servers available) and 40961 (no authentication protocol available). THe error was for the time thingy saying it couldn't get to a server. However, the computer seems to run well. I can host aspx pages (by going to //solomon or //praeclarum.local).
My next step was to add an XP machine to the domain. This is where I run into trouble. When selecting the domain (during computer rename) I get the following error:
<< The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain praeclarum:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.praec
This is so odd since it looks like that record exists in the DNS configuration, and PRAECLARUM is certainly the NetBIOS name. I even tried praeclarum.local but that returned a similar error.
Any ideas on this error?
Should I work myself around this problem, how do I go about setting up the public (Internet) domain praeclarum.org? DO I just point DynDNS at my server then install that name into my registrar's table?
How do I setup mail and IIS?
Thanks a bunch!
I thought I was doing really well since I only now receive to warnings and one error in the event logs. The two warnings are from Ldap and say something to the effect of: Lsasrv 40960 (no logon servers available) and 40961 (no authentication protocol available). THe error was for the time thingy saying it couldn't get to a server. However, the computer seems to run well. I can host aspx pages (by going to //solomon or //praeclarum.local).
My next step was to add an XP machine to the domain. This is where I run into trouble. When selecting the domain (during computer rename) I get the following error:
<< The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain praeclarum:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.praec
This is so odd since it looks like that record exists in the DNS configuration, and PRAECLARUM is certainly the NetBIOS name. I even tried praeclarum.local but that returned a similar error.
Any ideas on this error?
Should I work myself around this problem, how do I go about setting up the public (Internet) domain praeclarum.org? DO I just point DynDNS at my server then install that name into my registrar's table?
How do I setup mail and IIS?
Thanks a bunch!
I should also add that I set the XP machine's DNS to the server and that works beautifully (I'm able to type this!). On the XP machine I can load the pages //solomon and //praeclarum.local. I just can't seem to join the domain!
I haven't a clue what I did. But somewhere between installing and removing a WINS server on SOLOMON, I was able to join my XP machine to the domain praeclarum.local. Only a few problems: IntelliMirror still doesn't work (I set it up according to the "Ultimate Admin Guide") and the machine takes for ever to log in (about 15 mins of "COnfiguring Computer").
So we're close but still not there. I enjoy my DNS and all, but it would seem that my Domain Controller is still a little broken.
So we're close but still not there. I enjoy my DNS and all, but it would seem that my Domain Controller is still a little broken.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The Need
In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication. By default, if the time difference between systems is off by more …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users. DHCP dynamically manages this process, much to the relief of users and administrators alike!
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data.
But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month10 days, 6 hours left to enroll
719 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.