Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Use of Windows2003 Server as DNS/DC/Web Server/Email Server behind a router with a broadband connection

Posted on 2004-08-21
Medium Priority
Last Modified: 2008-02-26
My question is very general because I am very new to all of this, please ignore my ignorance :-).

I would like to establish a domain that is apart of an active directory for an intranet. I would like to establish a webserver that can host ASP.NET pages for this domain in both internet and intranet settings. I would like to use Exchange as an email server for this domain on the internet.

I have tried this once and failed miserably! Let me tell you what I've tried.

I registered the domain (currently points to a webhosting company). I installed Server2003. I named the computer SOLOMON. I made it a domain controller for I learned that it needed a DNS server, so I set that up too. However, I did not setup a reverse lookup table becuse I couldn't figureout the right settings (should I give public IP or router assigned IP, I know, I'm pathetic). I setup IIS to run with a default site. I renamed my zone because that seemed simple enough. During all of this, I received two errors/warnings. One stated that setting up DNS with a dynamic IP is a BAD idea. I clicked through since I really had no idea what else to do. The other stated that's name servers were not correct (I honestly can't remember the exact error).

So I created one user account and joined an XP machine to the domain (PRAECLARUM). That worked! I could even view the web page by going to \\solomon. Nice! I then tried to setup folder redirection for My Documents as outlined in the book "The Ultimate Windows Server2003 Adminstration Guide". No errors, but the XP machine refused to use the network path for My COMputer. Also, it then took _absolutely forever_ for the XP machine to login to the domain. Obviously something was amiss, but I had no idea what.

I came to the conclusion that I had no idea what I was doing. I didn't even try pointing my domain to my computer for DNS. I didn't try installing Exchange either.

I have heard that it is a "bad idea" to have the DNS server and webserver/DC as the same machine. COupled with the fact that I have a dynamic IP it probably is a "really bad idea". So I am happy to use a service such as DynDNS. I just am tired of not knowing exactly what I am doing.

Please can someone give me tips/links/words of wisdom to accomplish my goals? I would really like a nice private intranet but also all the wonder of a proper internet server. I really want my domain name of

Thankyou very much!
Question by:fakrueger
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 11

Accepted Solution

infotrader earned 1000 total points
ID: 11860454
1.  Get a router.  Although you may have a Dynamic DNS from your ISP, you can still setup a STATIC IP address for your Internal LAN.  Use port forwarding instead.  You DO need a stitic IP for what you are trying to do, or you'll have a lot of troubles.

2.  It is a "bad idea" to have a lot of services on your computer for security reasons and CPU usage reasons.  But that isn't your problem with your first installation

3.  It is typically better, especially in your situation, to have TWO seperate DNS.. one for Internal and one for External.  For example, you might want to call your Internal LAN (Active Directory Domain) praeclarum.local.  Then setup a DNS (not active-directory-integrated) for the outside users.  It is much easier to manage and more secure as well!!

So...   what you need to do is:

1.  Get a router and either forward port 80, etc to your Internal server (i.e., for example), or just do the DMZ thing and forward all traffice to

2.  Assign a static IP of (or something like that) to your server.  Install DNS, then make it a DC.  On the DNS setup, make sure that it can forward DNS queries to your External ISP's DNS server...  So anything being resolved for your internal network will be hosted by your DC, but anything outside will be answered by your ISP.

3.  Join your other workstations to the Domain.  Make sure the workstations' DNS entry is pointed to the DC instead.  You're going to have a lot of problems if the DNS is pointed, somehow, to a public DNS server.

In a nut shell, I think that is all you need to do to get yourself up and running.  In the long run, you might want to consider moving some of the services to another server, to spread out the risk.

- Info

Author Comment

ID: 11861867
Thanks for the info. I have re-installed 2003 just to start with a clean slate. I configured my router to assign the same IP to the machine forever. After applying updates, I installed the domain controller for the domain praeclarum.local. After this process I installed and DNS server for praeclarum.local that had forward and reverse table (the reverse Network ID was set to 192.168.2). During this process, I still received the "dynamic ip" warnings. So I went to the network adapter and fixed its IP to, set the mask to and the gateway to (the router) Then I set its DNS to (itself). The router is set to forward udp port 53 to the server. In the DNS setup, I selected forwarding to my ISP's servers: (comcast). I then installed IIS because I love to jump the gun.

I thought I was doing really well since I only now receive to warnings and one error in the event logs. The two warnings are from Ldap and say something to the effect of: Lsasrv 40960 (no logon servers available) and 40961 (no authentication protocol available). THe error was for the time thingy saying it couldn't get to a server. However, the computer seems to run well. I can host aspx pages (by going to //solomon or //praeclarum.local).

My next step was to add an XP machine to the domain. This is where I run into trouble. When selecting the domain (during computer rename) I get the following error:

<< The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain praeclarum:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.praeclarum >>

This is so odd since it looks like that record exists in the DNS configuration, and PRAECLARUM is certainly the NetBIOS name. I even tried praeclarum.local but that returned a similar error.

Any ideas on this error?

Should I work myself around this problem, how do I go about setting up the public (Internet) domain DO I just point DynDNS at my server then install that name into my registrar's table?

How do I setup mail and IIS?

Thanks a bunch!


Author Comment

ID: 11861886
I should also add that I set the XP machine's DNS to the server and that works beautifully (I'm able to type this!). On the XP machine I can load the pages //solomon and //praeclarum.local. I just can't seem to join the domain!

Author Comment

ID: 11865421
I haven't a clue what I did. But somewhere between installing and removing a WINS server on SOLOMON, I was able to join my XP machine to the domain praeclarum.local. Only a few problems: IntelliMirror still doesn't work (I set it up according to the "Ultimate Admin Guide") and the machine takes for ever to log in (about 15 mins of "COnfiguring Computer").

So we're close but still not there. I enjoy my DNS and all, but it would seem that my Domain Controller is still a little broken.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question