Solved

Use of Windows2003 Server as DNS/DC/Web Server/Email Server behind a router with a broadband connection

Posted on 2004-08-21
4
223 Views
Last Modified: 2008-02-26
My question is very general because I am very new to all of this, please ignore my ignorance :-).

I would like to establish a domain that is apart of an active directory for an intranet. I would like to establish a webserver that can host ASP.NET pages for this domain in both internet and intranet settings. I would like to use Exchange as an email server for this domain on the internet.

I have tried this once and failed miserably! Let me tell you what I've tried.

I registered the domain praeclarum.org (currently points to a webhosting company). I installed Server2003. I named the computer SOLOMON. I made it a domain controller for praeclarum.org. I learned that it needed a DNS server, so I set that up too. However, I did not setup a reverse lookup table becuse I couldn't figureout the right settings (should I give public IP or router assigned IP, I know, I'm pathetic). I setup IIS to run with a default site. I renamed my zone because that seemed simple enough. During all of this, I received two errors/warnings. One stated that setting up DNS with a dynamic IP is a BAD idea. I clicked through since I really had no idea what else to do. The other stated that praeclarum.org's name servers were not correct (I honestly can't remember the exact error).

So I created one user account and joined an XP machine to the domain (PRAECLARUM). That worked! I could even view the web page by going to \\solomon. Nice! I then tried to setup folder redirection for My Documents as outlined in the book "The Ultimate Windows Server2003 Adminstration Guide". No errors, but the XP machine refused to use the network path for My COMputer. Also, it then took _absolutely forever_ for the XP machine to login to the domain. Obviously something was amiss, but I had no idea what.

I came to the conclusion that I had no idea what I was doing. I didn't even try pointing my domain to my computer for DNS. I didn't try installing Exchange either.

I have heard that it is a "bad idea" to have the DNS server and webserver/DC as the same machine. COupled with the fact that I have a dynamic IP it probably is a "really bad idea". So I am happy to use a service such as DynDNS. I just am tired of not knowing exactly what I am doing.

Please can someone give me tips/links/words of wisdom to accomplish my goals? I would really like a nice private intranet but also all the wonder of a proper internet server. I really want my domain name of praeclarum.org.

Thankyou very much!
0
Comment
Question by:fakrueger
  • 3
4 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 250 total points
ID: 11860454
1.  Get a router.  Although you may have a Dynamic DNS from your ISP, you can still setup a STATIC IP address for your Internal LAN.  Use port forwarding instead.  You DO need a stitic IP for what you are trying to do, or you'll have a lot of troubles.

2.  It is a "bad idea" to have a lot of services on your computer for security reasons and CPU usage reasons.  But that isn't your problem with your first installation

3.  It is typically better, especially in your situation, to have TWO seperate DNS.. one for Internal and one for External.  For example, you might want to call your Internal LAN (Active Directory Domain) praeclarum.local.  Then setup a praeclarum.org DNS (not active-directory-integrated) for the outside users.  It is much easier to manage and more secure as well!!

So...   what you need to do is:

1.  Get a router and either forward port 80, etc to your Internal server (i.e. 192.168.1.100, for example), or just do the DMZ thing and forward all traffice to 192.168.1.100.

2.  Assign a static IP of 192.168.1.100 (or something like that) to your server.  Install DNS, then make it a DC.  On the DNS setup, make sure that it can forward DNS queries to your External ISP's DNS server...  So anything being resolved for your internal network will be hosted by your DC, but anything outside will be answered by your ISP.

3.  Join your other workstations to the Domain.  Make sure the workstations' DNS entry is pointed to the DC instead.  You're going to have a lot of problems if the DNS is pointed, somehow, to a public DNS server.

In a nut shell, I think that is all you need to do to get yourself up and running.  In the long run, you might want to consider moving some of the services to another server, to spread out the risk.

- Info
0
 

Author Comment

by:fakrueger
ID: 11861867
Thanks for the info. I have re-installed 2003 just to start with a clean slate. I configured my router to assign the same IP 192.168.2.35 to the machine forever. After applying updates, I installed the domain controller for the domain praeclarum.local. After this process I installed and DNS server for praeclarum.local that had forward and reverse table (the reverse Network ID was set to 192.168.2). During this process, I still received the "dynamic ip" warnings. So I went to the network adapter and fixed its IP to 192.168.2.35, set the mask to 255.255.255.0 and the gateway to (the router) 192.168.2.1. Then I set its DNS to 192.168.2.35 (itself). The router is set to forward udp port 53 to the server. In the DNS setup, I selected forwarding to my ISP's servers: 204.127.198.4 (comcast). I then installed IIS because I love to jump the gun.

I thought I was doing really well since I only now receive to warnings and one error in the event logs. The two warnings are from Ldap and say something to the effect of: Lsasrv 40960 (no logon servers available) and 40961 (no authentication protocol available). THe error was for the time thingy saying it couldn't get to a server. However, the computer seems to run well. I can host aspx pages (by going to //solomon or //praeclarum.local).

My next step was to add an XP machine to the domain. This is where I run into trouble. When selecting the domain (during computer rename) I get the following error:

<< The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain praeclarum:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.praeclarum >>

This is so odd since it looks like that record exists in the DNS configuration, and PRAECLARUM is certainly the NetBIOS name. I even tried praeclarum.local but that returned a similar error.

Any ideas on this error?

Should I work myself around this problem, how do I go about setting up the public (Internet) domain praeclarum.org? DO I just point DynDNS at my server then install that name into my registrar's table?

How do I setup mail and IIS?

Thanks a bunch!

0
 

Author Comment

by:fakrueger
ID: 11861886
I should also add that I set the XP machine's DNS to the server and that works beautifully (I'm able to type this!). On the XP machine I can load the pages //solomon and //praeclarum.local. I just can't seem to join the domain!
0
 

Author Comment

by:fakrueger
ID: 11865421
I haven't a clue what I did. But somewhere between installing and removing a WINS server on SOLOMON, I was able to join my XP machine to the domain praeclarum.local. Only a few problems: IntelliMirror still doesn't work (I set it up according to the "Ultimate Admin Guide") and the machine takes for ever to log in (about 15 mins of "COnfiguring Computer").

So we're close but still not there. I enjoy my DNS and all, but it would seem that my Domain Controller is still a little broken.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now