?
Solved

DNS

Posted on 2005-05-05
24
Medium Priority
?
377 Views
Last Modified: 2010-04-18
Hi,

I'm setting up a new server: small business server 2003 premium edition

It's basically going to be an application server, serving asp.net applications and a SQL server database.  We already have another server that contains all the user acccounts for all workstations in the office (about 5-10 workstations).

I'm a newbie when it comes to DNS, and i'm not sure how important DNS is on this new server.. During installation it prompted for a domain, so I entered blackhawk.local

However, our other server, which is also SBS, is running on accounting.local.

Are there any issues that i'm going to encounter?  Any advice/recomendations on what i should do in this particular setup..?  Also a DNS crash course or links / references would be appreciated :)

Thanks - Trevor
0
Comment
Question by:trevorhartman
  • 9
  • 7
  • 6
  • +2
24 Comments
 
LVL 6

Expert Comment

by:gjohnson99
ID: 13937665
yes and no

You cant have 2 sbs server on the same domain
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 13937686
right, so i'm ok?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 13938455

Yes you should be fine.

I haven't played with the 2003 version of SBS, but the 2000 version was pretty keen on trying to start a DHCP server - you may want to ensure it doesn't do anything like that as it would potentially interfere with your current setup.

blackhawk.local is just the authentication domain, for a webserver that part of it doesn't need to be public (or even publicly accessible) - just as long as IIS (and SQL) can find it.

Of course there's the usual restrictions in place, so no forming trusts etc etc.

HTH

Chris
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 8

Author Comment

by:trevorhartman
ID: 13938498
thanks, yes i disabled DHCP so i think everything should be ok...
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 13938592

I agree :)
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13943108
No, you're not OKAY... you CAN'T use TWO SBS boxes on the same network.  (Chris - it's much more than what you are describing... the domain controls ALL user logins and file permissions).

It's not about DNS, but Active Directory (which will host the DNS when you set it up right).

If you're going to add an additional server to an SBS network, then it must be a Server 2003 Standard edition or web edition.  (Being that you want to run SQL on it, then you may want to reconsider your deployment... perhaps running your accounting on a separate Server 2003 machine so that you can get the benefit of Exchange running on your main server).

You probably want to pick up the Advanced Best Practices Guide from http://www.SMBNation.com which details a number of deployment scenarios (and while you're there, get the Basic Best Practices Guide... it'll help a ton!)

Jeff
TechSoEasy

0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13943124
Just to make it a bit clearer... if you have users that already have "accounting.local" user accounts, then they will not be able to access anything in the "blackhawk.local" domain.  So, user1@accounting.local may not access your SQL server, your printers, your fax or any other domain resource on blackhawk.local.  If your intent is to keep accounting separate, then you will need to keep them as two distinct networks.  
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 400 total points
ID: 13943330

Hi Jeff,

You're right I should have made it clearer that the new SBS server would be inaccessible as a file server.

But the two SBS machines are on seperate (logical) networks.

IIS does not require that the user knows where, or how to access the authentication servers. It doesn't need the user to be able to find the DNS domain blackhawk.local. Authentication requests are taken by IIS then relayed to the domain services. So the ASP.NET applications should be no problem.

SQL itself doesn't require domain access either as authentication tokens are handled by the SQL server, not the client.

I assumed this wouldn't be a problem as the original question stated:

"serving asp.net applications and a SQL server database"

On that level, it really shouldn't be a problem would it?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1400 total points
ID: 13943678
Yes it would for a couple of reasons... first, it's a violation of the license.  Second, it will crash.  An SBS machine MUST be the root of the forest and the primary domain controller.  It can only be installed with that parameter, it must also be installed with a fully functional Active Directory or it will not function at all.  SBS has a primary purpose and is ideal for smaller companies.

While it is true that SQL may not require domain authentication, that all depends on the application.

Without knowing too much more about this situation, it seems as though there are a couple of ways to go... depending on the resource needs of the .asp apps/SQL Server and budgetary considerations.

One of the following is appropriate for this situation:

1.  If accounting.local  is SBS Standard edition, it can be upgraded to Premium which will add SQL Server and ISA Server.  Upgrading RAM to 2 - 4 GB will accommodate all of these roles as long as the processor is at least 2.4Ghz or so.  The .asp Apps can run on most any machine alongside of the SBS (including Windows XP Pro with IIS 6) if they are too resource needy.  If the apps are accessed externally, then the box running IIS can be put in a DMZ outside the LAN for security reasons.  The user SBS CAL's would cover access, and there are no additional CAL's required.

2.  If the SQL processes will take up substantial resources, then a Standard Server 2003 should be added to the accounting.local domain with SQL Server 2004 installed on that machine along with IIS 6.0 (or again, IIS can be put on an XP box and DMZ'd -- if price isn't an issue, then that box could be a Windows Server 2003 Web Edition -- but it's not really necessary unless it gets a ton of traffic).  Whatever the combo in this scenario, these boxes are joined to the accounting.local domain.  The additional server (or 2) would take up an SBS Device CAL, but users would not need an additional CAL to access these servers as long as they are part of the SBS network.  If they are deployed in a separate domain, SEPARATE SERVER 2003 CALS will be required for each user.

Administering 2 separate domains would, in the long run, be significantly more costly than a single one, since there cannot be trusts with SBS, each domain would need separate patching, virus protection, general maintenance, etc.  Not to mention the additional expense of separate CALs for each user.

If option 1 is possible, it would be my suggestion because managing a single server is significantly less work than managing 2 or 3.  If there are mission critical applications running then separating it out to two servers may be a bit better, although there is still no redundancy... but that's another discussion....

Jeff
TechSoEasy
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 13943777

Jeff,

All in the interest of providing something like a complete answer :)

I'm not familiar with the SBS license to say why having two of them on seperate logical networks is violating it?

Both SBS servers are (as described in the original question) the root of the forest, and the primary domain controller (one on accounting.local and one on blackhawk.local). Does SBS perform detection to see if another (unrelated) SBS server is functioning on the same IP Range?

I agree that it isn't an ideal product to use for hosting. Web edition doesn't allow you to install SQL Server, so the options there are basically Standard or Enterprise (or two servers). It is worth noting that Web Edition doesn't require Client Access Licenses though - so it can often be a good option, again depending on the number of clients that require access.

Basically, the options for what is used depend on the resources available - and of course if the choosen path is one that works.

Chris
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1400 total points
ID: 13943885
The license violation is not obtaining an additional CAL for the additional server.  Per the SBS EULA, any user accessing the server must have a CAL (or any device must have a CAL).  Therefore, using just SQL authentication is not permitted.

Having both servers on the same IP range is exactly the problem... one of them (the first one that was there, usually) will take over... whether you've created a separate domain on the other one or not, it will block the other one from having access to TCP/IP essentially... I've tried it and it ain't pretty.  So they would have to be entirely separate on different subnets.

As for webhosting... again, if it's a small deployment... an XP Pro machine doesn't require CALs either.  :-)  And if the main SBS box has ISA, it can be secured just as well as anything.

Jeff
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 13943988

All makes sense, and I always forget about XP for such things.

So generally would be better to try and avoid setting up SBS for this.

Chris :)
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 13945430
aaarrgh.  too complicated :)

thanks for the great discussion guys.. Now, i'm just not sure where to go from here.  We just bought this server to be our application server, of course not understanding the whole SBS issue.  We went with SBS premium b/c it comes with SQL server.. I set my own account up in the new server's active directory, now i can access that server over the network so I can develop my app on it (i'm a programmer, not a server amdin, hence the problems...!), and I should be the only one who needs to.  Besides that, everyone will just be accessing internally it like this:

http://kioskApp/

one thing, the new SBS came with 5 CALS, so that's ok right?  (not sure how the whole CAL thing works)

it's been up running on two domains since yesterday, no problems.

-Trevor
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 13945452
note: we can't afford to buy any more OS's or servers, so we're stuck with 2 SBS's
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13945739
Well, sorry to say you can't use 2 SBS's on your network, no matter what.  You need to sell one of them or return the one you just got, unfortunately.  

I think you should find a local Microsoft Partner who specializes in SBS to help you determine your best course of action.  If you need a referal, please let me know.

Jeff
TechSoEasy
0
 
LVL 33

Assisted Solution

by:NJComputerNetworks
NJComputerNetworks earned 200 total points
ID: 13946662
I would agree that you should not be using two SBS servers within one company.  You may want to investigate the transition pack.  

but this costs money too...

From a technical standpoint what does the Windows Small Business Server 2003 Transition Pack do?
 
A. The server transition pack removes all of the Windows Small Business Server 2003 limits (such as 75 CALs, no Active Directory trusts, and CAL enforcement). The CAL transition packs are a license only.
 

http://www.microsoft.com/WindowsServer2003/sbs/techinfo/overview/licensingfaq.mspx




The best course of action would be to talk to whoever sold you the SBS.  See if you can return this and purchase Windows 2003 Server and SQL server instead.  They probably won't want to do this for you...but it doesn hurt to ask...
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13947083
Essentially the transition pack turns an SBS into a Standard Server 2003, but it would make more sense, if your accounting.local machine is SBS standard to migrate that all over to your new machine, and then just use the CAL's that came with accounting.local by adding them to the blackhawk.local machine.  

Jeff
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 13947721
transition pack looks expensive!!  what we wanted to do was have a seperate server handle everything this application needs: IIS & SQL Server.  If you buy windows server 2003 and sql server by itself, its way more expensive, which is why we went with SBS, not knowing of the issue with 2 SBS....
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 13948859
What's keeping you from putting it all on one machine?
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 13951757
the boss wanted to keep it seperate, so we could have something to grow into, b/c eventually we will need a seperate application server
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1400 total points
ID: 13952227
well, then tell him how much it's gonna cost to do that...

You have to buy standard server 2003 and sql server by itself...   and since you now know that you can't use an SBS, what's keeping you from putting it all on one machine?  Even if it's only for a year, it's a better way to go... just buy more RAM -- that's way cheap these days.

I manage over 20 SBS networks, all of the SBS boxes now have 2GB - 4GB of RAM and they work just fine.

Jeff
0
 
LVL 8

Author Comment

by:trevorhartman
ID: 14022538
thanks all for the suggestions

i'm still trying to figure out what to do, but at least i have some direction thanks to you all
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 14024166
no prob... good luck!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 14025132

Best of luck Trevor
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question