Need to move a 2003 server to a new IP address.

I am no expert but I have set up a network in the small primary school where I work as a teacher.  It works very well at the moment.  It has a Windows Enterprise 2003 Server which runs accounts for staff and children.

The staff use VPN to access their accounts from home on terminal services.  

I plan to extend the use of terminal services and so I have bought a second server which I plan to have take over the role of terminal server on the network.

I have ONE single IP address which is set up by my internet service provider as the access from outside to my network on the vpn.  It is xxx.xxx.xxx.100. This is the IP address of the server on the network.

I need to know which is the best approach to bringing in the new terminal server.

Can I just move the main server, which is the domain controller, dhcp server and runs active directory to a new IP address, ideally xxx.xxx.xxx.001 and then put the new terminal server on xxx.xxx.xxx.100?

Can anyone foresee any problems, if I just change the IP address of the original server to xxx.xxx.xxx.001? Can you think of anything else that I need to change to compensate for the server having moved to the new IP address?

Or .... is there a better way of doing the whole thing?

Regards,

Francis
fjnormanAsked:
Who is Participating?
 
Brian PiercePhotographerCommented:
Oh dear - you mean you have the server connected directly to the internet through a public IP address?
You need to sort this out immediately - you may as well put a big neon sign on your server saying please hack me?

You need a decent router/firewall between your internal network and the intenet, your server and clients should be on a private IPs behind the router firewall and the router/firewall should provide routing with NAT or simialr in order that all of your servers and clients can access the internet through the public IP address without themselves being exposed. See the diagram on Network and hardware requirements at http://arstechnica.com/guides/tweaks/windows2k3-1.ars to see what I mean.

Get this sorted first - then you can add the new server and confgure Terminal Services on the new server and you can give ir any IP you like and configure the firewall to allow TS Sessions.

0
 
bluetabCommented:
Let's hope that you don't have a Public IP address configured on your server.  But let's verify.  What are the first three numbers of your IP address xxx.xxx.xxx.100.  I'm going to guess and hope that your server IP address is 192.168.1.100.  If this is the case then this is a private IP address and everything is OK.

Now to setup the Terminal Server.  I would recommend setting up the Terminal Server with the xxx.xxx.xxx.101 IP address.  If you change the IP address of the server you will need to correct settings for the VPN, DNS, DHCP and any other services that you may have running.  

Once you have setup the new Terminal Server you will need to reconfigure your router to forward port 3389 to the xxx.xxx.xxx.101 IP address.  
0
 
fjnormanAuthor Commented:
Thank you for both answers.  I have just realised what is going on.  The vpn is organised through our internet supplier, who specially manages schools and provides the access to the internet.  The actual IP address is only referred to when you set up the remote desktop connection to logon to accounts.

Now that I have realised that.  I should be able to set up the terminal server on xxx.xxx.xxx.101 and then try to connect to it.  If I can connect, then I can leave the origianl terminal server working until I have changed over all of the remote desktops and then remove the role.

Can't I?
0
 
Brian PiercePhotographerCommented:
OK I hope that is the case. Putting Terminal Server on a machine other than the DC is a very good idea. Terminal Services on a DC is a big security risk since you are effectivly granting remote users permission to log on locally to the DC where they could reak havoc. Microsoft always advise against putting Terminal Services on A DC (other than for remote admin), and its actually prohibited in SBS.

On a more general point you can chnage the IP addresses of machines as you want but don't do it on a regular basis. When you change a DCs IP address you may need to wait a wile while the new IP addresses are propogated properly and a reboot is not a bad idea since it will clear all cached infomation and and force the re-registration of any dynamic DNS entries etc.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.