Need to move a 2003 server to a new IP address.

Posted on 2007-08-04
Medium Priority
Last Modified: 2010-04-18
I am no expert but I have set up a network in the small primary school where I work as a teacher.  It works very well at the moment.  It has a Windows Enterprise 2003 Server which runs accounts for staff and children.

The staff use VPN to access their accounts from home on terminal services.  

I plan to extend the use of terminal services and so I have bought a second server which I plan to have take over the role of terminal server on the network.

I have ONE single IP address which is set up by my internet service provider as the access from outside to my network on the vpn.  It is xxx.xxx.xxx.100. This is the IP address of the server on the network.

I need to know which is the best approach to bringing in the new terminal server.

Can I just move the main server, which is the domain controller, dhcp server and runs active directory to a new IP address, ideally xxx.xxx.xxx.001 and then put the new terminal server on xxx.xxx.xxx.100?

Can anyone foresee any problems, if I just change the IP address of the original server to xxx.xxx.xxx.001? Can you think of anything else that I need to change to compensate for the server having moved to the new IP address?

Or .... is there a better way of doing the whole thing?


Question by:fjnorman
  • 2
LVL 70

Accepted Solution

KCTS earned 1400 total points
ID: 19632827
Oh dear - you mean you have the server connected directly to the internet through a public IP address?
You need to sort this out immediately - you may as well put a big neon sign on your server saying please hack me?

You need a decent router/firewall between your internal network and the intenet, your server and clients should be on a private IPs behind the router firewall and the router/firewall should provide routing with NAT or simialr in order that all of your servers and clients can access the internet through the public IP address without themselves being exposed. See the diagram on Network and hardware requirements at http://arstechnica.com/guides/tweaks/windows2k3-1.ars to see what I mean.

Get this sorted first - then you can add the new server and confgure Terminal Services on the new server and you can give ir any IP you like and configure the firewall to allow TS Sessions.

LVL 13

Assisted Solution

bluetab earned 600 total points
ID: 19633374
Let's hope that you don't have a Public IP address configured on your server.  But let's verify.  What are the first three numbers of your IP address xxx.xxx.xxx.100.  I'm going to guess and hope that your server IP address is  If this is the case then this is a private IP address and everything is OK.

Now to setup the Terminal Server.  I would recommend setting up the Terminal Server with the xxx.xxx.xxx.101 IP address.  If you change the IP address of the server you will need to correct settings for the VPN, DNS, DHCP and any other services that you may have running.  

Once you have setup the new Terminal Server you will need to reconfigure your router to forward port 3389 to the xxx.xxx.xxx.101 IP address.  

Author Comment

ID: 19633490
Thank you for both answers.  I have just realised what is going on.  The vpn is organised through our internet supplier, who specially manages schools and provides the access to the internet.  The actual IP address is only referred to when you set up the remote desktop connection to logon to accounts.

Now that I have realised that.  I should be able to set up the terminal server on xxx.xxx.xxx.101 and then try to connect to it.  If I can connect, then I can leave the origianl terminal server working until I have changed over all of the remote desktops and then remove the role.

Can't I?
LVL 70

Expert Comment

ID: 19633592
OK I hope that is the case. Putting Terminal Server on a machine other than the DC is a very good idea. Terminal Services on a DC is a big security risk since you are effectivly granting remote users permission to log on locally to the DC where they could reak havoc. Microsoft always advise against putting Terminal Services on A DC (other than for remote admin), and its actually prohibited in SBS.

On a more general point you can chnage the IP addresses of machines as you want but don't do it on a regular basis. When you change a DCs IP address you may need to wait a wile while the new IP addresses are propogated properly and a reboot is not a bad idea since it will clear all cached infomation and and force the re-registration of any dynamic DNS entries etc.

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question