How to configure 2003 Server to replicate primary DC in WAN

Hi Experts,
My company has two offices in one of which primary server SBS 2003 is configured as a primary DC running Exchange 2003. In second office located quite far away I have 2003 Server R2 Standard. I would like to setup the Server 2003 as a replicator of SBS.
What is the best way to do it? Also, is it possible to setup a Sharepoint services, VPN Server and DNS server?
It's clean and ready for ideas.
Thank you for your help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

All of it is possible.

First you need to have a VPN (or other secured connection) between your two offices.

Set up DNS on the 2003 R2 Standard server and have it replicate the domain dns root. (You can also just point DNS to the IP address of your SBS server but it would probably be slower)
Then you just run dcpromo on the 2003 R2 Standard computer and make it an additional domain controller for the domain.
After a reboot, all should be good.

If I were you, I'd place both boxes next to each other and do the configuration/dcpromo/etc. That way you're not replicating the domain over a WAN link.

After all this is done, move the new domain controller to the remote office and set up sites in Active Directory Sites and Services. Configure a replication interval, etc.

Installing Sharepoint should be straight forward. Just install, next, next, next ,next, finish.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kshychAuthor Commented:
Thank you for a rapid response.
Setting up boxes next to each other would be extremely difficult as one is in UK and other one in US.

SBS has already VPN configured. I can vpn to it easily from my laptop. However when I am trying to do it from the server I receive 800 error (couldnt establish connection). Perhaps it is related to Security Configuration Wizard? I managed to install only updates, after restart cannot browse any website.

Any ideas?
If I were you, I wouldn't set up a VPN from server to server. Set up a tunnel through your router/firewall. If your router/firewall does not support VPN, get 2 that do. They're not expensive. You can probably get a Netgear Firewall that supports VPN for under $200 (although I'd probably recommend spending a little more on a business class firewall... maybe Sonicwall).

This way, if your clients need to access resources on the other subnet, they can (without going through the server first).

Your servers probably aren't communicating because the Windows Firewall on the server isn't configured to allow VPN.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

kshychAuthor Commented:
I tried to open Windows Firewall. Message popped up saying Windows Firewall cannot run because another program is running that might use the network address translation component (Ipnat.sys).
I tried to disable it in command prompt with "net stop ipnat" and "sc stop ipnat" and in both I received that "The service has not been started".
Oh yeah, forgot that the Windows Firewall is disabled.

try going to the command prompt and typing "telnet <ip address of sbs server> 1723"

If it times out, then you're not able to hit the PPTP VPN port on the remote server. If the screen goes blank, then that port is available and it's not a connectivity issue (could be invalid username or password or something else).
kshychAuthor Commented:
SBS server has internal IP. I cannot telnet to it unless VPN is configured. Then VPN cannot be configured because on of the routers doesn't support VPN. Vicious circle.
You'll still need to forward port 1723 from your router to the sbs server or people outside of the network will never be able to establish a VPN connection. After forwarding the port, you could then try the telnet test.
kshychAuthor Commented:
I can use VPN and telnet from my laptop but not from the server.
kshychAuthor Commented:
What can I do to be able to view websites? I removed Internet Explorer Enhanced Security and still don't work. Do you have any idea?
kshychAuthor Commented:
Ok. I disabled the Remote access / VPN and it worked. I tried to telnet again but it goes blank and after about 2min timed out. Although I can access Internet and remote desktop works (which was the main thing).
So when you're connected to the VPN, you can't connect to the internet?

Go to the properties of the VPN connection --> Networking --> TCP/IP --> Advanced and uncheck "Use default gateway on remote network".
kshychAuthor Commented:
Actually I'm connected to Internet but cannot to the VPN.
So how did you disable Remote Access / VPN then?
kshychAuthor Commented:
I disabled it in MMC snap-in. To make Internet work I removed Enhanced Internet Security in Add/Remove Windows Components.
kshychAuthor Commented:
I finally managed how to work around with VPN and RAS. VPN is configured (I guess) and RAS is up and running. I am able to connect to the main server in UK over the VPN connection. However when I am trying to add the secondary (new) server to the domain it says "The network path was not found". And again when I am trying to go for dcpromo, it moans that RPC is unavailable and "This condition may be caused by a DNS lookup problem."
Do you have any idea what to do?
Can you ping your domain name from the 2nd server? Does it resolve correctly? If not, check DNS on the 2nd server and make sure it replicated the domain. If you don't have DNS on the 2nd server, make sure Primary DNS on the 2nd server is pointed to the SBS server. If it's pointed to your ISP, you're not going to be able to run dcpromo.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.