How to configure 2003 Server to replicate primary DC in WAN

Hi Experts,
My company has two offices in one of which primary server SBS 2003 is configured as a primary DC running Exchange 2003. In second office located quite far away I have 2003 Server R2 Standard. I would like to setup the Server 2003 as a replicator of SBS.
What is the best way to do it? Also, is it possible to setup a Sharepoint services, VPN Server and DNS server?
It's clean and ready for ideas.
Thank you for your help.
kshychAsked:
Who is Participating?
 
victornegriCommented:
All of it is possible.

First you need to have a VPN (or other secured connection) between your two offices.

Set up DNS on the 2003 R2 Standard server and have it replicate the domain dns root. (You can also just point DNS to the IP address of your SBS server but it would probably be slower)
Then you just run dcpromo on the 2003 R2 Standard computer and make it an additional domain controller for the domain.
After a reboot, all should be good.

If I were you, I'd place both boxes next to each other and do the configuration/dcpromo/etc. That way you're not replicating the domain over a WAN link.

After all this is done, move the new domain controller to the remote office and set up sites in Active Directory Sites and Services. Configure a replication interval, etc.

Installing Sharepoint should be straight forward. Just install, next, next, next ,next, finish.
0
 
kshychAuthor Commented:
Thank you for a rapid response.
Setting up boxes next to each other would be extremely difficult as one is in UK and other one in US.

SBS has already VPN configured. I can vpn to it easily from my laptop. However when I am trying to do it from the server I receive 800 error (couldnt establish connection). Perhaps it is related to Security Configuration Wizard? I managed to install only updates, after restart cannot browse any website.

Any ideas?
0
 
victornegriCommented:
If I were you, I wouldn't set up a VPN from server to server. Set up a tunnel through your router/firewall. If your router/firewall does not support VPN, get 2 that do. They're not expensive. You can probably get a Netgear Firewall that supports VPN for under $200 (although I'd probably recommend spending a little more on a business class firewall... maybe Sonicwall).

This way, if your clients need to access resources on the other subnet, they can (without going through the server first).

Your servers probably aren't communicating because the Windows Firewall on the server isn't configured to allow VPN.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
kshychAuthor Commented:
I tried to open Windows Firewall. Message popped up saying Windows Firewall cannot run because another program is running that might use the network address translation component (Ipnat.sys).
I tried to disable it in command prompt with "net stop ipnat" and "sc stop ipnat" and in both I received that "The service has not been started".
0
 
victornegriCommented:
Oh yeah, forgot that the Windows Firewall is disabled.

try going to the command prompt and typing "telnet <ip address of sbs server> 1723"

If it times out, then you're not able to hit the PPTP VPN port on the remote server. If the screen goes blank, then that port is available and it's not a connectivity issue (could be invalid username or password or something else).
0
 
kshychAuthor Commented:
SBS server has internal IP. I cannot telnet to it unless VPN is configured. Then VPN cannot be configured because on of the routers doesn't support VPN. Vicious circle.
0
 
victornegriCommented:
You'll still need to forward port 1723 from your router to the sbs server or people outside of the network will never be able to establish a VPN connection. After forwarding the port, you could then try the telnet test.
0
 
kshychAuthor Commented:
I can use VPN and telnet from my laptop but not from the server.
0
 
kshychAuthor Commented:
What can I do to be able to view websites? I removed Internet Explorer Enhanced Security and still don't work. Do you have any idea?
0
 
kshychAuthor Commented:
Ok. I disabled the Remote access / VPN and it worked. I tried to telnet again but it goes blank and after about 2min timed out. Although I can access Internet and remote desktop works (which was the main thing).
0
 
victornegriCommented:
So when you're connected to the VPN, you can't connect to the internet?

Go to the properties of the VPN connection --> Networking --> TCP/IP --> Advanced and uncheck "Use default gateway on remote network".
0
 
kshychAuthor Commented:
Actually I'm connected to Internet but cannot to the VPN.
0
 
victornegriCommented:
So how did you disable Remote Access / VPN then?
0
 
kshychAuthor Commented:
I disabled it in MMC snap-in. To make Internet work I removed Enhanced Internet Security in Add/Remove Windows Components.
0
 
kshychAuthor Commented:
I finally managed how to work around with VPN and RAS. VPN is configured (I guess) and RAS is up and running. I am able to connect to the main server in UK over the VPN connection. However when I am trying to add the secondary (new) server to the domain it says "The network path was not found". And again when I am trying to go for dcpromo, it moans that RPC is unavailable and "This condition may be caused by a DNS lookup problem."
Do you have any idea what to do?
0
 
victornegriCommented:
Can you ping your domain name from the 2nd server? Does it resolve correctly? If not, check DNS on the 2nd server and make sure it replicated the domain. If you don't have DNS on the 2nd server, make sure Primary DNS on the 2nd server is pointed to the SBS server. If it's pointed to your ISP, you're not going to be able to run dcpromo.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.