vhdom.mycomany and sharepoint.mycomany DNS and DC AND AD

I have installed IIS server and our domain name is vhdom.mycomany.com and DNS forward zone is vhdom.mycomany.com.  Now I have created a site called https://sharepoint.mydomain.com.  I can access the https://sharepoint.mydomain.com from the webserver but not from any other computer from LAN.  I was told I need to create host name and point it to sharepoint.mycomany.com with the IP address.  However I can not create DNS Host name since our domain is vhdom.mycompany.com
Any thing i can do to fix this issue?
Ankit_J_PAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

Sure... create a new Forward Lookup Zone called "sharepoint.mydomain.com". Then add a Host (A) Record with a blank name and the correct IP Address into it.

Once done you should find you can nslookup / ping that name for any client on the domain. You may have to run "ipconfig /flushdns" first though.

HTH

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ankit_J_PAuthor Commented:
this would have not have any impact on current AD and DC and DNS right?  When I create a new forward lookup zone i want to make it AD integrated... would that work with new forward zone?  Because the iis server is accessed by Sharepoint site which uses the AD user to allow access.
0
Chris DentPowerShell DeveloperCommented:

No impact on those unless they also happen to use the Sharepoint name, should be fine really.

And AD Integrated is fine, that'll just ensure all your DCs get a copy of the zone. Easier to maintain.

Chris
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Ankit_J_PAuthor Commented:
Thanks.  I will try this off hours.  Would i have to transfer any current vhdom.mycomany.com user or anything else because I am creating sharepoint.mycompany.com forward lookup zone to make th AD integrated work without any issues when people are accesssing the website internally or externally?  Also when people logon to VHDOM domain would they have any issue?
0
Chris DentPowerShell DeveloperCommented:

No other changes. All this does is make the name available when someone types it in the browser (or tries to ping / nslookup the name). It won't change how anyone logs on.

It has the same effect as putting "sharepoint.mycompany.com" into the Hosts file on each PC, but this is more convenient because you do it centrally and don't have to visit every PC for them to get it.

Chris
0
Ankit_J_PAuthor Commented:
Okay that does make sense.  I am new to this.  Do you know any good books on webhosting and networking configuration for hosting a IIS website for windows environment?
0
Ankit_J_PAuthor Commented:
OKay I have created the forward zone... When I create the host "A" record Should i leave it blank or add www and should i check the box for prt record?
0
Ankit_J_PAuthor Commented:
okay so why am i not able access the website after adding the A record ... I can access the website for the server https://sharepoint.protocollink.com
0
Chris DentPowerShell DeveloperCommented:

Leave the name blank, and untick the PTR record box (we don't need that one). This zone is only intended to answer requests for "sharepoint.protocollink.com".

Can you show me a screenshot of what you have if you're seeing odd behaviour?

Chris
0
Ankit_J_PAuthor Commented:
Here is the file
sharepoint-error-1.doc
0
Ankit_J_PAuthor Commented:
I will reopen this question if needed
0
Chris DentPowerShell DeveloperCommented:

Have you got something that includes what you added to DNS for this?

Chris
0
Ankit_J_PAuthor Commented:
here is the dns settings.  Okay I have the internal sharepoint working however, I am not able to access it from out side... public 69.11.202.20x has "A" record and is pointed to sharepoint.protocollink.com .. i have incomming filter opened to route the 443 port to internal IP 192.168.1.XXX.  so not sure why i cannot access it from outside...
sharepoint-dns.doc
0
Chris DentPowerShell DeveloperCommented:

That looks perfect :)

Do all clients within your network use that DNS server in their TCP/IP configuration?

And did you run "ipconfig /flushdns" before trying to ping the address?

Chris
0
Ankit_J_PAuthor Commented:
No I did not flush and yes everyone is using DNS in the configuration.  I can access from LAN my sharepoint site but not from extranet/internet.  Should I flush eventhough i can access sharepoint from LAN?
0
Chris DentPowerShell DeveloperCommented:

This change would only apply for users inside your network. To make it work from the Internet you'd have to add an address to your public DNS service, they won't refer to your internal DNS server which is the only one that knows how to get there.

Chris
0
Ankit_J_PAuthor Commented:
I had my domain registar create "A" record so sharepoint.mycompany.com point to public address provided by my ISP.  So when I NSLOOKUP the 69.11.20x.20x it points to sharepoint.mycompany.com t shows 69.11.20x.20x but request timed out.  I have watchguard edge as firewall and that is configured. to port 443 and inter LAN IP address (webserver IP).  Shouldn't this work?
0
Chris DentPowerShell DeveloperCommented:

Ping might not, the network request used for Ping can be blocked separately from web access. Can you access the site on the HTTPS connection?

Chris
0
Ankit_J_PAuthor Commented:
Internally I can access the HTTPS site.  However, I can not access the site from outside of the LAN.  
0
Ankit_J_PAuthor Commented:
Okay I got it working.  What i had to do was open the NAT public IP pointing to Internal IP on port 443.  How secure is NAT and is my network/domain safe using this NAT?  Also how can i monitor who is using 443 port any tools you recommend?

Thanks a lot for your assistance.  
0
Chris DentPowerShell DeveloperCommented:

NAT doesn't provide any security, if inbound connections are allowed then the service behind that had better be secure.

That said, it's probably going to be fine. Just make sure you have a reasonable password policy and keep the server patched and up to date.

Monitoring usage is a bit more difficult. Which side do you want to monitor? Inbound from external? Or internal users?

Chris
0
Ankit_J_PAuthor Commented:
Inbound from external users....  

I also have SSL connection... so hopefully it should be secure... my concern is the the port 443 is open....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.