asked on

vhdom.mycomany and sharepoint.mycomany DNS and DC AND AD

I have installed IIS server and our domain name is vhdom.mycomany.com and DNS forward zone is vhdom.mycomany.com. Now I have created a site called https://sharepoint.mydomain.com. I can access the https://sharepoint.mydomain.com from the webserver but not from any other computer from LAN. I was told I need to create host name and point it to sharepoint.mycomany.com with the IP address. However I can not create DNS Host name since our domain is vhdom.mycompany.com
Any thing i can do to fix this issue?

ASKER CERTIFIED SOLUTION

Chris Dent

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Ankit_J_P

ASKER

this would have not have any impact on current AD and DC and DNS right? When I create a new forward lookup zone i want to make it AD integrated... would that work with new forward zone? Because the iis server is accessed by Sharepoint site which uses the AD user to allow access.

Chris Dent

No impact on those unless they also happen to use the Sharepoint name, should be fine really.

And AD Integrated is fine, that'll just ensure all your DCs get a copy of the zone. Easier to maintain.

Chris

Ankit_J_P

ASKER

Thanks. I will try this off hours. Would i have to transfer any current vhdom.mycomany.com user or anything else because I am creating sharepoint.mycompany.com forward lookup zone to make th AD integrated work without any issues when people are accesssing the website internally or externally? Also when people logon to VHDOM domain would they have any issue?

Chris Dent

No other changes. All this does is make the name available when someone types it in the browser (or tries to ping / nslookup the name). It won't change how anyone logs on.

It has the same effect as putting "sharepoint.mycompany.com" into the Hosts file on each PC, but this is more convenient because you do it centrally and don't have to visit every PC for them to get it.

Chris

Ankit_J_P

ASKER

Okay that does make sense. I am new to this. Do you know any good books on webhosting and networking configuration for hosting a IIS website for windows environment?

Ankit_J_P

ASKER

OKay I have created the forward zone... When I create the host "A" record Should i leave it blank or add www and should i check the box for prt record?

Ankit_J_P

ASKER

okay so why am i not able access the website after adding the A record ... I can access the website for the server https://sharepoint.protocollink.com

Chris Dent

Leave the name blank, and untick the PTR record box (we don't need that one). This zone is only intended to answer requests for "sharepoint.protocollink.com".

Can you show me a screenshot of what you have if you're seeing odd behaviour?

Chris

Ankit_J_P

ASKER

Here is the file
sharepoint-error-1.doc

Ankit_J_P

ASKER

I will reopen this question if needed

Chris Dent

Have you got something that includes what you added to DNS for this?

Chris

Ankit_J_P

ASKER

here is the dns settings. Okay I have the internal sharepoint working however, I am not able to access it from out side... public 69.11.202.20x has "A" record and is pointed to sharepoint.protocollink.com .. i have incomming filter opened to route the 443 port to internal IP 192.168.1.XXX. so not sure why i cannot access it from outside...
sharepoint-dns.doc

Chris Dent

That looks perfect :)

Do all clients within your network use that DNS server in their TCP/IP configuration?

And did you run "ipconfig /flushdns" before trying to ping the address?

Chris

Ankit_J_P

ASKER

No I did not flush and yes everyone is using DNS in the configuration. I can access from LAN my sharepoint site but not from extranet/internet. Should I flush eventhough i can access sharepoint from LAN?

Chris Dent

This change would only apply for users inside your network. To make it work from the Internet you'd have to add an address to your public DNS service, they won't refer to your internal DNS server which is the only one that knows how to get there.

Chris

Ankit_J_P

ASKER

I had my domain registar create "A" record so sharepoint.mycompany.com point to public address provided by my ISP. So when I NSLOOKUP the 69.11.20x.20x it points to sharepoint.mycompany.com t shows 69.11.20x.20x but request timed out. I have watchguard edge as firewall and that is configured. to port 443 and inter LAN IP address (webserver IP). Shouldn't this work?

Chris Dent

Ping might not, the network request used for Ping can be blocked separately from web access. Can you access the site on the HTTPS connection?

Chris

Ankit_J_P

ASKER

Internally I can access the HTTPS site. However, I can not access the site from outside of the LAN.

Ankit_J_P

ASKER

Okay I got it working. What i had to do was open the NAT public IP pointing to Internal IP on port 443. How secure is NAT and is my network/domain safe using this NAT? Also how can i monitor who is using 443 port any tools you recommend?

Thanks a lot for your assistance.

Chris Dent

NAT doesn't provide any security, if inbound connections are allowed then the service behind that had better be secure.

That said, it's probably going to be fine. Just make sure you have a reasonable password policy and keep the server patched and up to date.

Monitoring usage is a bit more difficult. Which side do you want to monitor? Inbound from external? Or internal users?

Chris

Ankit_J_P

ASKER

Inbound from external users....

I also have SSL connection... so hopefully it should be secure... my concern is the the port 443 is open....