• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

How to add remote member server 2008 R2

I'm installing a Windows 2008 R2 virtual server at a remote location (RL), at DRFortress.

That server will be our mail server for clients at the office location (OL).

Our DC is located at OL.

Are there key steps I need do to get up running safely? Things I have in mind:

How to join domain at OL
How to setup Windows 2008 Firewall
Did I miss anything?
0
NVIT
Asked:
NVIT
  • 5
  • 4
4 Solutions
 
Rodney BarnhardtServer AdministratorCommented:
If you are creating a DR site as you have indicated, then you will need more than just one server at the remote site. If you are intending on creating an Exchange failover DAG environment, then you would also need to have a domain controller at the site that is also a GC. Exchange requires a GC located in the same site where the Exchange server resides. If it is a DR site, then I would expect you would have a private VPN type tunnel configured from your office location to the remote location. There are also other things to consider, such as certificates for that site if your plan includes running live from there in the event your primary site is either unavailable or has been lost. I may have misunderstood what you are planning, but if not, then you have additional planning that needs to be done.
0
 
NVITAuthor Commented:
I appreciate your help,  Rodney.

The server hosts MDaemon. It is a simple program,  nothing complex like Exchange.
Basically,  we're moving that server for DR purposes.

Our ISP is including  a dedicated virtual circuit to the server.

Thanks for the reminder on the certificate.
0
 
NVITAuthor Commented:
Eventually,  we'd like to move our file server,  also. So that everything is at DRFortress.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
Rodney BarnhardtServer AdministratorCommented:
In that case, I would go ahead and create a site with a DC located there. You should still be able to join the domain as long as there is a tunnel between the two subnets and routing is enabled. You would just need to ensure that you set the current DC manually in the DNS server IP settings. As long as you can ping the DC, you should be able to join it without a problem.
0
 
NVITAuthor Commented:
"...create a site with a DC located there"
OK. Do you know if making the same server a DC is ok? I mean, acceptable and or safe?

"...routing is enabled"
Would that be at one or both locations? Is that a simple setting?

"...set the current DC manually in the DNS server IP settings"
Do you mean the TCP/IP v4 properties of the NIC, i.e. "Use the following DNS server addresses"?

"As long as you can ping the DC..."
How can I do that if the DC is behind a hardware firewall w/ NAT?

As you can see, I've never done this before. Thank you for your patience.
0
 
Rodney BarnhardtServer AdministratorCommented:
Does your ISP handle your firewalls? If so, then they will probably create a VPN tunnel between the two locations. They should also make the traffic between the sites routable from both directions.

It generally is not recommended to run email on the same server as a DC. Although MS does this with SBS server. Generally, it is a higher risk for hacking, viruses, etc.

Yes, in the TCP\IP settings, ensure the DC is set as the DNS server before trying to join it.

If you have a VPN tunnel set up between the two firewalls, it allows internal traffic on both sides to pass through on all ports.
0
 
NVITAuthor Commented:
"Does your ISP handle your firewalls?"
Do you mean the firewall at DRF location? Yes, it will include a monthly firewall option.

At the office, I control the sonicwall.

"It generally is not recommended to run email on the same server as a DC"
OK. Looks like we need to add a one-time cost for another Server license plus a monthly VM cost for the DC.
0
 
Rodney BarnhardtServer AdministratorCommented:
I would think you could work with them to create a tunnel. Not sure of you model, but here are the instructions.

http://thebeagle.itgroove.net/2013/10/19/sonicwall-site-to-site-vpn-the-easy-way/
0
 
NVITAuthor Commented:
Thanks, Rodney. I'll put this to good use. Aloha!
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now