Inherited SBS 2003 Prem - Cohabit on phyical LAN with another SBS 2003 Prem Domain?

Hi All,

I am about to 'inherit' an SBS 2003 Prem machine and associated domain
workstations (cohabiting office space) for which I will become the
domain admin.

If possible I would like to plug that server and the workstations into
my existing physical LAN, but set it up as a totally independent
domain and different subnet (we are currently 10.0.0.0/24 so I am
thinking perhaps 10.0.1.0/24).

Will that work? I understand that I cannot have two SBS 2003 Prem
servers in a single domain, but I am thinking that my plan means I
would have (logically) separate domains even though on the same
physical LAN.

Thanks,

Alan.
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

You could put two NICs in each SBS server, then attach them to a common
router, and run them as separate domains.

However, the problem may be forwarding the ports used by the services that
both domains may require (email, RWW, OWA, VPN, etc. | ports 25, 443, 1723,
4125, etc.). I believe 4125 can be changed this in the registry of the
server to a different port, and Exchange (port 25) can be setup to use an
alternate port. But 1723, 443 and other ports are "hard-coded" and can only
be forwarded to a one IP.

There are routers that allow dual Internet access and may be useful (albeit
that means another broadband account).

Internet
|
Router --- SBS2 External NIC = SBS2 Internal NIC - Switch - Domain2
Workstations
|
SBS1 External NIC
||
SBS1 Internal NIC
|
Switch
| | | |
Domain1 Workstations

 

Hi Merv,

I hadn't considered the port forwarding issue.

Both servers are currently in single NIC configuration.

It appears that the new server actually uses POP3 (!) to collect email
so that is not an issue.

We only have 25 and 1723 open on the firewall to our existing SBS, so
that just leaves 1723. If they are using RDP then problem solved,
since we do not allow a direct RDP session through the firewall (has
to tunnel inside a VPN and that can only connect to our Win Server
2003 TS machine). I could port forward 4125 to their server to
probably any internal IP in their subnet.

Thanks,

Alan.

PS: I have another interesting issue on this new SBS 2003 Prem box,
but I'll start another thread for that!
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb




--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

Hi Alan,

How do you plan to isolate the two SBS servers using single NICs and a
common router/firewall? One of the SBS servers will shut down when it
detects the other. That's why I suggested dual NICs in each (which will
isolate the servers).

 

I am probably misunderstanding what 'isolate' means / requires.

Do they have to be physically isolated?

I was hoping that, if they are different unrelated domains, and
different subnets, then they would be isolated from each other (in a
logical sense but not physically).

Am I mistaken? If so, I can reconfigure one or both with dual NICs (I
was planning on doing ours that way at Xmas anyway), but if I an get
away with it for three months, that would be good too.

Upon reflection, the LAN side address of a single router cannot
(presumably) be both (say) 10.0.0.254 and 10.0.1.254. Therefore, I
have a problem right there.

If I go with the dual NICs, then I guess the WAN side NICs on the two
SBS machines could be, say, in the 192.168.0.0/24 subnet with the LAN
side of the router being 192.168.0.254 (say).

Thanks,

Alan.

--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

Whoops. Cancel that. The SBS servers won't be in the same domain, so the
second SBS server should not shut down. DHCP may be a problem though.

--
Merv Porter [SBS-MVP]
============================

 

Sorry, I just sent a post to correct myself. The servers should be able to
coexist on the same physical network, but isolating at least one of them
with a dual NIC configuration may make administration a bit easier. This
would allow you to run full DHCP service behind the dual NIC server for it's
workstations. The external NIC of SBS2 would be in the same subnet as SBS1
and the router.

--
Merv Porter [SBS-MVP]
============================

 

Merv, SBS will only shutdown if the 2nd SBS is in the same domain. ie. you
can have two SBS 'internal' on the same ethernet segment as long as each is
in it's own domain. The two can even share IP space (subnet).

The problem(s) with such a setup are to do with DHCP/DNS, only one of the
servers can supply DHCP services. This is fine for workstations attached to
that server but when you start thinking about the interaction between DHCP
and AD DNS, client PC setup for the workstations attached to the 2nd domain
gets awry. It's _way_ down my list of priorities but one day I may have a
look at authorising two such SBS's to each other allowing either to supply
DHCP (at random letting whichever DHCP decides to shutdown do so) and
causing DNS records on both to be updated However, there's a bug in this
too. DHCP supplies the AD DNS name to DHCP clients, the best option I can
think of to resolve this (counting that each server _may_ supply DHCP) is to
remove this option and set the workstations manually, this goes further and
you suddenly reach a point where it's all too much of a headache and you may
as well shutdown DHCP on both and rely fully on manual IPConfig of all PC's
(Servers and Workstations).

Take it further and my thoughts lead to 'Sell the 2nd SBS and run both
companies from one server.', it's cleaner, simpler, easier.

 

BWAHAHAHA, shouldda realised you'd catch yourself.



Ideally you'd completely seperate the networks, run both SBS dual NIC with a
routable subnet on the ISP connection, they share bandwidth but get distinct
public IP's.

 

Hi SuperGumby,

I agree and that is probably where we will end up if we all get along
well, but it will take a while for everyone to become comfortable with
each other and I don't want to have to undo that kind of thing if it
doesn't work out!

Thanks,

Alan.
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

Hi Merv,

We have about 20 workstations, and the other party has less than 10,
so I could manually assign static IPs and turn off DHCP on both SBS
machines?

Thanks,

Alan.
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

Hi Alan,

Yes, you can do that (as SG concluded in his post). For myself, I think I
would still prefer dual NICs in each server, full DHCP by each SBS server,
and isolated networks. (Easier to administer and troubleshoot, depending on
your needs). I've got this set up at one of my clients: an SBS 2003
Standard (training lab) and SBS 2003 Premium (business network), both with
dual NICs. Been running fine for 2 years now.

--
Merv Porter [SBS-MVP]
============================

 

Hi Merv,

I do agree - and it will be the aim over time, but I need to do
something quick and dirty (but also safe and reliable!) in the shorter
term while things are settling down.

Thanks for your help - I really appreciate it.

Alan.
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb

 

This post repeated above - don't bother replying here.

Thanks,

Alan.
--

The views expressed are my own, and not those of my employer or anyone
else associated with me.

My current valid email address is:



This is valid as is. It is not munged, or altered at all.

It will be valid for AT LEAST one month from the date of this post.

If you are trying to contact me after that time,
it MAY still be valid, but may also have been
deactivated due to spam. If so, and you want
to contact me by email, try searching for a
more recent post by me to find my current
email address.

The following is a (probably!) totally unique
and meaningless string of characters that you
can use to find posts by me in a search engine:

ewygchvboocno43vb674b6nq46tvb