Your expert opinion would be greatly appreciated

Discussion in 'Windows Small Business Server' started by Murdock, Sep 26, 2005.

  1. Murdock

    Murdock Guest

    Experts, Please read...
    I have a company that I run both a SBS03 and a 03 Standard Server at. I use
    the SBS03 for email (Exchange), web hosting, OWA, VPN, ect... mainly external
    stuff. The 03 Standard Server is the PDC and is mainly a file server for a
    huge amount of CAD data (more important server). The 03 Standard is MUCH
    newer, faster, and more reliable than the SBS box. I did actually have the 03
    Standard Server setup and running months before the SBS system was
    introducted. Actually, I installed and setup the SBS system at my place then
    just delivered it and plugged it in. They are both on the same domain and
    everything works. I do have a lot of event log errors.
    Now before you say anything, I know that the SBS has to have the PDC role. I
    was thinking about running DCPROMO on the 03 Standard and making the 03
    Standard a backup or secondary DC (not sure which one). But here are the
    things I know that are stopping me from doing that:

    I would like to keep the 03 Standard the PDC for my workstations because its
    much faster, newer and more reliable.

    I have many users setup on the 03 Standard that are seperate from the users
    on the SBS Box. (many have the same user name)

    The SBS box is exposed to the internet so I don't really want the file
    server (03 Standard) to depend on it for the PDC role.

    I like the idea of having the two servers NOT replicating to eachother
    because of security concerns.

    I know I need to change something. But I guess what I need is 2 seperate
    domains. Right now both servers are on the "tti.local" domain. I have users
    connecting in remotely to the SBS. They are able to get to the File Server. I
    would like to keep the servers as secure as possible without getting to
    crazy. Do I need to rename the SBS to a different domain? Will my
    workstations be able to stay on the same domain as the file server (03
    Standard) yet still have access to the Exchange Server for their Outlook? I
    don't like all these event errors an would like to get this done right.

    Please make a suggestion!

    Thanks in advance....
     
    Murdock, Sep 26, 2005
    #1
    1. Advertisements

  2. Hi Murdock,

    Thanks for posting here!

    For your description, I understand that you have some concern to SBS 2003
    server in the Windows 2003 domain environment. If I am off base, please
    don't hesitate to let me know.

    As we know, in SBS network environment, the SBS server must be the root of
    the Active Directory forest and PDC. Additionally, the SBS domain can not
    have any child domains.

    I. It is not recommended you change SBS domain name, especially the
    Exchange server has been setup in the SBS server box. It can cause many
    potential problems. For your now scenario, I suggest that you run DCPromo
    tool to demote the Windows 2003 server to a member server and then remove
    it from the SBS domain. And then rename the Windows 2003 server domain name
    and setup the Windows 2003 network environment.

    Please refer to the following KB article to promote the SBS server to seize
    FSMO roles and demote windows 2003 server:
    884453 How to install Small Business Server 2003 in an existing Active
    http://support.microsoft.com/?id=884453

    II. And then you can refer to the following article to change the server
    domain name:

    Windows 2003 Domain Rename Tools:
    http://www.microsoft.com/windowsserver2003/downloads/domainrename.mspx

    Tool download location:
    Windows Server 2003 Active Directory Domain Rename Tools
    http://download.microsoft.com/download/5/6/d/56df978b-9a76-487e-80b7-0250289
    f2579/domainrename.exe

    Documents:

    Understanding How Domain Rename Works
    http://download.microsoft.com/download/9/6/5/965e6899-e086-4b3e-8ed6-516ea07
    ea225/Domain-Rename-Intro.doc

    Step-by-Step Guide to Implementing Domain Rename
    http://download.microsoft.com/download/c/f/c/cfcbff04-97ca-4fca-9e8c-3a9c90a
    2a2e2/Domain-Rename-Procedure.doc
    ========================
    Regarding to the exchange server concern, we can configure these users
    access Exchange server via internet through RPC over HTTPS. The first
    requirement is that these users must also have user account in the SBS
    domain.

    There are some things you must do to reach the goal.

    I. Please follow the steps to publish RWW to internet in the SBS server
    box:

    1. Click Start, and then click Server Management.
    2. Click To Do List, and then click Connect to the Internet.
    3. Continue through the wizard and enter the specific information about
    your Internet connection type, your DNS server, and your router.
    4. On the Web Services Configuration page, click to select the Outlook via
    the Internet check box under the Allow access to only the following Web
    site services from the Internet. Select any additional services, such as
    Outlook Web Access, that you require.
    5. Click Next.
    6. On the Web Server Certificate page, select the Web server certificate
    type, and then click Next. You can choose to either install a new Web
    server certificate or locate a third-party certificate.
    7. The wizard automatically configures Exchange, Internet Security and
    Acceleration (ISA) Server, IIS, and the RPC proxy registry entries.

    Those users login their workstations, open the RWW site
    (https://FQDN/remote) and Click the link for Outlook via Internet. Follow
    the instructions to configure the Outlook client.

    II. On the Outlook client, make sure it is Windows XP SP1 with the hotifx
    331320 installed (or a later service pack).

    Please refer to following KB article:
    331320 Outlook 2003 Performs Slowly or Stops Responding When Connected to
    http://support.microsoft.com/?id=331320

    For more system requirement, please refer to the link:
    http://www.microsoft.com/office/ork/2003/three/ch8/OutC07.htm

    III. Only the ports 80 and 443 are necessary, if you use RPC over HTTPS,
    which is Microsoft recommended. You need to open these ports on all routers
    and firewalls.

    IV. Please confirm that the certificate used by HTTPS is using his external
    FQDN of SBS Server instead of internal FQDN.

    I suggest you read the following online article carefully to verify if the
    RPC over HTTPs is set up correctly on your Exchange 2003 Server and the
    required ports are opened on the firewall of your network.

    http://www.winnetmag.com/Article/ArticleID/39770/39770.html

    More info about Exchange 2003 in sbs 2003:
    How to configure connection filtering to use Realtime Block Lists (RBLs)
    and how to configure recipient filtering in Exchange 2003
    http://support.microsoft.com/?id=823866
    ========================

    Hope the above information helps. If you have any further questions or
    concerns on the issue, please feel free to let me know. I look forward to
    your reply.

    Have a nice day!

    Best Regards,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Sep 27, 2005
    #2
    1. Advertisements

  3. Murdock

    Murdock Guest

    Thank you for the reply. It looks like you have answered my question, this is
    a lot of information to go thru. I'll let you know how it goes and what I
    find.

     
    Murdock, Sep 28, 2005
    #3
  4. Hi Murdock,

    Thanks for your update. I am glad to know that information useful to you. I
    appreciate your time and effort to try my suggestions. If there is anything
    unclear with my information please feel free to let me know. I am glad to
    be further assistance of you!

    Have a nice day!

    Best Regards,

    Jenny Wu
    Microsoft CSS Online Newsgroup Support
    Get Secure! - www.microsoft.com/security
    ======================================================
    This newsgroup only focuses on SBS technical issues. If you have issues
    regarding other Microsoft products, you'd better post in the corresponding
    newsgroups so that they can be resolved in an efficient and timely manner.
    You can locate the newsgroup here:
    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

    When opening a new thread via the web interface, we recommend you check the
    "Notify me of replies" box to receive e-mail notifications when there are
    any updates in your thread. When responding to posts via your newsreader,
    please "Reply to Group" so that others may learn and benefit from your
    issue.

    Microsoft engineers can only focus on one issue per thread. Although we
    provide other information for your reference, we recommend you post
    different incidents in different threads to keep the thread clean. In doing
    so, it will ensure your issues are resolved in a timely manner.

    For urgent issues, you may want to contact Microsoft CSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.

    Any input or comments in this thread are highly appreciated.
    ======================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
     
    Jenny wu [MSFT], Sep 29, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.