Announcement

Collapse
No announcement yet.

Adding a Second Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding a Second Server

    Hi All -

    Firstly I would like to say thanks for helping me on my last problem

    Now for this one -

    I have a Windows Server 2008 (Enterprise Edtion) with Active Directory, DNS, DHCP, File Sharing & VPN Access. The IP Address Range is 192.168.1.x (Subnet 255.255.255.0)

    My company has just bought a second office, which will require a server there.

    Now my idea is to set up this "second" server, connected via VPN to the first (VPN User is an Admin Account)

    I have changed to Active Directory to run like this -:

    ..OU - Main office
    ......OU - Accounting
    ......OU - HR
    ..OU- 2nd Office
    ......OU- Marketing
    ......OU- Support

    I have added the users into the correct OU's and hopefully as I add workstations from the second site, they will also be put into the correct OU's.

    So my theory is to install Windows Server 2008 on the new server for the second site then :-
    • Connect the second server to the first via VPN
    • Point the DNS server of the Second Server (New server) to the IP Address of the first server (192.168.1.2)
    • Run DCPROMO and add a Domain Controller to an exsisting domain
    • All the OU's etc with be transfered to the Second Server (New)
    Will this work?

    I am a little confused about domain replication etc.

    Could someone be nice enough to help and write a step to step guide on how to do this?

    I have a feeling the second server needs to have a diffrent subnet etc, but I am really confused about all this.

    Many Thanks for any help in advance.
    Daimian

  • #2
    Re: Adding a Second Server

    I hope it is a router to router VPN -- RRAS is OK but....

    Set up your sites (in ADSS) first and link to subnet for branch office (you WILL need a different subnet - suggest 192.168.2.x/24)

    IMHO add server to domain first, then DCPromo
    Make sure you can contact the original DC by name and fqdn first. It sometimes helps to add a static route to each server to ensure traffic gets routed (I know you shouldnt need to, but it has been needed in the past).

    Remember to add DNS and DHCP roles to 2nd server (use AD integrated DNS)

    Replication will work "out of the box" but may take time, especially DNS.

    Computers will not automatically end up in an OU, you will have to move them from the Computers container.

    Final thought -- if there are any potential security issues in the branch office, consider an RODC or (IMHO better) use a hyper-v license to install a virtual DC on top of a file server.

    I don't have a user guide but do offer consultancy PM if interested
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Adding a Second Server

      not sure if ossian pointed it out, but once you've completed the dcpromo, you should then change the DNS on the second (new) domain controller to point to itself again, rather than the first DC.

      A DC should (usually) always point to itself as the first DNS server, then another DC, or DNS server, etc.

      Also, consider using Hardware based VPN devices. That way, a software failure on the DC in your second site won't result in a total failure because clients at the second site could still contact the DC at the main site
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Adding a Second Server

        Thanks for your help Ossain & Tehcamel. Starting to make sense now.

        Ossain - Creating the "site" and linking a new subnet mask makes sense. When you say add the server to the domain first, do you mean the same way you would add workstations to the domain? (Right click My Computer etc) ?

        Also adding the DNS via Active Directory I understand now, but for the DHCP do I use the new servers address range (192.168.2.X) ?

        Once the server is up and running, When joining workstations to the new server at the second office I assume I point the DNS to the second server. Also when added, will the workstations from the second site appear in AD Users & Computers on the server at the first site?

        Really appreciate your help on this! Thanks


        Tehcamel - So once the new server has DCPROMO done, Change the DNS to its own IP Address (127.0.0.1) ?

        Again, I appreciate your help on this!

        Thanks Daimian

        Comment


        • #5
          Re: Adding a Second Server

          Yes -- exactly the same way as a WS - no wizard though

          DHCP will be for the new site so 192.168.2.x

          AD will synchronise so everything will be visible in both sites

          Yes for DNS change, but make sure you have installed DNS role first AND it has replicated -- not automatic on additional DCs
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Adding a Second Server

            Awesome - This all makes sense now.

            Just one last thing -

            'Yes for DNS change, but make sure you have installed DNS role first AND it has replicated -- not automatic on additional DCs' -

            How can I check to make sure it has replicated? If its not automatic for additional Domain Controllers, how to I make it replicate? Will it need to be replicated manually on a regular basis?

            Again, Thanks Ossian
            Last edited by Daymo2010; 11th September 2010, 16:34. Reason: Additional Info

            Comment


            • #7
              Re: Adding a Second Server

              n your site DC you will see DNS zones and records start appearing an hour or so after installing DNS -- assuming it is AD integrated at both ends.

              Sorry -- I meant INSTALLATION is not automatic -- replication should be
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Adding a Second Server

                Originally posted by Daymo2010 View Post

                Tehcamel - So once the new server has DCPROMO done, Change the DNS to its own IP Address (127.0.0.1) ?

                Again, I appreciate your help on this!

                Thanks Daimian
                Not loopback address - actual IP address, ie 192.168.2.x
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Adding a Second Server

                  All I can say is THANKS

                  I managed to create and successfully connect via VPN and joined the new server to the domain.

                  I then ran dcpromo and added the second domain - no problems

                  Once the DNS had replicated, I changed the DNS address on the server to point to itself (192.168.2.2).

                  I created a test user account before adding the second DC, which I then changed the "First Name" feild of the user account and that succesfully replicated to the second DC.

                  There was just one other thing -

                  The IP Address address of the new server was overlooked and may need changing. We have added no clients / workstations to the second domain.

                  Would that be an easy thing to do? How would I go about this?

                  Thanks again, to both of you -
                  Daimian

                  Comment


                  • #10
                    Re: Adding a Second Server

                    What is the IP of the new server (post an IPCONFIG/ALL from both original and new servers)

                    You can change it without issues -- keep it in the 2nd subnet -- remember to update DNS to match it
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Adding a Second Server

                      when you change it, make sure you do ipconfig /registerdns - it will update all the guid and SRV records in DNS
                      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                      Comment


                      • #12
                        Re: Adding a Second Server

                        Hey Again,

                        I have a small problem.

                        I have noticed that SERVER-002 can "see & ping" and replicate that data on SERVER-001 (Any data changed on SERVER-001 changes the data held on SERVER-002)

                        SERVER-002 uses a RRAS VPN Connection to connect to SERVER-001.

                        Yet, when I ping SERVER-002 from SERVER-001 it does not respond. Nor if I changed data on SERVER-002 it does not replicate back to SERVER-001.

                        So to make sense a little -

                        SERVER-001 (Any changes made ARE replicated to SERVER-002)
                        SERVER-002 (Any changes made ARE NOT replicated to SERVER-001)

                        Ping Requests -
                        SERVER-001 CAN RECEIVE ping requests from SERVER-002
                        SERVER-002 CAN NOT RECEIVE ping requests from SERVER-001 (Request Timed Out)


                        SERVER-002 is connected to SERVER-001 via RRAS VPN Connection

                        At a complete loss?

                        Thanks in Advance

                        Daimian
                        Last edited by Daymo2010; 3rd November 2010, 03:37. Reason: More Info

                        Comment


                        • #13
                          Re: Adding a Second Server

                          Just a suggestion, add static routes to both servers (RRAS should take care of it but I've found it doesnt always)

                          For example:
                          (on Server002)
                          ROUTE ADD 192.168.1.0 MASK 255.255.255.0 192.168.2.254 -p
                          192.168.2.254 should be replaced by your gateway address on the 192.168.2.0 network

                          do the same on the main network server (Server 001):
                          ROUTE ADD 192.168.2.0 MASK 255.255.255.0 <gateway IP> -p



                          Check you can ping both ways by IP, name and FQDN
                          Tom Jones
                          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                          PhD, MSc, FIAP, MIITT
                          IT Trainer / Consultant
                          Ossian Ltd
                          Scotland

                          ** Remember to give credit where credit is due and leave reputation points where appropriate **

                          Comment


                          • #14
                            Re: Adding a Second Server

                            Hey Again,

                            This is the set up at the moment:-

                            192.168.1.1 - Router (Modem)
                            192.168.1.2 - Server-001
                            192.168.1.5 all the way to 192.168.1.149 is the Server-001's DHCP Scope
                            192.168.1.150 all the way to 192.168.1.199 is the Static IP Address for the VPN Connections.

                            The set up is the same at SERVER-002's location (Except its .2.1 for router, .2.2 for server etc)

                            When I am at SERVER-001 and I ping SERVER-002 it replies (IP Address of 192.168.1.153)
                            When I am at SERVER-001 and I ping server-002.domain.local (FQDN), again it replies (IP Address 192.168.1.153)

                            Sometimes when I am at SERVER-001 and ping SERVER-002, it tries to ping 192.168.2.2 (The IP Address for SERVER-002, BUT internal for the second office)
                            I have to change the DNS records for it to go back to 192.168.1.153 - How do I stop that happening?

                            When I am at SERVER-002 and I ping SERVER-001 it replies (IP Address 192.168.1.2)
                            When I am at SERVER-002 and I ping SERVER-001.domain.local (FQDN), again it replies (IP Address 192.168.1.2)

                            (Just done some more digging, it seems that the 192.168.1.153 address ends up being transfered to 192.168.1.2 (Server-001) - If SERVER-002 uses 192.168.1.150, the VPN static IP Address to "see" SERVER-001, what IP address does SERVER-001 need to "see" SERVER-002??)

                            The other thing - All changes I make on SERVER-001 (Add new user, rename users etc) replicate fine to SERVER-002, yet if I change or add user information on SERVER-002 it DOES NOT replicate any changes back to SERVER-001.

                            When I go ADSS and try replicating, it returns the "NAMING CONTEXT IS IN THE PROCESS OF BEING REMOVED OR IS NOT REPLICATED FROM THE SPECIFIED SERVER".

                            Please help, I am pulling my hair out

                            Daimian
                            Last edited by Daymo2010; 5th November 2010, 06:01.

                            Comment


                            • #15
                              Re: Adding a Second Server

                              Hey People,

                              I have got two Linksys VPN Routers on their way...

                              Does the VPN work from router to router or is it from the Server 2008 to Router?

                              THanks,

                              Daimian

                              Comment

                              Working...
                              X