stamandster

Forum Replies Created

Viewing 21 posts - 151 through 171 (of 171 total)
  • Author
    Posts
  • Avatar
    stamandster
    Member
    in reply to: CN=Infrastructure #280224

    Re: CN=Infrastructure

    It’s similar to my having a OU called BEServer with a type of serviceConnectionPoint.

    It’s harmless.

    Avatar
    stamandster
    Member
    in reply to: DNS Issues with Child Domain DC #280223

    Re: DNS Issues with Child Domain DC

    The the PDC emulator happen to restart itself during the time you were gone?
    I’m guessing you restarted the child DC?

    Avatar
    stamandster
    Member
    in reply to: Point an FQDN to public ip Address #280222

    Re: Point an FQDN to public ip Address

    He doesn’t have to make his internal FQDN the same as his external one. It seems that he simply wants his public IP to be able to connect to internal services.

    But, port forwarding could be the option to use. Make sure you only allow the ports you actually need open to only the IP addresses you are going to use these services on. The smaller the allowed hole the better off you will be.

    You could also setup your server in a DMZ zone. But then that get’s into more complication.

    However, if you’re going to do anything like RDP, etc. I would suggest using a VPN connection instead of something just wide open.

    Avatar
    stamandster
    Member
    in reply to: Point an FQDN to public ip Address #280221

    Re: Point an FQDN to public ip Address

    lol… Only for a certain server I would imagine. Like HTTP/HTTPS/FTP right?

    Avatar
    stamandster
    Member
    in reply to: Newbie – AD – Setting up a new DC ? #280220

    Re: Newbie – AD – Setting up a new DC ?

    Agreed. You could also host your Terminal Server Licensing one though.

    Also, http://computer.ebooktops.com/step-by-step-guide-for-configuring-network-load-balancing-with-terminal-services-in-windows-server-2008/

    Avatar
    stamandster
    Member
    in reply to: Samba printer on MAC cannot print to Windows printer #280219

    Re: Samba printer on MAC cannot print to Windows printer

    How many Mac’s? Could you just do IP printing?? Are these Mac’s connected to the AD domain?

    It seems as though they aren’t authenticating properly in order to be able to see the SMB shares.

    Look into here to see if you can find any info on it that will point to your issues.

    http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx

    Avatar
    stamandster
    Member
    in reply to: Point an FQDN to public ip Address #280218

    Re: Point an FQDN to public ip Address

    You want your WAN IP to route to a certain LAN IP on your network and to be accessible from the outside world?

    Avatar
    stamandster
    Member
    in reply to: Newbie – AD – Setting up a new DC ? #280217

    Re: Newbie – AD – Setting up a new DC ?

    I would imagine that the server doesn’t have to be a domain controller. Just capable of providing Terminal Services.

    How do users “dial” into the remote desktop? Through VPN, RAS or Network? Because that would change things slightly.

    What I can tell you is that you should probably load up a server with W2k3 of your choice (I think standard should be fine, however you may need to use Enterprise) and get that ready with all required updates. And then install Terminal Services. You will most likely have to upgrade to more licensing. You’ll also want to check on what will be needed more of, licensing for specific computers or for specific users.

    The issue is that you won’t necessarily be able to load balance on the fly with this setup. It’ll have a different IP address and server name. Microsoft doesn’t exactly make it easy.

    However, there are some options —
    http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part1.html
    http://www.msterminalservices.org/articles/Load-Balancing-Terminal-Services-Part2.html

    http://technet.microsoft.com/en-us/library/cc779736.aspx
    http://technet.microsoft.com/en-us/library/cc757253.aspx

    And third party tools like this
    http://www.2x.com/loadbalancer/

    Here’s some other info for Windows 2000
    http://www.netadmintools.com/art247.html
    http://www.netadmintools.com/art248.html

    This should get you on the road to where you are looking to go. But, please test, test, and test this in a test environment. That way you don’t hose your production systems. The thing that you’re company needs to realize is that this isn’t something that will be done within a quick time frame and could possibly cost many thousands of dollars. Is it really a necessity?

    Avatar
    stamandster
    Member

    Re: Deleted Active Directory integrated DNS comes back after restart

    I believe that you can tell it that only DNS will be authoritative.

    Something along these lines

    http://blogs.technet.com/networking/archive/2007/05/10/oops-our-ad-integrated-dns-zone-s-are-missing-in-windows-2003.aspx

    http://technet.microsoft.com/en-us/library/cc737588.aspx

    Avatar
    stamandster
    Member

    Re: Deleted Active Directory integrated DNS comes back after restart

    This is a design of AD when it comes to the _Msdcs zones, is that what you are talking about?

    What you could to do is make one server authoritative and then it will replicate out from that authoritative DC to the rest of the DC’s. I would do it with the one that holds the FSMO roles.

    Do a MS TechNet search on making a DC authoritative.

    Avatar
    stamandster
    Member
    in reply to: Printer Share Disapears #280214

    Re: Printer Share Disapears

    Aha! So I was right, well, so far.

    Let us know what happens.

    Avatar
    stamandster
    Member
    in reply to: RSM script sometimes not setting a variable #280213

    Re: RSM script sometimes not setting a variable

    What about letting it wait until it get’s a variable and then continue?

    Avatar
    stamandster
    Member
    in reply to: Folder Security #280212

    Re: Folder Security

    I also recommend robocopy. Using the /mir will get the permissions.

    Avatar
    stamandster
    Member
    in reply to: Installing in SQL in 2003 STD with DC #280211

    Re: Installing in SQL in 2003 STD with DC

    From what I remember Microsoft does not recommend installing SQL server on any domain controller. Well that and having DHCP on the same box (well, when it’s setup a certain way). But people will do what they want.

    Avatar
    stamandster
    Member
    in reply to: Best practices for restarting a Domain Controller #280210

    Re: Best practices for restarting a Domain Controller

    I’m sorry if I was rash in my conclusions. It’s true I was only getting your insight. I do appreciate it.

    However, I wasn’t going to explain our whole IT infrastructure in one post. We have procedures in place in the event of any server (or other hardware) failure. I didn’t explain that because it’s just known in the world of business IT.

    We use WSUS to tell us what updates are available to our servers only. We have a patch management vendor who patches all our workstations. We take their lead since they are the experts in the area. We patch each of our server manually but we can’t reboot them during the day for obvious reasons. So we go through a list of which will reboot the next day and such is that. But I wasn’t going to go into that procedure either. We also feel that having WSUS rebooting the production server (via policy or registry) is completely irrational.

    And yes I’ve had old DC’s go down after reboots. Like an old NT4 (behemoth dual 900mhz Pentiums with 1gb of ram, oooh) box that just had a disk bite the big one. But it was initially rebooted because of actual errors, not just maintenance.

    I understand that on some boards that with some people post count can be a sign of actual understanding of an area of expertise. Then there’s the opposing side where there are some who post non-sense just to get a high post count. But neither are an indication of actual knowledge and wisdom in any area.

    And, just because one company does something differently doesn’t neccessarily mean that the other companies who don’t are wrong. It’s just that they’ve researched and found something that ultimately works for them just fine for them.

    I suppose I should have brought this subject after before my “trolling” post count was greater in number.

    Avatar
    stamandster
    Member
    in reply to: Best practices for restarting a Domain Controller #280209

    Re: Best practices for restarting a Domain Controller

    Oh, well, we have backups in place. I don’t see why the PDC emulator will be going down from a routine reboot, but I suppose it could happen. Besides I can also just seize roles if it really comes down to it.

    I feel like I’m getting the third degree newbie admin replies. Believe me I’m not I’ve been doing this for years. I just wanted to get others viewpoints.

    And the reasons for the reboots are basically for updates. Not really any other reason.

    Avatar
    stamandster
    Member
    in reply to: GPO Permissions Needed #280208

    Re: GPO Permissions Needed

    Microsoft also only recommends using robocopy to stabilize a NTFRS issue with the Sysvol share.

    So in essence disabling NTFRS on all DC’s and then using robocopy to copy a good copy to the sysvol.

    Also you have to make sure that you gpt.ini version is the same as what’s your AD backend through adsiedit. Either one or the other, doesn’t really matter, just make sure they’re the same.

    Avatar
    stamandster
    Member
    in reply to: Best practices for restarting a Domain Controller #280207

    Re: Best practices for restarting a Domain Controller

    They all have enough time to reboot without glitching the network. And the only real error is one for someone trying to login without it being up.

    I just was not sure if there was something else that I might be missing or if anyone had more experience in that. We’ve always just restarted without incidence.

    A weekly schedule has seemed to help the health of the server. We also do a weekly defrag and chkdsk.

    Avatar
    stamandster
    Member
    in reply to: AD 2003 login issue #280206

    Re: AD 2003 login issue

    It does sound like a DNS issue. Almost as if the workstations can’t see the second domain controller to be able to log into it.

    I would make sure that your DNS servers have each other in the Name Servers tab in the configuration properties of the Zone (both forward and reverse). Check to make sure there are no DNS errors.

    On both run to check for issues.

    Code:
    dcdiag /v /fix > C:dcdiag.log
    netdiag /v /fix > C:netdiag.log

    After you do this run in cmd just for good measure on both DC’s (not at the same time mind you)

    ipconfig -flushdns && ipconfig -registerdns && net stop dns && net start dns && net stop netlogon && net start netlogon
    [/CODE]

    Flush and Register DNS or restart the workstations. Then take down the FSMO masterR :)

    Check this out for some good info
    [url]http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbl_fsm_cfyf.mspx?mfr=true[/url][CODE]
    ipconfig -flushdns && ipconfig -registerdns && net stop dns && net start dns && net stop netlogon && net start netlogon
    [/CODE]

    Flush and Register DNS or restart the workstations. Then take down the FSMO masterR :)

    Check this out for some good info
    http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbl_fsm_cfyf.mspx?mfr=true

    Avatar
    stamandster
    Member
    in reply to: Printer Share Disapears #280205

    Re: Printer Share Disapears

    First off assign it an IP address (obviously unused; the proper subnet, gateway and dns addresses, if you need to add the printers supplied name manually to DNS, make sure there isn’t an IP address in there for something else) and make sure that it’s in a reserved section of your IP range or create a reservation for just that IP.

    I would attach the printer to a couple workstations as an IP printer to see if it dies after a day or two. If it doesn’t then it’s possible the print server has an issue.

    I’ve seen issues where a printer is given an assigned IP address that conflicts with some switch or other printer on the network and create this issue. The printer prints but then eventually times out. When it goes to sleep you can’t get to it anymore because the other IP had taken precedence.

    Avatar
    stamandster
    Member
    in reply to: Question about "my" logon script. #280204

    Re: Question about "my" logon script.

    I too have the option to use GPO to set drives. However, GPO is flakey at times and it doesn’t do what it should do. So I use login scripts as well. However I use AutoIT.

    All it is is management overhead. Do you want to have to manage many multiple scripts or have them wait a second longer to process a select/case statement?

Viewing 21 posts - 151 through 171 (of 171 total)