Guest Janetdeb Posted January 1, 2008 Posted January 1, 2008 I have an existing windows 2003 standard server running as a workgroup, however users are having issues with the Remote access via VPN. I thought that if i promoted the server to a DC it might help?. Would there be any issues with doing this. The server currently runs an ACT database and basic file and printer sharing functions. What problems with i come up against if i run the DCpromo? with any of the existing software? thanks
Guest Ace Fekay [MVP] Posted January 2, 2008 Posted January 2, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? In news:CA914AC5-1D83-4CA1-B658-022E5210C2E3@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > I have an existing windows 2003 standard server running as a > workgroup, however users are having issues with the Remote access via > VPN. I thought that if i promoted the server to a DC it might help?. > Would there be any issues with doing this. The server currently runs > an ACT database and basic file and printer sharing functions. > > What problems with i come up against if i run the DCpromo? with any > of the existing software? > thanks I don't think promoting a machine to a replica (additional) DC will solve a VPN problem. Elaborate on your VPN issues and let's get that resolved. As for DCs, how many do you have? It's recommended to have at least two for fault tolerance and backup in case the one goes down. There are no real issues with promoting. An understanding of DNS configuration, AD replication scopes, etc, would be helpful. If you only have one DC, then maybe promoting this to a DC will be better off anyway, but not to solve a VPN problem. Let's tackle the VPN issue first. -- Regards, Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Infinite Diversities in Infinite Combinations
Guest Janetdeb Posted January 2, 2008 Posted January 2, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? "Ace Fekay [MVP]" wrote: > In news:CA914AC5-1D83-4CA1-B658-022E5210C2E3@microsoft.com, > Janetdeb <Janetdeb@discussions.microsoft.com> typed: > > I have an existing windows 2003 standard server running as a > > workgroup, however users are having issues with the Remote access via > > VPN. I thought that if i promoted the server to a DC it might help?. > > Would there be any issues with doing this. The server currently runs > > an ACT database and basic file and printer sharing functions. > > > > What problems with i come up against if i run the DCpromo? with any > > of the existing software? > > thanks > > I don't think promoting a machine to a replica (additional) DC will solve a > VPN problem. > > Elaborate on your VPN issues and let's get that resolved. > > As for DCs, how many do you have? It's recommended to have at least two for > fault tolerance and backup in case the one goes down. There are no real > issues with promoting. An understanding of DNS configuration, AD replication > scopes, etc, would be helpful. If you only have one DC, then maybe promoting > this to a DC will be better off anyway, but not to solve a VPN problem. > > Let's tackle the VPN issue first. > > -- > Regards, > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, > MVP Microsoft MVP - Directory Services > Microsoft Certified Trainer > > Infinite Diversities in Infinite Combinations > > This would be the only DC on the netwiork if i were to promote. The situation at the moment is i have 2 satelite offices connecting via the 'rras' setup for VPN to access files and an act database. Even though you can have over 100 connections it seems to either lock the user out or sometimes just deny access via the vpn? At any 1 time there would only be a maximum of 5 users trying to remote... but normally it would only be 1 or 2. this is why i was looking at changing from a workgroup to a dc. thanks janet >
Guest Ace Fekay [MVP] Posted January 3, 2008 Posted January 3, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? In news:2DFC52F0-7498-4904-BD10-540A8CDC8F75@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > At any 1 time there would only be a maximum of 5 users trying to > remote... but normally it would only be 1 or 2. > > this is why i was looking at changing from a workgroup to a dc. > thanks > janet That is a limit based on the number of ports allowed when RRAS was configured on the machine. You can go into RRAS, drill down until you see the ports allowed, rt-click properties, increase to whatever you want. The access limit for workstation operating systems, such as Vista, XP, Windows 2000, etc, is 10. The access limits for server is unlimited (actually 4.3 billion) but you want to honor the Microsoft operating system license agreement. Ace
Guest Janetdeb Posted January 6, 2008 Posted January 6, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? "Ace Fekay [MVP]" wrote: > In news:2DFC52F0-7498-4904-BD10-540A8CDC8F75@microsoft.com, > Janetdeb <Janetdeb@discussions.microsoft.com> typed: > > > At any 1 time there would only be a maximum of 5 users trying to > > remote... but normally it would only be 1 or 2. > > > > this is why i was looking at changing from a workgroup to a dc. > > thanks > > janet > > That is a limit based on the number of ports allowed when RRAS was > configured on the machine. You can go into RRAS, drill down until you see > the ports allowed, rt-click properties, increase to whatever you want. > > The access limit for workstation operating systems, such as Vista, XP, > Windows 2000, etc, is 10. The access limits for server is unlimited > (actually 4.3 billion) but you want to honor the Microsoft operating system > license agreement. > > Ace > > I am still getting the same problem. 1 vista laptop connects fine to the VPN and the other Xp workstation in the same office bombs out while trying to connect. any ideas as getting a little frustrated now. thanks >
Guest Ace Fekay [MVP] Posted January 6, 2008 Posted January 6, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? In news:269BC947-E376-4118-8BCA-89010E6F69ED@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > I am still getting the same problem. 1 vista laptop connects fine to > the VPN and the other Xp workstation in the same office bombs out > while trying to connect. any ideas as getting a little frustrated > now. > thanks Without error messages, steps you did on the XP to create the VPN connection, etc, will wind up in the guesswork category. This won't help you or I. Provide any error messages on the client side and on the server (Event logs), and exactly what steps you took to configure the VPN. Also you said they are in the same office. Does that mean the XP workstation is connected to the network on the same subnet as the Vista workstation, or is it on a different subnet? Is there a third party firewall or any other third party software on the XP workstation (McAfee firewall or McAfee Security center, Symantec, Zone Alarm, etc etc)? How did you configure the VPn settings in RRAS? Did you specify any conditions that may be blocking the one and not the other? What type of conditions, policies, etc, are in the RRAS server settings? And like I mentioned, turning this machine into a DC is not the answer and will complicate matters especially if RRAS is on a DC. Ace
Guest Janetdeb Posted January 7, 2008 Posted January 7, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? "Ace Fekay [MVP]" wrote: > In news:269BC947-E376-4118-8BCA-89010E6F69ED@microsoft.com, > Janetdeb <Janetdeb@discussions.microsoft.com> typed: > > > I am still getting the same problem. 1 vista laptop connects fine to > > the VPN and the other Xp workstation in the same office bombs out > > while trying to connect. any ideas as getting a little frustrated > > now. > > thanks > > Without error messages, steps you did on the XP to create the VPN > connection, etc, will wind up in the guesswork category. This won't help you > or I. Provide any error messages on the client side and on the server (Event > logs), and exactly what steps you took to configure the VPN. Also you said > they are in the same office. Does that mean the XP workstation is connected > to the network on the same subnet as the Vista workstation, or is it on a > different subnet? Is there a third party firewall or any other third party > software on the XP workstation (McAfee firewall or McAfee Security center, > Symantec, Zone Alarm, etc etc)? > > How did you configure the VPn settings in RRAS? Did you specify any > conditions that may be blocking the one and not the other? What type of > conditions, policies, etc, are in the RRAS server settings? > > And like I mentioned, turning this machine into a DC is not the answer and > will complicate matters especially if RRAS is on a DC. > > Ace > > Hiya the setup is as follows: We have created the VPN from the workstation by adding a network place / VPN option and entering the public IP. We then map a drive to an area on the server for access to the files / folders The xp machine is on the same subnet as the vista machine, they are both DHCP from the router (no server here). we have opened the relevant ports on the router for the vpn. (netgear dg834 with firewall) only other software is windows firewall and AVG. no specific settings on the rras other than the static ip address range of 10 for the clients. we customised the rras wizard as we only currenlty have 1 nic card in the server thanks ever so for your help >
Guest Ace Fekay [MVP] Posted January 8, 2008 Posted January 8, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? Hi, Janetdeb, please read inline below... In news:D0BFF117-1205-47FF-A0D1-B25BE1934669@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > the setup is as follows: We have created the VPN from the > workstation by adding a network place / VPN option and entering the > public IP. Just so I got this right, I'm assuming you're saying the workstation is sitting on a private subnet, matter of fact the same subnet the RRAS server is sitting on, and you created a VPN on the Vista workstation using the public IP. Correct? > > We then map a drive to an area on the server for access to the files > / folders I assume after you connected to the VPN? > > The xp machine is on the same subnet as the vista machine, they are > both > DHCP from the router (no server here). we have opened the relevant > ports on the router for the vpn. (netgear dg834 with firewall) Where is the server? I'm a little confused. > > only other software is windows firewall and AVG. Does AVG have any settings that block network traffic? I thought it did. Maybe I'm wrong. > > no specific settings on the rras other than the static ip address > range of 10 for the clients. we customised the rras wizard as we only > currenlty have 1 nic card in the server After you successfully connect to the VPN on the Vista workstation and it's connected, run an ipconfig /all. I am curious of what addresses show up. Please post that info. > > thanks ever so for your help I'm trying... :-) Ace
Guest Janetdeb Posted January 13, 2008 Posted January 13, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? Hiya Just to clarify, i have a server in 1 office with windows 2003 with rras setup. i then have a workstation and a vista laptop in a separate office up the road wanting to use the VPN to gain access to their files. it seems that they both cant access the VPN at the same time or something.. we have managed to work out why the win xp workstation wasn't working.. a slight setup issue with the vpn settings however we are still unable to get both connections on at the same time... the server office and the other office are using different private IP ranges, however i will get access to the ipconfig /all as requested and let you have it when i can. thanks
Guest Janetdeb Posted January 13, 2008 Posted January 13, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? Hiya Just to clarify things, we have 1 windows 2003 server in 1 office and then a win xp workstation and a vista laptop in another office up the road, who need the vpn access to their files on the main server. the win xp workstation and the laptop are using a different private IP address range to the main server. we have discovered an error in the setup of the vpn on the workstation which is why this wasn't connecting however we are still unable to connect both at the same time. i will check the ipconfig /all as requested and see what this says with regards to the avg this is running on both machines trying to connect to the vpn so can't see this being an issue.. thanks
Guest Ace Fekay [MVP] Posted January 14, 2008 Posted January 14, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? In news:C1A08CC1-C34E-4DE4-B3CA-5A9357CD695C@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > Hiya > > Just to clarify things, we have 1 windows 2003 server in 1 office and > then a win xp workstation and a vista laptop in another office up the > road, who need the vpn access to their files on the main server. Thank you. That cleared up alot. > > the win xp workstation and the laptop are using a different private IP > address range to the main server. > > we have discovered an error in the setup of the vpn on the > workstation which is why this wasn't connecting however we are still > unable to connect both at the same time. So this is able to connect now, good. Good to hear this part was resolved. > > i will check the ipconfig /all as requested and see what this says > > with regards to the avg this is running on both machines trying to > connect to the vpn so can't see this being an issue.. As long as the settings are the same. Many antivirus and security products are secured out of the box and sometimes they need to be configured to allow traffic or actions. Also, I asked ealier to elaborate on the VPN settings on the RRAS server. Drill down in the console and find VPN ports. How many are there? Also, in the RRAS server properties, any stipulations in regards to multiple users connecting? In RRAS properties, how are IP addresses for clients set? Is it set to DHCP or is there a manual range set? In RRAS policies, are there any conditions set to control connections? I there is an edge firewall or a firewall installed on the srever, is there any stipulation about multiple connections? > > thanks You are welcome. We'll get through this. Ace
Guest Ace Fekay [MVP] Posted January 14, 2008 Posted January 14, 2008 Re: Any issues with promoting a standalone 2003 server to a DC? In news:C1A08CC1-C34E-4DE4-B3CA-5A9357CD695C@microsoft.com, Janetdeb <Janetdeb@discussions.microsoft.com> typed: > Hiya > > Just to clarify things, we have 1 windows 2003 server in 1 office and > then a win xp workstation and a vista laptop in another office up the > road, who need the vpn access to their files on the main server. > > the win xp workstation and the laptop are using a different private IP > address range to the main server. > > we have discovered an error in the setup of the vpn on the > workstation which is why this wasn't connecting however we are still > unable to connect both at the same time. > > i will check the ipconfig /all as requested and see what this says > > with regards to the avg this is running on both machines trying to > connect to the vpn so can't see this being an issue.. > > thanks Also, enable RRAS logging to get some more insight on what the server is doing and why. Troubleshooting and logging RAS Connections http://www.windowsitpro.com/Article/ArticleID/7958/7958.html Also, plese read this on how to setup a Windows 2003 VPN server. Microsoft MVP - How to setup microsoft vpn: http://www.ms-mvps.com/articles/mssetupvpn.htm More specifically, make sure you are allowing simultaneous connections. Also make sure more than one IP is being provided in RRAS properties (as I mentioned before). This info is also in the following Microsoft article. How to install and configure a Virtual Private Network server in Windows Server 2003: http://support.microsoft.com/default.aspx?scid=kb;en-us;323441#4242 Ace
Recommended Posts