Any issues with promoting a standalone 2003 server to a DC?

[Guest Janetdeb]

I have an existing windows 2003 standard server running as a workgroup,

however users are having issues with the Remote access via VPN. I thought

that if i promoted the server to a DC it might help?. Would there be any

issues with doing this. The server currently runs an ACT database and basic

file and printer sharing functions.

 

What problems with i come up against if i run the DCpromo? with any of the

existing software?

thanks

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

In news:CA914AC5-1D83-4CA1-B658-022E5210C2E3@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> I have an existing windows 2003 standard server running as a

> workgroup, however users are having issues with the Remote access via

> VPN. I thought that if i promoted the server to a DC it might help?.

> Would there be any issues with doing this. The server currently runs

> an ACT database and basic file and printer sharing functions.

>

> What problems with i come up against if i run the DCpromo? with any

> of the existing software?

> thanks

 

I don't think promoting a machine to a replica (additional) DC will solve a

VPN problem.

 

Elaborate on your VPN issues and let's get that resolved.

 

As for DCs, how many do you have? It's recommended to have at least two for

fault tolerance and backup in case the one goes down. There are no real

issues with promoting. An understanding of DNS configuration, AD replication

scopes, etc, would be helpful. If you only have one DC, then maybe promoting

this to a DC will be better off anyway, but not to solve a VPN problem.

 

Let's tackle the VPN issue first.

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

Infinite Diversities in Infinite Combinations

[Guest Janetdeb]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

 

 

"Ace Fekay [MVP]" wrote:

> In news:CA914AC5-1D83-4CA1-B658-022E5210C2E3@microsoft.com,

> Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> > I have an existing windows 2003 standard server running as a

> > workgroup, however users are having issues with the Remote access via

> > VPN. I thought that if i promoted the server to a DC it might help?.

> > Would there be any issues with doing this. The server currently runs

> > an ACT database and basic file and printer sharing functions.

> >

> > What problems with i come up against if i run the DCpromo? with any

> > of the existing software?

> > thanks

>

> I don't think promoting a machine to a replica (additional) DC will solve a

> VPN problem.

>

> Elaborate on your VPN issues and let's get that resolved.

>

> As for DCs, how many do you have? It's recommended to have at least two for

> fault tolerance and backup in case the one goes down. There are no real

> issues with promoting. An understanding of DNS configuration, AD replication

> scopes, etc, would be helpful. If you only have one DC, then maybe promoting

> this to a DC will be better off anyway, but not to solve a VPN problem.

>

> Let's tackle the VPN issue first.

>

> --

> Regards,

> Ace

>

> This posting is provided "AS-IS" with no warranties or guarantees and

> confers no rights.

>

> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

> MVP Microsoft MVP - Directory Services

> Microsoft Certified Trainer

>

> Infinite Diversities in Infinite Combinations

>

> This would be the only DC on the netwiork if i were to promote. The situation at the moment is i have 2 satelite offices connecting via the 'rras' setup for VPN to access files and an act database. Even though you can have over 100 connections it seems to either lock the user out or sometimes just deny access via the vpn?

 

At any 1 time there would only be a maximum of 5 users trying to remote...

but normally it would only be 1 or 2.

 

this is why i was looking at changing from a workgroup to a dc.

thanks

janet

>

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

In news:2DFC52F0-7498-4904-BD10-540A8CDC8F75@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> At any 1 time there would only be a maximum of 5 users trying to

> remote... but normally it would only be 1 or 2.

>

> this is why i was looking at changing from a workgroup to a dc.

> thanks

> janet

 

That is a limit based on the number of ports allowed when RRAS was

configured on the machine. You can go into RRAS, drill down until you see

the ports allowed, rt-click properties, increase to whatever you want.

 

The access limit for workstation operating systems, such as Vista, XP,

Windows 2000, etc, is 10. The access limits for server is unlimited

(actually 4.3 billion) but you want to honor the Microsoft operating system

license agreement.

 

Ace

[Guest Janetdeb]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

 

 

"Ace Fekay [MVP]" wrote:

> In news:2DFC52F0-7498-4904-BD10-540A8CDC8F75@microsoft.com,

> Janetdeb <Janetdeb@discussions.microsoft.com> typed:

>

> > At any 1 time there would only be a maximum of 5 users trying to

> > remote... but normally it would only be 1 or 2.

> >

> > this is why i was looking at changing from a workgroup to a dc.

> > thanks

> > janet

>

> That is a limit based on the number of ports allowed when RRAS was

> configured on the machine. You can go into RRAS, drill down until you see

> the ports allowed, rt-click properties, increase to whatever you want.

>

> The access limit for workstation operating systems, such as Vista, XP,

> Windows 2000, etc, is 10. The access limits for server is unlimited

> (actually 4.3 billion) but you want to honor the Microsoft operating system

> license agreement.

>

> Ace

>

>

I am still getting the same problem. 1 vista laptop connects fine to the

VPN and the other Xp workstation in the same office bombs out while trying to

connect. any ideas as getting a little frustrated now.

thanks

>

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

In news:269BC947-E376-4118-8BCA-89010E6F69ED@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> I am still getting the same problem. 1 vista laptop connects fine to

> the VPN and the other Xp workstation in the same office bombs out

> while trying to connect. any ideas as getting a little frustrated

> now.

> thanks

 

Without error messages, steps you did on the XP to create the VPN

connection, etc, will wind up in the guesswork category. This won't help you

or I. Provide any error messages on the client side and on the server (Event

logs), and exactly what steps you took to configure the VPN. Also you said

they are in the same office. Does that mean the XP workstation is connected

to the network on the same subnet as the Vista workstation, or is it on a

different subnet? Is there a third party firewall or any other third party

software on the XP workstation (McAfee firewall or McAfee Security center,

Symantec, Zone Alarm, etc etc)?

 

How did you configure the VPn settings in RRAS? Did you specify any

conditions that may be blocking the one and not the other? What type of

conditions, policies, etc, are in the RRAS server settings?

 

And like I mentioned, turning this machine into a DC is not the answer and

will complicate matters especially if RRAS is on a DC.

 

Ace

[Guest Janetdeb]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

 

 

"Ace Fekay [MVP]" wrote:

> In news:269BC947-E376-4118-8BCA-89010E6F69ED@microsoft.com,

> Janetdeb <Janetdeb@discussions.microsoft.com> typed:

>

> > I am still getting the same problem. 1 vista laptop connects fine to

> > the VPN and the other Xp workstation in the same office bombs out

> > while trying to connect. any ideas as getting a little frustrated

> > now.

> > thanks

>

> Without error messages, steps you did on the XP to create the VPN

> connection, etc, will wind up in the guesswork category. This won't help you

> or I. Provide any error messages on the client side and on the server (Event

> logs), and exactly what steps you took to configure the VPN. Also you said

> they are in the same office. Does that mean the XP workstation is connected

> to the network on the same subnet as the Vista workstation, or is it on a

> different subnet? Is there a third party firewall or any other third party

> software on the XP workstation (McAfee firewall or McAfee Security center,

> Symantec, Zone Alarm, etc etc)?

>

> How did you configure the VPn settings in RRAS? Did you specify any

> conditions that may be blocking the one and not the other? What type of

> conditions, policies, etc, are in the RRAS server settings?

>

> And like I mentioned, turning this machine into a DC is not the answer and

> will complicate matters especially if RRAS is on a DC.

>

> Ace

>

> Hiya

the setup is as follows: We have created the VPN from the workstation by

adding a network place / VPN option and entering the public IP.

 

We then map a drive to an area on the server for access to the files / folders

 

The xp machine is on the same subnet as the vista machine, they are both

DHCP from the router (no server here). we have opened the relevant ports on

the router for the vpn. (netgear dg834 with firewall)

 

only other software is windows firewall and AVG.

 

no specific settings on the rras other than the static ip address range of

10 for the clients. we customised the rras wizard as we only currenlty have 1

nic card in the server

 

thanks ever so for your help

>

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

Hi, Janetdeb, please read inline below...

 

In news:D0BFF117-1205-47FF-A0D1-B25BE1934669@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> the setup is as follows: We have created the VPN from the

> workstation by adding a network place / VPN option and entering the

> public IP.

 

Just so I got this right, I'm assuming you're saying the workstation is

sitting on a private subnet, matter of fact the same subnet the RRAS server

is sitting on, and you created a VPN on the Vista workstation using the

public IP. Correct?

>

> We then map a drive to an area on the server for access to the files

> / folders

 

I assume after you connected to the VPN?

>

> The xp machine is on the same subnet as the vista machine, they are

> both

> DHCP from the router (no server here). we have opened the relevant

> ports on the router for the vpn. (netgear dg834 with firewall)

 

Where is the server? I'm a little confused.

>

> only other software is windows firewall and AVG.

 

Does AVG have any settings that block network traffic? I thought it did.

Maybe I'm wrong.

>

> no specific settings on the rras other than the static ip address

> range of 10 for the clients. we customised the rras wizard as we only

> currenlty have 1 nic card in the server

 

After you successfully connect to the VPN on the Vista workstation and it's

connected, run an ipconfig /all. I am curious of what addresses show up.

Please post that info.

 

>

> thanks ever so for your help

 

I'm trying... :-)

 

Ace

[Guest Janetdeb]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

 

Hiya

Just to clarify, i have a server in 1 office with windows 2003 with rras

setup.

 

i then have a workstation and a vista laptop in a separate office up the

road wanting to use the VPN to gain access to their files. it seems that

they both cant access the VPN at the same time or something..

 

we have managed to work out why the win xp workstation wasn't working.. a

slight setup issue with the vpn settings however we are still unable to get

both connections on at the same time...

 

the server office and the other office are using different private IP

ranges, however i will get access to the ipconfig /all as requested and let

you have it when i can.

 

thanks

[Guest Janetdeb]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

 

Hiya

 

Just to clarify things, we have 1 windows 2003 server in 1 office and then a

win xp workstation and a vista laptop in another office up the road, who need

the vpn access to their files on the main server.

 

the win xp workstation and the laptop are using a different private IP

address range to the main server.

 

we have discovered an error in the setup of the vpn on the workstation which

is why this wasn't connecting however we are still unable to connect both at

the same time.

 

i will check the ipconfig /all as requested and see what this says

 

with regards to the avg this is running on both machines trying to connect

to the vpn so can't see this being an issue..

 

thanks

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

In news:C1A08CC1-C34E-4DE4-B3CA-5A9357CD695C@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> Hiya

>

> Just to clarify things, we have 1 windows 2003 server in 1 office and

> then a win xp workstation and a vista laptop in another office up the

> road, who need the vpn access to their files on the main server.

 

Thank you. That cleared up alot.

>

> the win xp workstation and the laptop are using a different private IP

> address range to the main server.

>

> we have discovered an error in the setup of the vpn on the

> workstation which is why this wasn't connecting however we are still

> unable to connect both at the same time.

 

So this is able to connect now, good. Good to hear this part was resolved.

>

> i will check the ipconfig /all as requested and see what this says

>

> with regards to the avg this is running on both machines trying to

> connect to the vpn so can't see this being an issue..

 

As long as the settings are the same. Many antivirus and security products

are secured out of the box and sometimes they need to be configured to allow

traffic or actions.

 

 

Also, I asked ealier to elaborate on the VPN settings on the RRAS server.

Drill down in the console and find VPN ports. How many are there? Also, in

the RRAS server properties, any stipulations in regards to multiple users

connecting?

 

In RRAS properties, how are IP addresses for clients set? Is it set to DHCP

or is there a manual range set?

 

In RRAS policies, are there any conditions set to control connections?

 

I there is an edge firewall or a firewall installed on the srever, is there

any stipulation about multiple connections?

>

> thanks

 

You are welcome. We'll get through this.

 

Ace

[Guest Ace Fekay [MVP]]

Re: Any issues with promoting a standalone 2003 server to a DC?

 

In news:C1A08CC1-C34E-4DE4-B3CA-5A9357CD695C@microsoft.com,

Janetdeb <Janetdeb@discussions.microsoft.com> typed:

> Hiya

>

> Just to clarify things, we have 1 windows 2003 server in 1 office and

> then a win xp workstation and a vista laptop in another office up the

> road, who need the vpn access to their files on the main server.

>

> the win xp workstation and the laptop are using a different private IP

> address range to the main server.

>

> we have discovered an error in the setup of the vpn on the

> workstation which is why this wasn't connecting however we are still

> unable to connect both at the same time.

>

> i will check the ipconfig /all as requested and see what this says

>

> with regards to the avg this is running on both machines trying to

> connect to the vpn so can't see this being an issue..

>

> thanks

 

Also, enable RRAS logging to get some more insight on what the server is

doing and why.

 

Troubleshooting and logging RAS Connections

http://www.windowsitpro.com/Article/ArticleID/7958/7958.html

 

Also, plese read this on how to setup a Windows 2003 VPN server.

 

Microsoft MVP - How to setup microsoft vpn:

http://www.ms-mvps.com/articles/mssetupvpn.htm

 

 

More specifically, make sure you are allowing simultaneous connections.

Also make sure more than one IP is being provided in RRAS properties (as I

mentioned before). This info is also in the following Microsoft article.

 

How to install and configure a Virtual Private Network server in Windows

Server 2003:

http://support.microsoft.com/default.aspx?scid=kb;en-us;323441#4242

 

Ace