DNS and NetBIOS names not resolving over a PPTP VPN using RRAS

Phillip Windell · 28-05-2008

"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:uAcMA3OwIHA.3484@TK2MSFTNGP06.phx.gbl...
> They all have a low foot print. Running DHCP, DNS, and WINS on the DC is
> a very common practice. Do not use RRAS on the DC box. It does hurt if
> RRAS is installed,..just don't use it for anything,...that is back to the
> multihoming issue again.

I meant to say "...it does *not* hurt..."

But you may want it to not be installed so you avoid the temptation to do
something with it.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Nonapeptide@gmail.com · 29-05-2008

>> That is going to be your biggest hinderance to anything you want to do.
Domain Controllers are "free" as long as you have the machine and OS
to do
it. <<

Yeah. I figured as much. The place that I'm doing some work for is
rather small (8 employees) and on a very limited budget. They've been
convinced of the need for Active Directory and are going to budget for
it next year. I'd like to nab a new server with Server 2008 and
starting a domain with it (the granular password policies have won me
over =) ), but until then my plan was to hobble by on a workgroup. I
didn't like the idea of starting a domain now and then grafting in
Server 08 later. Maybe my wories are unfounded.

>> RRAS boxes, almost by definition, are multi-homed. DCs should never be
multhomed (except SBS scenarios). <<

Strangely, this RRAS box isn't multi-homed. Well, technically it is.
There's an onboard NIC and a PCI NIC, but the onboard NIC doesn't have
the drivers installed and for the life of me I can't track down the
model and make of either the MoBo or the onboard NIC. Argh.

And yes, I am intrigued by SBS 2008 and may get that for this place
next year.

>> If you have a less-than optimal infrastructure and have "issues",...then the
issues may not be worth fighting with until you correct to a better
infrastructure (like getting rid of a workgroup in favor of a AD
Domain).
Often when the infrastructure is improved the "issues" just simply
"go
away". That is why many of my posts almost seem to ignore the
original
question and go straight for what I consider to be the more important
"flaw",...and if the flaw is corrected, sometimes the orginal
question
become irrelevant. <<

>_<

Maybe I should consider promoting the lone Server 03 box to a DC now
and get it over with. I know this isn't quite the newsgroup to get
into this discussion, but it may be fruitful to ask what I'm about to
ask... (It isn't against the rules to hijack your own thread, is it?
=) )

What do you (and anyone else of course) think about setting up a
domain on a solitary 2003 DC for a while before adding a 2008 DC? I
had only hoped to start a new domain / forest / the-whole-9-yards at
2008 forest functional level and not worry about preparing a schema,
demoting one server, raising the funcional level and all that. Also,
I'm not too sure about the reliability of having just one DC. Hmmm...

> Sounds relatively simple. As long as no-one objects to piling DHCP,
> DNS, WINS, and RRAS on the same box I say it's a go.

If I can't promote the server to a DC easily (there's other issues at
play, including insufficient disk space, wonky partition sizes, and
the like) I'll put DNS, WINS, and DHCP on the workgroup server and see
what happens.

Thanks for the insight, Philip (and everyone else)! Keep the thoughts
comin' =)

Phillip Windell · 29-05-2008

<Nonapeptide@gmail.com> wrote in message
news:1872ac2c-6e22-4253-aca1-88f67ce99fca@w1g2000prd.googlegroups.com...
> Strangely, this RRAS box isn't multi-homed. Well, technically it is.
> There's an onboard NIC and a PCI NIC, but the onboard NIC doesn't have
> the drivers installed and for the life of me I can't track down the
> model and make of either the MoBo or the onboard NIC. Argh.

As long as you are only using one nic,..that is all that matters.

> Maybe I should consider promoting the lone Server 03 box to a DC now
> and get it over with. I know this isn't quite the newsgroup to get
> into this discussion, but it may be fruitful to ask what I'm about to
> ask... (It isn't against the rules to hijack your own thread, is it?
> What do you (and anyone else of course) think about setting up a
> domain on a solitary 2003 DC for a while before adding a 2008 DC? I
> had only hoped to start a new domain / forest / the-whole-9-yards at
> 2008 forest functional level and not worry about preparing a schema,
> demoting one server, raising the funcional level and all that.

You could do it. It's up to you (or them?).

> Also, I'm not too sure about the reliability of having just one DC.
> Hmmm...

Well there are only 8 users. It isn't that big a deal to start over from
scratch. Besides, that's why on the 8th day God invented NTBackup with
System State. No tape drive?,...use a USB external HD and do a Backup to
File. (*.bkf) Store the USB-HD off site so it isn't lost if the building
burns down. If you really feel bold, keep two USB-HD and alternate between
them (just like keeping two tapes)

I setup a Doctor's office with only one DC. Their business critical
database is backed up off site over the Internet by an organization that
specializes in doing just that for medical facilities. There is also a
weekly copy of the database backed to file (*.bkf) up to a different
partition on the server locally. There is really nothing else to save on the
server worth worring about other than a few user accounts that can't just
"start over" if required. So, a few inconvieniences there if the server was
lost,..but in the end they would survive. The Server is single-homed, DNS,
WINS, DHCP. The Firewall is a "mid-level" Watchgaurd box that is capable of
acting as a VPN Server if they want to do that (instead of using RRAS).

> If I can't promote the server to a DC easily (there's other issues at
> play, including insufficient disk space, wonky partition sizes, and
> the like) I'll put DNS, WINS, and DHCP on the workgroup server and see
> what happens.

Needs to be a Domain Member for DNS and DHCP to not get messy,..WINS doesn't
matter so much. All three of those can be a hassle to "move" afterwards.
Wait and let them be "born" where they are going to "live". They hardly use
any disk space worth mentioning anyway.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

Nonapeptide@gmail.com · 29-05-2008

>> You could do it. It's up to you (or them?). <<

Me. Definitely me. I hope this doesn't sound arrogant, but I don't
tell my mechanic how to install a cam shaft and neither should non-IT
people dictate too closely how I implement the technology that makes
the business work. Its in my best interst to make them successful,
after all. =)

>> Well there are only 8 users. It isn't that big a deal to start over from
scratch. Besides, that's why on the 8th day God invented NTBackup
with
System State. No tape drive?,...use a USB external HD and do a Backup
to
File. (*.bkf) Store the USB-HD off site so it isn't lost if the
building
burns down. If you really feel bold, keep two USB-HD and alternate
between
them (just like keeping two tapes) <<

Actually, my concerns were more about the inner workings of Active
Directory. I have heard on occasion that there are some perils
associated with only having one DC since DCs by nature want to
replicate with a partner. Oh, and we already have two 500GB external
USB HDs that we rotate offsite weekly. Woot!

Although, I've heard that system state backup doesn't always restore
perfectly. Or it will restore, but strange and mysterious things will
crop up that are usually attributed to the SysState restore. Oh well.

>> Needs to be a Domain Member for DNS and DHCP to not get messy,..WINS doesn't
matter so much. All three of those can be a hassle to "move"
afterwards.
Wait and let them be "born" where they are going to "live". They
hardly use
any disk space worth mentioning anyway. <<

My concerns over disk space revolve around AD related stuff like
SYSVOL. The System partition was set up a bit too small and I don't
think AD can fit on it. Yes, HDs are cheap, but I'd have to
repartition it (no software too do that) or buy a pair of HDs and
transfer an image over (again, no software). Oh, did I mention that I
live 1,000 miles away from this place? =) Hooray for VPNs and RDP. I
still need to get them to buy a single unit KVM over IP switch... but
I digress.

Thanks for the insight, Phillip.

Phillip Windell · 29-05-2008

<Nonapeptide@gmail.com> wrote in message
news:194ed5e4-b945-4232-9ce9-99157b15f560@x1g2000prh.googlegroups.com...
>>> You could do it. It's up to you (or them?). <<
>
> Me. Definitely me. I hope this doesn't sound arrogant, but I don't
> tell my mechanic how to install a cam shaft and neither should non-IT
> people dictate too closely how I implement the technology that makes
> the business work. Its in my best interst to make them successful,
> after all. =)

That is absolutely true in philosophy, but I only wish it was true in real
life. In my years at it the decisions usually come from the Executive
areas who don't know technology but do know "marketing",...so decisions are
based on marketing hype and misunderstandings. But then you get blamed if
it doesn't live up the the "hype"

> Thanks for the insight, Phillip.

No problem, good luck with it all!

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------