best order?

Hi guys,

Thanks for providing this great platform of knowledge.
I'm sorry if this is not the appropriate forum for this post.
Just joined a company on contract for their server management and cabling.

They have one server ,already installed Windows 2003 standard as server and got installed and partially configured network rules and firewall policy rules for internet access in ISA 2006 for the staff.(net is on) have two NIC one is connected for external and the other one
connected internal.

till yet I have not installed AD, DHCP and DNS on my 2003 server and there is no other server providing these services. (all the clients have static IP addresses)
For mail server they have running mdaemon and its working.

question 1:
I can ping from the server to all my XP clients but cannot ping TO my server from any client machine.So I can't access any share that is on the server from any client machine.

question 2:
I want to install AD, DHCP and DNS (WINS too) on this server. as I planned that I need to goto every client and configure

1 - Auto DHCP
2 - Configure all the Outlook again (as I want to change the internal IP as well)

I want to know the best order to install these services (AD, DHCP and DNS) as I can not mess with their network aroung for long.

TIA
Cheers

Find more posts tagged with

Comments

dynamik

For question 1, I would assume ISA is configured to block that traffic.

For your second one, you're going to put all of that on that single server? You probably don't want to make your firewall a DC.

The order doesn't really matter. You'll need DNS for AD, but you can choose to have dcpromo install and configure that when you promote the machine to a DC. It's not going to matter if you install WINS or DNS before or after that.

kahn

dynamik wrote: »

For question 1, I would assume ISA is configured to block that traffic.

For your second one, you're going to put all of that on that single server? You probably don't want to make your firewall a DC.

Thanks dynamik;
If ISA is blocking that traffic then how can I configure ISA to unblock that traffic so I can be able to access shares from any other client's machine on network.

Yes, I give up on that machine. I don't have any other SERVER so I'm forced to use this one as a DC and a firewall.

Cheers

kahn

UPDATE:

Ok I make a firewall rule that allow PING protocol from internal network to host machine and now I can ping from internal network machine's to ISA host.

but one thing still missing that I can not access shares on my 2003 server that is also ISA server??

Any help!!
TIA

rwwest7

Ports used for file and print sharing:
TCP 139
TCP 445
UPD 137
UDP 138

Just allow these the same way you did ping and you should be all set.

dales

Dont forget you can also connect and set dhcp remotely by using the netsh command. so might be a good idea to configure a batch file that runs overnight to do that thinking something along the lines of:

netsh -r Comp1 -u Comp1\user -p Password1 interface reset

netsh -r Comp2 -u Comp2\user -p Password1 interface reset

Dont know if you can do a similar remote magicy thingy with adding computers to a domain and I suppose after that then you can roll out outlook settings by gpo or logon script!

With a bit more digging you can use netdom to join computers to a domain remotely.

I suppose I would install/configure the dhcp service first (as by the sound of it none of your system estate uses it, then AD and let it configure dns for you just for ease as it sounds like a fairly small network.

then maybe script the above 2 commands in a batch file to run overnight on the server maybe just to one or two computers to start with to make sure it all runs swimmingly.

kahn

rwwest7 wrote: »

Ports used for file and print sharing:
TCP 139
TCP 445
UPD 137
UDP 138

Just allow these the same way you did ping and you should be all set.

Thank you mate,
set rules for these ports and network shares of this server goes live.

Thanks once again.

cheers

kahn

dales wrote: »

Dont forget you can also connect and set dhcp remotely by using the netsh command. so might be a good idea to configure a batch file that runs overnight to do that thinking something along the lines of:

netsh -r Comp1 -u Comp1\user -p Password1 interface reset

netsh -r Comp2 -u Comp2\user -p Password1 interface reset

thanks Dales,
I'll definitely give it a try just to make myself ready for some large network

Thanks and tc