Server 2008R2 Server Core expert required

ally_uk · January 2013

Ok have decided to take it back to basics.

So I have server core setup with the following details, running in Virtual box with a bridged network connection.

WORKGROUP: WORKGROUP
HOSTNAME: CLOUD
192.168.1.5
255.255.255.0
192.168.1.1 ( DF G/W + DNS)

On the Server core side I have used sconfig and have enabled remote access and mmc management also have installed DNS via

start /w ocsetup DNS-Server-Core-Role

Now on my windows 7 host whenever I try and launch the DNS MMC RSAT, I am getting access denied? I have disabled the firewall, enabled mmc through the firewall but am reaching the stage where I am stumped and am about to give up. The details of the Windows 7 host are below.

WORKGROUP: WORKGROUP
HOSTNAME: CLOUD
192.168.1.6
255.255.255.0
192.168.1.1 ( DF G/W + DNS)

I really need to be able to remote administrate into the Server Core but am stumped any suggestions? or has anyone faced a similar problem.

RobertKaucher · January 2013

Can you go into more details? It is not clear to me if you are even able to open the DNS snapin or if the issue is in connecting the DNS snapin to the server. If the issue is in connecting to the server then the problem is that your systems are in a workgroup configuration. Your local account on the Windows 7 system is not authorized to access resources on the server - thus access denied.

ally_uk · January 2013

DNS snap in loads but when I try and connect remotely to the server it is not letting me on. It says access denied when I connect. So if host has to be joined to domain. Then how the hell do you go about this? On the server core you run the dcpromo unattend to create the DC but how do you physically create the computers in Active directory? Since you can't remote in and do it via snap ins. If host is on a WORKGROUP. This is the confusing part for me or am I being a complete idiot here lol

undomiel · January 2013

You can bring up another server/workstation for doing the remote management of the server. No need to prestage the machine accounts to get a system joined to the domain.

That said, you can always use the ds* (dsadd, dsget, dsmod, etc) commands to work with AD from the command line. And if you get PowerShell installed on the system you can use the AD module for management as well. I'm pretty sure those commands work on a core system though I haven't tested them myself.

RobertKaucher · January 2013

ally_uk wrote: »

DNS snap in loads but when I try and connect remotely to the server it is not letting me on. It says access denied when I connect.

Again, the issue is the server does not recognize the account on the Windows 7 PC.

ally_uk wrote: »

So if host has to be joined to domain. Then how the hell do you go about this? On the server core you run the dcpromo unattend to create the DC but how do you physically create the computers in Active directory? Since you can't remote in and do it via snap ins. If host is on a WORKGROUP. This is the confusing part for me or am I being a complete idiot here lol

Run DC promo via unattend on the Server. Make sure it is using itself as the DNS server. Usually I put the loopback address as the primary DNS.

MAKE SURE DNS is working by changing the DNS server on your client PC to the IP of your server.
Then ping the domain from your Windows 7 PC: ping whateverdomain.local If that works you can then join the Win7 client to the domain.

Then on the the Windows 7 system, Start Orb => right click on 'Computer' select properties then click 'Advanced system settings.' On the Computer name tab click the change button in the area where it talks about changing the computers domain. In the bottom of the window that then opens select domain and add whateverdomain.local

ally_uk · January 2013

That still isn't making much sense. The server is running virtually as a DC. and the host I want to access it is running locally as part of a workgroup. All I have done so far is created the DC haven't touched AD or prestaged any machines. When I try and run any mmcs to remote administrate the server I get access is denied. I can't pull up another workstation I don't have one, So in order to use RSAT I would have to create a new domain controller ( new server 2k8 box full GUI) set that up as a DC then get server core to join it as a member then join the windows 7 box to the DC Jesus this is headache inducing surely there has to be a easy way. Why can't you just install the service you want and remote in.

ally_uk · January 2013

Robert for some reason your second response wasn't showing up.

I think you have hit the nail on the head regarding DNS, The win 7 clients DNS is set to my router. And the DC obviously has it's own DNS.

I got frustrated with server core earlier and created a normal setup just a basic DC running DNS, tried to join domain it failed. Changed the win 7 box DNS from my router setting to the server and it authenticated.

So back to the Server Core issue I think you are onto something and I now feel like a complete douche. I have completely over complicated matters.

Do I need to prestage the client in Active Directory? Or can I just add it straight to the Domain after I have Created the DC via use of dcpromo unattend.

Sorry if I'm not making much sense I've been fighting with this for hours lol

RobertKaucher · January 2013

As undomiel mentioned, there is no need at all to prestage the client in AD. Just add it to the domain via the method I mentioned in my second post.

The only real problem I see here is that you are setting yourself up for a chicken in the egg situation if you are joining the laptop ON WHICH THE VIRTUAL DC IS RUNNING to the domain as the client. When you reboot, the DC cannot be contacted for log-in information... So you cannot log in using domain credentials and you would forever have to use run as. Not 100% certain that scenario would work.

I suggest a second VM running Win7 server 2008 or whatever as the client, again as undomial had mentioned. That would counter act the above issue.

Server 2008R2 Server Core expert required

Comments