Windows 2000 Server Testing

[Darksamie]

I have a problem.....I have just setup a windows 2000 server at home which I am going to put on the net once I get the domain registered etc etc....

What I want to do in the meantime is test it by logging in with my laptop. However, after setting up active directory, I find that I can't get the laptop to log in and while I can ping to the static ip I gave it (192.168.0.21), I cannot trace to the address of the server eg. win2k.server.com.au

I am thinking that this is the reason why I cant add the laptop (running win2k pro) to the domain.

Is there any way I can test this without adding DNS servers in there because I don't have the domain and I don't want it connected to the net at the moment either.

 

[Nothinman]

Why in the hell would you put an AD DC on the Internet? Anyway, AD will not function without 100% working DNS, they're very tightly tied together.

 

[Darksamie]

I am going to run exchange server on it for email.

 

[Nothinman]

Another reason not to put it on the Internet, I would never expose an Exchange box to the Internet.

And I would think you would be able to relay mail without a full AD.

 

[Darksamie]

That doesn't exactly help me with my predicament. This is how the server is going to be set up.

Anyone know how this can be done?

 

[Darksamie]

Once it is set up properly, it will be behind a router and firewall. However, it will also be running IIS for external access to Outlook.

 

[Darksamie]

BUMP!

 

[MulLa]

You simply MUST have a functioning DNS server in order to setup AD.

The reason why your laptop can't log into your server is probably because you don't have a DNS server running so it can't resolve the name to an IP address.

If you do have a functioning DNS server try manually adding the DNS server address to the TCP/IP properties of your laptop and you should be able to join the domain.

 

[Darksamie]

There is never an easy way to do these kind of things is there?

 

[marat]

<< I have a problem.....I have just setup a windows 2000 server at home which I am going to put on the net once I get the domain registered etc etc....

What I want to do in the meantime is test it by logging in with my laptop. However, after setting up active directory, I find that I can't get the laptop to log in and while I can ping to the static ip I gave it (192.168.0.21), I cannot trace to the address of the server eg. win2k.server.com.au

I am thinking that this is the reason why I cant add the laptop (running win2k pro) to the domain.

Is there any way I can test this without adding DNS servers in there because I don't have the domain and I don't want it connected to the net at the moment either. >>



1. I wouldn't recommend you to make win2k/exchange accessble from the Internet. Better make it accessible from LAN only and put a Linux box as a gateway. (that's how I have it set up btw). You can easily read emails from internet with PHP/webmail program and IMAP or transfer packet for certain ports only - let users access POP only.

2. You have to have DNS working properly. Check events viewer to determine the problem. in TCP/IP setting on your laptop, set DNS server IP to IP of win2k server. Make laptop join the domain. If you get here you are on the right way.

3. Connect win2k to net. Set Forwarding unknown DNS requests on w2k server to ip address of your router/gateway.

There are a lot of other small things though...

edit: typo

 

[Darksamie]

I am working on securing the win2k server for when I connect it to the net. We have had the previous win2k server connected to the net running eudora worldmail server and each independant security audit has come up with no breaches in security.

Surely if it is locked down properly, the server will deter most hackers from venturing into the system. It is not like I have masses of secrets and classified documents on my system. From what I have seen, the majority of hack attempts and intrusions don't do a hell of a lot (to a fairly well protected server).

But anyway, I have already bought exchange server and it would be a bit of a waste if I didn't use it. Sometimes you have to go with what you need versus what would make a better system.

 

[Nothinman]

I am working on securing the win2k server for when I connect it to the net. We have had the previous win2k server connected to the net running eudora worldmail server and each independant security audit has come up with no breaches in security.

I would still use a seperate box running a small, relay-only smtpd for forwarding emails without allowing direct access to the windows box, but if you're the one maintaining it not me...

Surely if it is locked down properly, the server will deter most hackers from venturing into the system

Until the next patch from MS takes 2 months of regression testing...

It is not like I have masses of secrets and classified documents on my system. From what I have seen, the majority of hack attempts and intrusions don't do a hell of a lot (to a fairly well protected server).

Like you have to have secret documents for nimda to try to attack you, sure you're protected from nimda but what about the next big IIS security hole?

But anyway, I have already bought exchange server and it would be a bit of a waste if I didn't use it

We're not saying don't use it, we're saying don't connect it to the web. Two very different things. Of course I think Exchange is overkill for anything less than a medium-sized corporation.

Sometimes you have to go with what you need versus what would make a better system.

What could you possibly need from Exchange that you couldn't get from a smaller, open, more secure alternative?

But like I and the other poster already said, you need 100% working DNS for AD to work properly, but you really shouldn't need AD to get Exchange working.

 

[marat]

<< I am working on securing the win2k server for when I connect it to the net. We have had the previous win2k server connected to the net running eudora worldmail server and each independant security audit has come up with no breaches in security.

I would still use a seperate box running a small, relay-only smtpd for forwarding emails without allowing direct access to the windows box, but if you're the one maintaining it not me...

Surely if it is locked down properly, the server will deter most hackers from venturing into the system

Until the next patch from MS takes 2 months of regression testing...

It is not like I have masses of secrets and classified documents on my system. From what I have seen, the majority of hack attempts and intrusions don't do a hell of a lot (to a fairly well protected server).

Like you have to have secret documents for nimda to try to attack you, sure you're protected from nimda but what about the next big IIS security hole?

But anyway, I have already bought exchange server and it would be a bit of a waste if I didn't use it

We're not saying don't use it, we're saying don't connect it to the web. Two very different things. Of course I think Exchange is overkill for anything less than a medium-sized corporation.

Sometimes you have to go with what you need versus what would make a better system.

What could you possibly need from Exchange that you couldn't get from a smaller, open, more secure alternative?

But like I and the other poster already said, you need 100% working DNS for AD to work properly, but you really shouldn't need AD to get Exchange working. >>



You're the man! 100% agree.

 

[Darksamie]

Generally I have found with Microsoft Products that a server is only as good as the administrator the is running it. In this case, I have a pretty good track record as we have never been infected by any of the worms/viruses out there because I am very strict on incoming mail and have educated everyone who uses the mail server on what and what not to open.

Whenever there has been a patch or service pack for windows to fix up any security breach, it goes on the server the same day as it comes out.

It is understandable that IIS can cause a fair number of problems with security. But these things can be locked down and patched so that security breaches just don't happen. Maintaining virus monitoring that is updated every day is also a great help in defeating any virus/trojan/worm related problems.

 

[Nothinman]

I know it's possible, but I don't have faith in MS to release patches very quickly and I feel the work needed to keep everything secure and up to date is much more than I would want to invest. My Linux boxes have been basically untouched since I set them up. But if that's how you like to spend your time, more power to you.

 

[marat]

<< Generally I have found with Microsoft Products that a server is only as good as the administrator the is running it. In this case, I have a pretty good track record as we have never been infected by any of the worms/viruses out there because I am very strict on incoming mail and have educated everyone who uses the mail server on what and what not to open.

Whenever there has been a patch or service pack for windows to fix up any security breach, it goes on the server the same day as it comes out.

It is understandable that IIS can cause a fair number of problems with security. But these things can be locked down and patched so that security breaches just don't happen. Maintaining virus monitoring that is updated every day is also a great help in defeating any virus/trojan/worm related problems. >>



Why do you choose more expensive, harder to configure, slower solution from Microsoft if there is Linux, that doesn't require hassles of installing security updates the day they are out?

 

[Darksamie]

The above comments may have some small hint of truth to them, and in an ideal world of every piece of software being free along with hardware as well, it would be possible.

Welcome reality, where software costs a lot of money and you do the best with what you have.

The above comments help me out very little. Telling me I should run linux/open source programs etc is of no help whatsoever. If a person buys a program, they buy it in its entirety because the feature set is what the job demands. If you don't know how to do this, then please refrain from posting comments that are no help whatsoever.

Sorry for the flame, but replying to messages that don't help is a waste of my time and yours.

 

[n0cmonkey]

<< The above comments may have some small hint of truth to them, and in an ideal world of every piece of software being free along with hardware as well, it would be possible.Welcome reality, where software costs a lot of money and you do the best with what you have.The above comments help me out very little. Telling me I should run linux/open source programs etc is of no help whatsoever. If a person buys a program, they buy it in its entirety because the feature set is what the job demands. If you don't know how to do this, then please refrain from posting comments that are no help whatsoever.Sorry for the flame, but replying to messages that don't help is a waste of my time and yours. >>



Exchange is fine for an internal mail server. Setting up a free alternative, like sendmail, postfix, or qmail for a border mail forwarding system is a GOOD alternative to putting exchange on the net. It is more secure, and probably better for administration. Everyone gets their silly groupware stuff, the exchange server (which tends to fairly fragile from what Ive seen) doesnt have to deal with virus scanning (the border server will), and you dont have to deal with MS on the outside (for mail).

Oh, and without pirating anything, Ive spent maybe *$500* on software in the past 2 years. That includes 2 copies of Mac OS X (X and X.1 because Im impatient), 1 video game that didnt get used, and quicktime. And Ill be spending whatever it costs to get rid of the banner in opera5 for linux (which I dont run on linux ).

BTW, how is the DNS going?

 

[Nothinman]

The above comments help me out very little

Not really, everyone agrees you need 100% working DNS for AD to work properly and since you don't have that yet you can't do much. But I also don't think you should need AD to get Exchange working properly, since I havn't used it myself I can't be sure and you havn't said whether or not you tried it without AD.

Welcome reality, where software costs a lot of money and you do the best with what you have

Where I come from nearly all of my software cost no money, and like I said it's a lot lower maintenance than the high cost software you're speaking about. I think you're the one with the distorted look on reality.

If a person buys a program, they buy it in its entirety because the feature set is what the job demands. If you don't know how to do this, then please refrain from posting comments that are no help whatsoever.

I've used Exchange, I don't think there's any one person (or small household for that matter) that needs it's feature set. It's groupeware for god's sake, not just an email server. Everyone here seems to feel you're going about this the wrong way, of course this is our opinion and you're free to attack your problem however you see fit. But us sharing our opinions with you, and offering alternative solutions (along with answers to some of your questions, which we did) is far from pointless.

And I really don't know anyone who does run Exchange that lets their mail server touch the Internet, there's always a border MTA running either on a stripped down Windows box or more common a unix box running sendmail and there's a reason for that. Us just telling you to drop a windows box on the Internet running Exchange and IIS would be irresponsible of us and we'd more than likely just be contributing to the nimda population.

 

[Woodie]

DNS. No DNS, no AD. No dynamic DNS, no domain/unstable domain.

One server should mean NO AD.

No Exchange directly visible from Internet. See: Exchange discussion. Skill/speed on admin is not the only determinate of system security (unfortunately). Speed of vendor response, and quality of said response are critical factors as well.

Almost got missed in all of this: No AD server visible from Internet. That would mean that your real Admin account can be probed from the Internet...a bad thing.

Don't run Exchange on a Domain Controller. Do run DCs as dedicated servers. Do run Exchange on member servers.

I don't think Exchange or AD is the way for you to go. These products are geared for the medium-sized or larger enterprises, which have the volume requirements and the resources (technical and economic) to implement and operate these products.

--Woodie

 

[marat]

<< The above comments may have some small hint of truth to them, and in an ideal world of every piece of software being free along with hardware as well, it would be possible.

Welcome reality, where software costs a lot of money and you do the best with what you have.

The above comments help me out very little. Telling me I should run linux/open source programs etc is of no help whatsoever. If a person buys a program, they buy it in its entirety because the feature set is what the job demands. If you don't know how to do this, then please refrain from posting comments that are no help whatsoever.

Sorry for the flame, but replying to messages that don't help is a waste of my time and yours. >>



If you actually read the posts that Nothinman and me posted you will notice, that we told you want direction to go. We don't want flame war. But from my personal experience (I beleive Nothinman will agree), it is muuuuch easier to set up mail server on linux (install it, set hostname, TCP/IP settings, check privileges and you are ready) then messing with AD/exchage. But again - your choice. Let's stop talking about this.

So, how's your server installation? Where did you stop? Did you make AD working?

 

[MulLa]

I might be wong but I do believe that you need AD to install Exchange 2000. Exchange 2000 keeps all user information in AD therefore it's intergrated with w2k and you can't intall it on any other OS than w2k, well maybe also on the future .net server.