Hello everyone. This is going to be a long explanation as I am completely new to MS Windows SBS 2003. There might be issues here that I'm trying to accomplish that I may not be able to due to my lack of knowledge. I am doing the best I can to learn which is why I am here asking.

Recently my boss decided he wanted to setup a server in our office with the ability to have remote access to his office pc. We have a server with Windows Small Business Server 2003 with only ONE network adapter. Currently out network is setup up with a normal linsys router connected to a cable modem.

Time Warner just switched over everything to static, we were given the DNS numbers, gateway, usable, and subnet to use which was all entered into the router.

Right now, all computers are connected to the internet through the router and a switch we have. There are THREE computers in the office (out of 7) that have programs and client information that is shared and worked on. We want all of that setup on the SERVER. We do NOT want to have one system with some data, another with more, etc. We just want the server to have ALL the information and set it up that we log onto the server, access the files, and work on them from the server.

My boss also wants to setup MS Exchange so we could all use Outlook to setup appointments for him and email eachother. The most important part is for the receptionist to setup and appointment through outlook and for the rest of us to be able to see the appointment on each of our computers.

I tried setting up exchange. My boss pays a company to maintain/host a site for him (www.prmcmortgage.com) His email is "hisname@prmcmortgage.com"

I also tried configuring the internet (Network Connections) through Configure Email and Internet Wizard. I entered all the DNS numbers given.

I say tried, because I keep getting an error saying that the wizard was unable to complete "a component" of the wizard. I am also NOT able to connect any computer to the network using http://servername/connectcomputer as I keep getting "Page unavailable"

It would be nice if it were possible to make users and have everyone log in with passwords. Being that the server only has ONE network adapter and I'm totally new to this, I'm not sure it's possible.

If there is anyone with any guidance on this it would be great. Some more important info would be : Two of the computers that have important files on them are only running XP HOME. I understand that XP HOME does NOT support DNS from what the Time Warner Tech told me. Does this mean they will not be able to work on the server? I know I have asked a few questions on this in the past, but unfortunately it looks like I may be in over my head.

Hi, seems like you are certainly taking a pretty big bite out of that for someone without much experience!

First off, doing remote access without two NICS in the server is impossible. Second off I don't really like it is it leaves your one and only server directly connected to the internet. Yes it is supposedly secured and all, but it is breach of most best practices. What you really should do is setup a fireall with VPN capabilities. I am partial to Cisco myself, especially for business networks. Even the most basic model supports both remote access (say from your laptop on the road) and site to site (say a remote office) VPN connections. That is a whole different story than SBS though. If you are at all interested in this contact me via PM with more details and I can use some of my contacts to get you a pretty good deal on the hardware and help you configure it.

First step would be to setup a shared folder on the server. You will possibly even want multiple shares to enforce security practices. This allows you to give full access to all users for some stuff, and limit access to other things. Really depends on how you want to run things and what the needs are. Once you have all of the shares setup you can go ahead and transfer files into them. Do some planning here and try to put all of the bits from around the compnay into the one server so it makes some sense. I would then remove all files from the local computers and just map the folders on the server. Depending on what exactly you are talking about it can kind of get tricky.

Do you want to keep all of the users personal data on the server, say My Documents? Do you just want company data that needs to be shared by everyone? Or both? Is the data coming from some application you use? Is it just files that get saved by your users? When you say that some of the computers have programs that are used, what are these? Are they applications that support being run from a server? Are they licensed in such a way that you could just allow all users to access them? Could you install a copy on each computer in the office? As you see it gets complicated quickly designing an office network that works well, is legally done, and meets your needs while providing security.

Exchange should be easy enough. Is it already installed on the server, basically have you run through the post install procedures for SBS? If so then all of your users should have mailboxes already. You just need to connect them to the server in Outlook. This is done either when you start Outlook for the first time, or through the Mail option from within the User Accounts menu of the control panel. From there you can setup shared calenders and folders as needed. The best way to handle incoming mail would be with the POP3 Connector feature of SBS. You can set it to connect to the external mail server every 15 minutes to download mail from all of the mailboxes you use. It will then deliver it to your internal Exchange mailboxes, so to all internal users it appears as if you are using a full featured Exchange.

Easiest way to join a PC to a domin is to right click on My Computer and click on Properties. Then the Computer Name Tab, and the Change button. From there you will see options for joining a domain or workgroup, choose the domain radio button and fill in your domain name. Clicking Apply will cause it to look for the server and attempt to join the domain. You will be prompted for an administrator passowrd. You will get a welcome to domain popup message and be prompted to reboot.

If a domain is setup properly having everyone login with a unique user account and password isn't an option. Once the computer is a domain member it boots to the Ctrl+Alt+Del screen before a login prompt. Then the login prompt will ask to type in a user name and password, and have a drop down box for domain selection. Of course all users will need to be created on the server before anyone can login.

XP Home supports DNS, whoever told you it doesn't has no clue what they are talking about. Without DNS they would not be able to go on the internet and get to PC Guide by typing www.pcguide.com in a web browser. XP Home doesn't support AD, in other words joining a domain. Having XP Home PCs in the office will be big problem for you to accomplish your goals. You should still be able to map a drive to the servermanually, but the best bet is to upgrade them to Pro.

Looks like you have been handed one heck of a mess. No budget for outside IT help in at least setting this up properly? Once everything is setup you should more or less be able to run with minimal extra support. On top of that if it is done correctly and you setup VPN access most support can be done remotely. I am actually working on one of my accounts remotely right now, and was also over the wekend. I just connect and can basically do all maintainence and updating remotely. It is usually a bit cheaper too.

Yeah... looks as though I was also given a ton of misinformation as well. I was told I could do exactly what I needed to do with all I have here in the office. BUT when things weren't going as planned is when I decided to come to this site for advice.

Actually the server itself is on the network but not connected directly to the modem. Instead we have a router with all the static info and then the router goes to my bosses system and a couple of others. One cable in the router was brought into the center of the office where we then attached a switch. The switch then connects to the server and the rest of your systems.

The programs I'm talking about are Quickbooks Pro Edition, ProSeries (Tax Program) and Practice Manager (Software that is similar to outlook without email capabilities). Currently the receptionist has all of our monthly clients on HER system where as we have another employee who has all of the COMPANY Financial Info and Accounting on HER system. This setup never made any sense to me but the IT guy my boss hired (who charges $100 an hour mind you) never set things up properly here at all. In fact he's the one who explained to me that using XP Home on our network would be fine....among many other things that I'm finding NOT to be true as well.... <SIGH>

As far as connecting remotely... Now I'm confused here UNLESS I just didn't explain it correctly. The only system we want to be able to have remote access on is my boss' workstation in his office. Originally I tested this by having a friend of mine who was in New Jersey at the time connect to my boss system. It worked fine and he was able to get on, open up whatever, type in my chat box heh heh and all was good. This was BEFORE we were given the static info to enter into the router though. NOW I can't even access the router by entering the new info in the address bar and connecting to my boss' system with the static number isn't working either.

With Exchange, I followed the instructions and did all I was asked to do by SBS. There just must be something I'm missing in my lack of experience here. My boss pays a company to maintain and host a site (www.prmcmortgage.com) Through them he has an email account which is pop3 supported.

About joining the domain using "My Computer" well again, ever since the static info was put into the router, it's telling me the domain can't be contacted. I know the spelling is correct blah blah but it's just not going through. This is on an XP Pro system I'm talking about.

I tried getting back into the Router to take a look at VPN setup but I can't even access the router with the new info that was given. Resetting the router is the only thing I can think of that would allow me to get back in but then I'm guessing that would screw up our internet connection for the time being... or am I wrong? heh I don't even know.... =(

Well thanks anyways Erik. Tell me... what were you doing when you read my post? Nodding your head? Or did you just slap your forehead and bring your hand down? lol

Well the domain issue seems easy enough to me. Where did you enter the DNS information? What are you using for DHCP? I would bet that you entered all of the DNS info that the ISP gave you into the router and the router is doing your DHCP. You need to point to your server for DNS, not the ISP provided servers. That is why you can't find your internal resources, the ISP doesn't know they exist.

I can't say that I am real familiar with those applications. Most likely though they will all just need to be installed on each PC where the user needs to use them, and pointed to a shared location on the server to save stuff too. If they are already running on a standalone PC for all purposes then it just means they are probably not capable of running from a server, but I am not sure.

Basically if you are failing to connect through Exchange and the POP3 connector you need to look in event logs for why. Might be as simple as a wrong password, incorrect port, etc. Could also be that you need to tell Exchange to use a different domain for email thean internally. Many people setup internal servers to be like mycompany.local and then have the public version be mycompany.com. Not a big deal, but unless you configure the different space in Exchange it doesn't know to look there. Also you need to manually add in POP acccounts for it to download messages from.

For remote access you are basically talking about using port forwarding on the router to allow RDP? Do you actually have to enter some authentication prior to logging into the PC? This isn't really the most secure method, even if it is only one user and one computer now I think setting up proper VPN is a better idea.

With the DNS issue... Yes you are correct. The tech from Time Warner told me I need to put all the DNS information into the Router and NOT the SERVER. He stressed me to the max about making sure I did NOT put the DNS info into the server. Of course I can't say I'd understand why. Now, I can't even access the router using the Gateway or "Usable" address that was given to me. I can only access the modem to view information. I have not yet tried ressetting the router as I'm not sure if that would totally screw things up.

With the programs I mentioned, getting them to work on the network is not a problem for me at all. I set it up in the begining and I'm sure I can do it again. I already transfered all the client data to the server. Now it's just an issue of our clients being able to communicate with the server.

With Exchange... well I'm guessing I need to enter the DNS information in the appropriate are before anyone can even communicate with the server period heh heh.

I just followed what the Time Warner tech told me and felt it was simple enough. Oh well ha ha.

First off, doing remote access without two NICS in the server is impossible

This is not true. The problem is what option you pick on the RRAS set up wizard.

With most ISP routers you can have multiple public facing IP's nat'ed to internal IP's. You could map one public IP bound to the WAN side of the router and forward the port for RDP or VPN (or whatever) to the internal LAN side of the server. When setting up a RRAS connection on a windows machine using the Wizard it will do NAT on the LAN side IP. This will cause all internal traffic to stop.To stop this behaviour use the Custom Configuration menu option in the wizard.

Remember, multiple public facing IP's can be used for port mappings to internal side IP's. You can even do it with one public facing IP, the only issue is whatever port you use and map to a single internal machine, takes up that port for everyone. For instance, if you wanted to set up FTP access to Server A and you only have one public facing IP, you will map the FTP ports to Server A's internal IP on your router. If you set up Server B for FTP access, you will never be able to connect to it - as all FTP traffic will be forwarded to Server A. You would need another public facing IP.

It is always a good security practice to have a second NIC for RRAS. If you do this you can follow the easy set up wizard to walk you through it. If you cannot add another NIC (for whatever reason) you can still have a VPN. You can also add rules to the VPN connection that help secure connections.

He stressed me to the max about making sure I did NOT put the DNS info into the server. Of course I can't say I'd understand why

SBS requires a Domain to be set up. All internal client must use the the IP address of the SBS server for resolving DNS. The problem you are having is the ISP router is doing DHCP and it is giving the client machines the DNS addresses added to the router. Two simple fixes for this. Manually add the SBS server LAN side IP address to each machines DNS settings under the TCP/Ip properties of the LAN conenction of each pc OR reconfigure the Routers DHCP and add the servers internal IP as the first in the list or the ONLY one in the list. DNS addresses are not needed on the router at all. You add the DNS addresses to the Forwarders list under the DNS snap in.

Next open the DNS snap in from Start, Programs, administrative tools, DNS. right click your domain, click properties and click forwarders, add the ISP DNS servers to this list. If you do not see administrative tools, right click next to Start, click Properties, click Start Menu tab you can either use standard or classic either way click the customize and look for Adminsitrative tools. Check the box and click OK.

This is your problem. Your PC's need to ask your server for all DNS resolves. The server will forward all internet related requests to the router and out to the web. You simply have DNS, and DHCP set up wrong.

With Exchange, I followed the instructions and did all I was asked to do by SBS. There just must be something I'm missing in my lack of experience here. My boss pays a company to maintain and host a site (www.prmcmortgage.com) Through them he has an email account which is pop3 supported

Exchange 2003 requires several applications to be isntalled to function. NNTP, SMTP, IIS, Web services and ASP.net

Open the Control Panel, click add remove programs, click add remove windows components. Click asp.net, double click IIS, click NNTP, SMTP click OK. Insert your windows SBS cd and install the new applications.

After this, verify the services are running from the Services snap in off of Adminsitrative tools.

If the server has more than 1GB of RAM you should add the /3gb and USERVA=3030 switch to the boot.ini. You may also want to add heapdump fix. Look here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;815372&Product=exch2003

There is also a hotfix for IIS that should be added here.
http://support.microsoft.com/default.aspx?scid=kb;en-us;831464&Product=exch2k

Exchange 2003 requires several applications to be isntalled to function. NNTP, SMTP, IIS, Web services and ASP.net

That shouldn't be a prbolem for SBS. It installs everything automatically as a part of the base OS install. Pretty much insert CD1 and boot, it will install the OS. It then boots to the desktop and requests CD2 etc. until all of the applications are installed. There really isn't any easy way around doing it with the automated process which does everything needed.

RRAS with one network adapter isn't really truly RRAS. It is more port forwarding on the router to allow RDP or whatever access is needed. As you stated RRAS really needs one port of its own connected to the internet for best practices to be followed. I still prefer VPN, especially in a site with only a single server. I don't like the idea of exposing a server with corporate files directly to the internet.

With the DHCP/DNS I think that using the server is the best solution. Sure you can go around and change each computer individually. Or you could change it on the router. But using the server gives you finer control over what is happening and better ability to monitor what is going on. As mentioned it is absolutely necessary for all clients to point to your SBS for DNS. Then you can configure a forwarder to your ISP DNS server on the SBS, or configure a forwarder to the router and point the router to the ISP DNS server. In the end though it boils down to the same thing, client asks SBS for name resolution, if it is not a known name it will get passed off to the ISP server.

With SBS you can choose to install everything or pick and choose. Taking all the defaults in the guide is fine but not necessary. Not everyone uses the Wizards or takes all defaults and you can remove or stop any services you are not using ... which is a really good idea. IIS is not needed unless you run a web server or you want to use OWA with Exchange for instance. SBS has a few flavors, one is sans Exchange.

RRAS with one NIC is indeed RRAS :) RRAS as you know, stands for Routing and Remote Access Server, it allows a VPN connection that gives an External (internet) authenticated user access to the internal network, as if they were in the office. It acts as a router and routes packets between internal machines and allows Remote Access from outside the LAN. It also allows authentication rules based on domain or the local security database in a workgroup.

The problem is the Wizard everyone picks sets up NAT. NAT running on an interface will isolate the NIC unless, you configure the NAT appropriately which is not for the average admin. The difference is.. RRAS AND NAT or RRAS and no NAT. NAT is a security feature that masks the internal IP from the external side. But in order to set up a VPN, you normally create a pinhole in your internet router (which is doing NAT) and point it to a statically assigned internal IP. It therefore, is really not that useful. All internet to VPN traffic is forwarded directly to the NIC. All outgoing traffic is via an encrypted point to point link.

It would make sense if the RRAS enabled NIC was given a public IP.... But in almost all modern networks there is a router or firewall device in front of the server. IF you give your RRAS nic a public IP then you WILL need two nics and you WILL want to enable NAT. But that is crazy talk. Never put a windows server facing the internet unless you have no choice.

I agree, generally, with the DHCP on the server unless their are machines that need direct internet access and no access to the network, like guest laptops on wifi or wifi devices that need access but no network access. DHCP on a wifi router will allow users to connect to the web and by pass the server. This can be a good thing. If no DHCP is running on the wireless router you have to set up a DHCP relay for wireless clients to ask the DHCP server. You have just opened up your server to giving out internal addressing to wireless users, so make sure you set up Encryption and follow standard practices for wi fi security. You can also set up a small lease pool for DHCP on the router and exclude that group from your server based DHCP pool. You can filter that IP range from connecting to your server. But it gets complicated and this fellow already sounds pretty cornfuzzeled.

For Exchange I just had a feeling it wasn't the services not running. As I mentioned when you choose to install Exchange with SBS it takes care of the requirments for you. At least that is how I remembered it. Either way it just didn't sound like an issue with it not being installed properly, more that it wasn't connecting to the other server and downloading mail properly. Could be wrong though, has been known to happen.

As for the rest of the stuff, well I am a network guy. So I favor hardware solutions for problems like this. To me that means forget RRAS and use VPN with a hardware VPN device. Authenticating against an existing server for access control is fine if that level of security is needed/desired. Otherwise a simple group based login at the device itself is an acceptable solution that is a bit less complex. Same goes for excluding certain devices from the secured corporate network. To me the best solution is using VLANs to keep traffic seperate. Have a seperate device on any insecure VLANs to just push internet traffic out into the world.

And I agree we are getting off topic and just making things more confusing.

I would recommend that you get the DNS issue worked out and see where you are after that. As already mentioned there are a few ways to go about it. Just make sure that only the server or the router is doing DHCP. The server should be handeling DNS queries. Once that is all setup you shouldn't have a problem joining XP Pro machines to the domain. Then we can tackle any other problems you might still have.

All the services being talked about are already installed in the system. I will start working on what was mentioned.

Variable, when you say:

SBS requires a Domain to be set up. All internal client must use the the IP address of the SBS server for resolving DNS. The problem you are having is the ISP router is doing DHCP and it is giving the client machines the DNS addresses added to the router.

Here is what I was originally instructed to do... To manually give the server it's own IP that was NOT in the range of what the router was set to. The router by the way is a linksys, not the ISP. Time Warner swaped out the original modem we had with a "Static" one. Sooo... he then told me that being that I'm using the router as the hardware firewall that I should then enter all the DNS info into the router. The router is using DHCP as you mentioned but the server is not included in the list of IPs.

Now, do I manually assign the server it's own address and then give the clients the SAME address? Is THAT what you were talking about? Just want to make sure :D

The other problem is (Which I emailed Time Warner about already) is now I can't access the router to change anything. I tried typing in all the different numbers given to me in the address bar and all I can access is the modem. Will resetting the router allow me to get back into it with the default user name and pass? Will it screw things up being that I entered all the information I was told to originally? I'm guessing it would until I followed everyone elses advice from here. I assume this was probably the biggest issue here... just setting up everything incorrectly.

I know there is a lot more to be done here as well though. Thanks again guys.

Well IP addressing can get a little tricky. You are doing something very small and simple, so I will only get as detailed as needed for your setup. You want everything to be in the same IP subnet, but certain devices to be outisde of the DHCP scope you are using. Sounds scary, but it is pretty simple really.

You said it was a Linksys router, so they usually default to 192.168.1.1, lets go form there as an example and starting point.

Your subnet will be 192.168.1.0/24 (using a subnet mask of 255.255.255.0). This means you have 254 available IPs to use however you see fit. 192.168.1.1 to 192.168.1.254. 192.168.1.0 is a network address and 192.168.1.255 is the broadcast address. So a fairly typical Linsysks default would be as follows:
Router: 192.168.1.1
DHCP scope (addresses handed out to clients): 192.168.1.100-19.168.1.150

So you would want your server to be 192.168.1.2. This is in the same subnet as your router and other devices but outside of the range of IPs that can be used by DHCP.

My advice would be to just use the server for DHCP, unless you meet one of the circumstances Variable mentioned where it might not be wanted. Though it sounds to me as if you would be fine using the server. Either way the important thing is that the DNS server IP you enter must be that of the SBS box, and the SBS box must point to itself for DNS. The server is assigned a static IP address outside of the DHCP range. For resolving outside addresses, if this hasn't been caught already by the setup wizard, you setup a forwarder on the server. This is where you put the DNS server info given to you by the ISP.

What happens is when you type in \\bossescomputer\share it is found to be a local address by your server. When you enter www.pcguide.com that isn't local, so the local server doesn't know it exists. It will then ask the DNS server provided by your ISP for resolution. So in this way all computers can communicate internally and externally easily.

So your final setup would be something like this:
router: 192.168.1.1
server: 192.168.1.2
DHCP scope: 192.168.1.100 - 192.168.1.200
network printer: 192.168.1.201 (if you need them)