Logo
Lose Weight
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
 
 
Windows Server

Migrating to Windows Small Business Server 2011 Standard : Preparing Your Server (part 2) - Install Router, Firewall & Configuring Active Directory

8/15/2011 5:49:19 PM

5. Install Router and Firewall

After you’ve reconfigured your existing SBS to use a single network card, you need to reconnect it to the Internet. You need to insert a router into the network if you don’t already have one, and configure it for the network address range that you’ve chosen for your SBS network.

In many cases, you’ll already have a router in place—we did. But that router is likely not a full-fledged firewall. Now is the time to replace it or add an additional firewall appliance. When you do, you’ll need to configure the firewall for your SBS network. The port’s SBS 2003 uses include

  • 25 Simple Mail Transfer Protocol (SMTP). Used by Microsoft Exchange for incoming and outgoing email.

  • 80 Hypertext Transfer Protocol (HTTP). Outbound, this port is used to surf the web. Inbound, it can be used to initially connect to the Remote Web Workplace site.

  • 443 Hypertext Transfer Protocol Secure (HTTPS). It’s used outbound for connecting to secure websites and inbound for connecting to Remote Web Workplace.

  • 444 Companyweb. This port is used to connect to the SharePoint Companyweb intranet site. Open this port only if your users connect to Companyweb when working remotely.

  • 3389 Remote Desktop Protocol (RDP). This port is used only if you allow direct RDP connections from remote locations to your SBS server. If you do enable this for remote management, you should limit the IP addresses that are allowed to connect to specific, known, IP addresses.

  • 4125 Remote Web Workplace (RWW). This port is used by RWW for connecting remote users to their desktops.

Additional ports might be in use for specific applications on your network, but these are the basic incoming ports that are used by SBS.

After you’ve installed and configured your router, connect it to your SBS network as shown earlier in Figure 7-2. Verify that you have connectivity from the server and from your workstations to a known site. If a workstation doesn’t have connectivity, reboot and try again. Verify that the DHCP-assigned IP address is in the correct range.

UNDER THE HOOD: ISA Server

The requirements for migrating SBS 2003 Premium Edition networks that are using ISA Server are somewhat different. The basic premise is the same—you need to reconfigure your network to use a single NIC. But you’ll also need to remove the ISA Firewall Client from computers on your network. Microsoft’s migration guide says that you can leave ISA in place during the migration as long as you are running at least ISA 2004 SP3, but we think this is a bad idea. You need to install a real firewall on your network to protect it and the new SBS 2011 server, and leaving ISA in place on the source SBS 2003 server just confuses the issue and leaves additional places where there could be problems during the migration.

We started to write up a full set of steps for uninstalling ISA and reconfiguring the workstations on your network, but then we found an excellent resource from Kevin Weilbacher, an SBS MVP. He has posted a step-by-step guide to removing ISA 2004 from SBS 2003, and he is actively maintaining it and updating it to cover issues as they’re reported, with input from many of the other SBS MVPs. For full details on how to remove ISA 2004, see http://msmvps.com/blogs/kwsupport/archive/2008/09/07/uninstalling-isa-2004.aspx.
5.1. Disable VPNs

Before you begin the migration, you need to disable virtual private networking to the SBS server. If you need VPN access, you should choose a router/firewall that can act as a VPN endpoint. Ultimately, however, we think a better overall solution is to use Remote Web Access (RWA) and avoid VPNs whenever possible.

To disable VPNs on the existing SBS server, follow these steps:

  1. Log on to the server with the main Administrator account.

  2. Open the Server Management console if it doesn’t open automatically.

  3. In the left pane of the Server Management console, click Internet And E-mail. The Manage Internet And E-mail page opens.

  4. Click Configure Remote Access to open the Remote Access Wizard.

  5. Click Next on the Welcome page to open the Remote Access Method page as shown in Figure 13.

    Figure 13. The Remote Access Method page of the Remote Access Wizard

  6. Select Disable Remote Access, click Next, and then click Finish.

  7. When the wizard completes, click Close to return to the Server Management console.

This completes the network reconfiguration for your SBS migration. Now is a good time to verify that all the computers and devices on your network are working as you’d expect and can connect properly. Pay particular attention to devices such as printers, wireless access points, and web cams that have a fixed or DHCP reservation address to make sure that they are communicating correctly with the rest of the network.

6. Configuring Active Directory

Before you can complete the migration to SBS 2011, you need to raise the domain and forest functional levels of your current SBS 2003 Active Directory. The migration requires that the Active Directory forest and domain functional level be Windows Server 2003. The default for SBS 2003 is the Microsoft Windows 2000 functional level.

You can’t move to a Windows Server 2003 functional level if there are any Windows 2000 or earlier domain controllers in your SBS domain. If there are, you must first demote them from being domain controllers. For Windows 2000, run Dcpromo.exe as a domain administrator to demote the legacy Windows 2000 domain controller. If you still have Windows NT 4 domain controllers in your network, you’ll need to rebuild these servers as non–domain controllers or remove them from the network entirely. Given that Windows NT 4 is no longer supported by Microsoft and won’t get any updates or security patches, you need to remove any remaining Windows NT 4 computers.

To raise the domain and forest functional level of your SBS 2003 Active Directory, follow these steps:

  1. Log on to the SBS 2003 server with an account that has both Domain Admins and Enterprise Admins privileges. The Administrator account is a good choice for this.

  2. Click Start, then click Administrative Tools, and then click Active Directory Domains And Trusts to open the Active Directory Domains And Trusts console shown in Figure 14, or you can type domain.msc at the Run menu.

    Figure 14. The Active Directory Domains And Trusts console

    Note:

    Raising the domain functional level is an irreversible change. You can’t later lower the functional level.

  3. Click the domain (example.local in Figure 14), and select Raise Domain Functional Level from the Action menu to open the dialog box shown in Figure 15.

    Figure 15. The Raise Domain Functional Level dialog box

  4. Select Windows Server 2003 from the drop-down list (this should be the only choice in most SBS networks) and then click Raise to raise the domain functional level.

    Note:

    If the Current Domain Functional Level is shown as Windows Server 2003, you won’t be able to change the functional level.

  5. Click OK at the warning that this change can’t be reversed, and click OK again at the success message.

  6. Click Active Directory Domains And Trusts in the left pane at the top of the tree.

  7. Click Raise Forest Functional Level on the action menu to open the Raise Forest Functional Level dialog box shown in Figure 16.

    Note:

    Raising the forest functional level is an irreversible change. You can’t later lower the functional level.

    Figure 16. The Raise Forest Functional Level dialog box

  8. Click Raise. You’ll see the warning message that this change is irreversible as shown in Figure 17.

    Figure 17. Raising the forest functional level is irreversible

  9. Click OK. If the raise was successful, you’ll see the informational message in Figure 18.

    Figure 18. The Raise Forest Functional Level success informational message

  10. Click OK to close the message, and then close the Active Directory Domains And Trusts dialog box.
Other -----------------
- Microsoft Dynamics CRM 2011 : Adding Target Products and Sales Literature
- Microsoft Dynamics CRM 2011 : Selecting Target Marketing Lists
- Windows Server 2008 R2 : Administer Group Policy (part 2) - Use the Group Policy Management Editor
- Windows Server 2008 R2 : Administer Group Policy (part 1) - Use the Group Policy Management Console
- Microsoft Dynamics AX 2009 : The MorphX Tools - Table Browser Tool & Find Tool
- Microsoft Dynamics AX 2009 : The MorphX Tools - Visio Reverse Engineering Tool
- Windows Server 2003 : Planning Fault Tolerance and Avoidance (part 2) - Disk Arrays
- Windows Server 2003 : Planning Fault Tolerance and Avoidance (part 1) - Protecting the Power Supply
- Windows Server 2008 Server Core : Creating System Connections - Communicating with Telnet
- Windows Server 2008 Server Core : Creating System Connections - Working with Remote Access Server
- SQL Server 2005 : Testing Database Routines - Introducing the SQLQueryStress Performance Testing Tool
- SQL Server 2005 : Performance Testing and Profiling Database Systems
- SharePoint 2010 Search : Relevancy and Reporting - Custom Ranking
- SharePoint 2010 Search : Relevancy and Reporting - Managed Metadata Service
- Automating Dynamics GP 2010 : Automating reporting with Report Groups
- Automating Dynamics GP 2010 : Controlling reporting dates with Beginning and Ending Periods
- Microsoft Lync Server 2010 Front End : Installation (part 2) - Enterprise Edition Installation
- Microsoft Lync Server 2010 Front End : Installation (part 1) - Lync Server Topology Builder & Standard Edition Installation
- Microsoft Lync Server 2010 Front End : Active Directory Preparation
- Microsoft Dynamic NAV : Setting up Periodic Activities, Stylesheets, and Rapid Implementation Methodology - Job Queue
 
 
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Top 10
- Windows Phone 8 Apps : Camera (part 4) - Adjusting Video Settings, Using the Video Light
- Windows Phone 8 Apps : Camera (part 3) - Using the Front Camera, Activating Video Mode
- Windows Phone 8 Apps : Camera (part 2) - Controlling the Camera’s Flash, Changing the Camera’s Behavior with Lenses
- Windows Phone 8 Apps : Camera (part 1) - Adjusting Photo Settings
- MDT's Client Wizard : Package Properties
- MDT's Client Wizard : Driver Properties
- MDT's Client Wizard : Application Properties
- MDT's Client Wizard : Operating System Properties
- MDT's Client Wizard : Customizing the Deployment Share
- Windows Server 2012 : Software and User Account Control Administration (part 5) - Maintaining application integrity - Configuring run levels
 
Windows XP
Windows Vista
Windows 7
Windows Azure
Windows Server
Windows Phone
2015 Camaro