Promoting a VPN server (RAS) to a domain controller

[CaliberTech99]

Hello, currently we have a windows 2003 server that is a member server of our domain. This server hosts VPN for our outside users. We would like to promote this server to a domain controller. I've heard that there are specific rules you need to follow when promoting a VPN server to a domain controller so that the servers "vpn IP address" isn't registered in dns. I have actually seen this problem on other servers before where you have a domain controller that is hosting dns and the server registers the its VPN ip in DNS. Supposedly there is a KB article pertaining to this. Can anyone point me to this document? Thank you.

 

[mrdenny]

I don't know the KB off the top of my head.

Make sure that the public NIC doesn't have DNS IPs listed. Also keep in mind that this would put your domain controller on the public Internet. Usually not the best idea.

Denny
MVP
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / SQL 2005 BI / SQL 2008 DBA / SQL 2008 DBD / SQL 2008 BI / MWSS 3.0: Configuration / MOSS 2007: Configuration)
MCITP (SQL 2005 DBA / SQL 2008 DBA / SQL 2005 DBD / SQL 2008 DBD / SQL 2005 BI / SQL 2008 BI)

My Blog

 

[SteveRoadWarrior]

Microsoft don't really like having a Domain controller have more than one NIC (multihomed), which is how RRAS does VPN. So there are some KB articles you will want to have handy when you go to set this server up:

Be sure to review:

http://support.microsoft.com/kb/292822

Also:

http://support.microsoft.com/kb/232651

If it were me, I'd remove the RRAS config and reboot before running dcpromo

Odds are after you set up RRAS again, you'll need to review and fix the DNS and WINS entries. You might save yourself some effort by not even inputting WINS entries in the NIC until after you've done the above articles, RRAS is set up and everything is humming along nicely. Manual WINS entries are harder than they should be.