ICTCity

ok let's make it easy... Post 2 other messagges and then you reach 20 ) I will not delete or mark you as spam )

Try to send it via PM to me.

Are you attaching photos?

So here comes the longest part. Check the event viewer to see any error which can tell you something more. Follow this tutorial: http://freepchelp.forum/resources/tuts/tutorials/installation-configuration/use-process-monitor-to-set-up-permissions-properly-r34 Maybe we can find a solution. If not I have others ideas.

Ok so I think there's a policy blocking you. Create another admin account and try if it doesn't work we go deeper

no you are not. If you computer can be part of domain (not a domain controller, just part of) you may be using the domain admin account, to be sure login with this: COMPUTERNAME\Administrator password

You can do this, you can have two NICs on your DMZ server one for DMZ and other for LAN. Then you bind each service to both interfaces so you actually reach the service from both external and internal network avoiding the communication between the two nets.

Don't do it. Put the FTP server on your DMZ (192.168.2.XXX) because if you create a route (which an also be impossible on some router) from DMZ to LAN you lose your security!

Well as you said there's no difference. The problem is with big environment because if you have 30 disks to map you haven't enough letters. Anyway a mount point is a mount point. When you open the network share \\mydomain\myshare this is already a mount point but "on the fly" not fixed. For me there's no difference / drawback.

If you can login as LOCAL administrator and try to install.

I think the routing table wasn't updated :) Yes, and if you install remote access this role is installed by default.

Delete the route on your router and add only the 192.168.0.0 altough I think the 2.0 is made by default.

But FROM (I think your router has a console or a ping utility) the console of your router (192.168.2.1) you can ping the 192.168.0.1, right? If yes you must tell your clients that they need to contact your 2.1 router and the router should be able to route. Your server RRAS should do nothing. Use only your router.

Can you post your network diagram? thanks

The route you have is useless. It means almost anything because in this way all connections to 192.168.0.0 are passed to nobody (0.0.0.0) or default. you must specify the router in this way: SOURCE (where the connections come from) - DESTINATION (WHERE DO YOU WANT TO GO) - GATEWAY (Which router can accomplish this route). Actually I can't remember how is on RRAS but I'm pretty sure it asks for source, mask, dest and gw.

The computer is on domain? Joined?

Not really, in a webserver, for security reasons, you have the website folder in another disk, not where windows resides. So the space will be occupated on another disk not your C:\

The MINIMUM required is 40GB but of course this is not optimal. Well depends on many factors, updates occupe space but there are also others things that do the same (file paging, log files). A normal windows installation with normal utilization (File Server, SQL, Exchange, ...) require not more than 100 GB because USUALLY you have the DB or files on another partition. If you use terminal server or application server you should consider the grow factor which usually is between 20-40%. In others words 100gb is enough :)

Post result of gpresult: http://technet.microsoft.com/en-us/library/cc775413(v=ws.10).aspx It's almost the same for windows server 2008.

Run "gpupdate /force" and then a resultant group policy in order to establish WHICH policy is applied to "block" password. Well there are differents scenarios. When you join a domain you need an admin (domain admin) account to join the WS, once there well you don't have to have a specific account, you can also have one account for 1000 users, stupid but possible. Maybe what you want to know is: "Can I login into domain without creating a user first?" No you can't. Let's say you have a LOCAL account (DeanoLocal) on your computer (DeanoLocalPC), now you join the domain deano.local. Now you have 1 account and TWO domains: - DeanoLocalPC\DeanoLocal (local account) - deano.local As you can see the DEANOLOCAL account exist on that workstation (workgroup DeanoLocalPC) not on domain! So you must create another account at domain level. After that you can of course copy the local profile to domain profile, but basically you need a domain account. No matter if you are using terminal services or just RDP, usually there's a group on domain called TERMINAL SERVER USERS, add this group as permitted on you terminal server (or where people login) and they will not able to login to the others servers. regarding workstations you can basically do the same thing, but this time you configure this by remote access settings (computer>rightclick>properties) adding the user.

Check on all of your GROUP POLICY if somewhere there's the policy "Password must meet minimal complexity requirements". I don't understand what you mean with "can i set it so the domain to automatically create a user for the local user account? or do i need to manually add it?"

I think I will write a tutorial / explenation regarding policies in Windows' domain. There's a lot of confusion and to troubleshoot these problems is a really hard task. First of all you must determine which polices are applied to that group / ou / user, then you can start troubleshoot. So, open gp manager and run a RESULTANT GROUP OF POLICY and select the computer / user. Once finished you can easily see which policies have been applied, in case of an error (permissions) you will see "ACCESS DENIED" or something like this. Good question, TEORICALLY no, you just need a common DNS with the needed record (_ldap, _tcp, ...) so your router cannot do this (you can't add DNS entries). Pratically --> mhhh more or less, you can set up a dns server BEFORE and then create a domain. In this way dcpromo should create the the entries for you but anyway you will ever have a local dns but the client's DNS can also be another (different from you DC). Mhh no idea, usually when a PC joins correctly to a domain you are prompted to enter domain's credentials. If you write domain\username it works?

Don't confuse things. Windows server COULD do RAID but if you can, DON'T do a software raid! It's sloooow, really slow. Use your raid controller. This will be configured after the POST and before the Windows installation. I don't want to believe that your controller cannot manage 2 differents RAID. Today I have installed a server with 3 RAID on a HP which is really old (7 years) so... Said that, once you are able to configure your controller, install windows on first RAID and once ready to install create just one partition for WINDOWS (let's say 200 gb) you can adjust this value based on your needs. Once installed, create others partitions (mail, db, webApp) so you will have 4 parts on your FIRST hard drive. Having multiple partitions has (no) drawbacks, but has advantages (one is that when you want to move something maybe on a storage in the future, you can do this easier than with a single confused partition), another advantage... let's say that something screw up your C:\ partition. You have an image of 1 month ago, with a single partition you must restore the image and THEN recover the database backup (and if you don't know... recovery a database no matter if it's sql, mysql, ... it's a BEAUTIFUL job... do it one time for test... you will see when partials records are not recovered... or tables weren't close... beautiful...), so finally you spent one day to recover the system and people cannot work. With multiple partitions you must restore the old image and windows starts up and the DB file is up to date. You (maybe) must do just some adjustment on your "old" windows. In the worst case you can simply reinstall a fresh windows server (30-40 mins?) and install your DB software but data is still available! Just a quick thing, if you use shared storage (san, nas) you can map each partition on a host of your choice so you really have a great no-downtime! (Almost :P) Back to you, you have your part (windows), now you can create the others partitions based on your needs. Finally you have the second RAID ready to "host" your web app database. Also in this case... if you have a db which is 100 gb create a partition of 200 or 250 gb but DON'T use the entire disk. It's EASIER to grow a partition instead of stretch it. Trust me :P With windows you can expand partitions but not stretch. I wrote too much? mhhh maybe :P

I'm not sure (I will check on Monday), but I think you cannot do this on the same IP. Actually one IP is listening on 443, so the same IP cannot listen on 443 but for a different website (unless you use virtual host). A cert is assigned to a hostname so if you change the assignment, it's CHANGED not duplicated or copied or whatever. I'm quite sure about this...

And why you have to use as a single disk? Even on single raid controller you can have different config... Well if you must use the single configuration switch to raid 5. if not... Well actually is the same. The different between raid 1 and 5 is not only in the raid itself. The most important thing are the spindle of your disk, the more you have, the faster they are.