Photographer with a few SQL and 2012 R2 ADDS Questions

Discussion in 'Windows Server' started by J0hnBlaze, Aug 6, 2015.

  1. J0hnBlaze

    J0hnBlaze MDL Novice

    Feb 4, 2014
    I have Solid Networking experience installing Point-Of-Sale Systems across the country and very rudimentary knowledge of Windows Server.

    Ok first a background of what I have equipment wise and my goal.



    I have 11 servers that I can use - 4 are operational with 2012 r2 or 2011 sbs (due to CPU limitations)

    3 IBM x3550 7978
    3 IBM eServer x346
    1 HP ML350 G4p
    2 HP DL360 G4
    1 HP DL380 G4
    1 Cisco MCS7800

    All are functions however the 3 in use are 2 IBM x3550's running 2012 r2, 1 IBM x346 eServer/1 HP DL380 G4 running 2011 sbs.



    1. 1 server running MDT2013 Services for PXE deployments.
    2. 1 Server - or whatever is necessary - to host the massive collections of images I take over the years.
      1. Currently I have 35TB of Storage on external Drives that can be accessed through iSCSI or SATA
    3. Allow anyone to access a web page which will prompt for account credentials/create a user account for the purpose of FTP or MFT access of the RAW image library.
      1. The MFT or FTP would ideally allow Direct Access or VPN Access to ensure access speeds to files and support multiple users logged in at once.
      2. I looked into Cerberus FTP as a MFT Solution however I noticed it was sending out like 5,400 broadcasts per/minute over LAN. Perhaps this was a misconfigured option somewhere but it seemed excessively chatty.
    4. Additionally, I would like to allow specific OU's or Silo's to have permissions to RDP to Hyper-V machines that have for example: Topaz software installed so that they may use the editing program to view and edit pictures.

    I am not selling anything with my "business" I am currently taking pictures of some unusual things that have been occurring in my area for the past year and simply want to provide skeptics access to the raw untouched files so they can replicate the results without having to set anything up on their end.

    In the future, I would like this in place so that when I do begin to offer services, I can use this as a platform for web meetings with potential clients to demonstrate my workflow, work, and other potential benefits.



    I'm having difficulty with DNS and perhaps its something stupid that I did. My current issues are with DNS, VPN, FTP/MFT.

    DNS: I have a website that is hosted through GoDaddy. When I created my ADDS Forrest I named the Domain rawkonphoto. Im pretty sure that is the primary problem as the DNS wants to point to the TLD of vs the internal Domain of Rawkonphoto. The solution may be to reinstall the Server and reconfigure MDT2013 for the PXE services. I'd rather not do this but if I have too? I'll suck it up.

    VPN: Same issue as DNS (I think) the IPsec and Kerberos are failing and show the certificate is already in use for

    MFT/FTP: I don't even know where to begin here with the goal I am trying to accomplish. Maybe neither of these are what I should be doing.

    UAC for Guests: Account creation isn't intended to farm email address for the masses - although its probably a wise marketing move. I don't know if I want to force people to use their emails to login unless its beneficial with the ftp client ie for emailing specific files vs direct links.


    That's it! =) Thanks for any insight into how to better this concept/fix my current issues. Definitely appreciate the help.

    - David
  2. J0hnBlaze

    J0hnBlaze MDL Novice

    Feb 4, 2014
    Ah, SQL questions:

    I was thinking of using SQL to manage the photographs and as I was writing, I was also reading an article that explained why this is a piss poor idea. SO there are no sql questions!
  3. J0hnBlaze

    J0hnBlaze MDL Novice

    Feb 4, 2014
    Extra Details on what I have already completed.

    I inferred with Goal #1 on the PXE server situation that it is already configured and running. I wanted to make sure that if anyone would like at add some input the PXE and MDT2013 concept is working great with no issues.

    That's all, just wanted to make it clear that step is complete and the only problems are with ADDS certificates/DNS resolution with external vs internal domains and last how to handle the file sharing/access to remote users with a cavet of needing some users to access VM's on Hyper-V via VPN/Direct Access.
  4. J0hnBlaze

    J0hnBlaze MDL Novice

    Feb 4, 2014
    #5 J0hnBlaze, Aug 6, 2015
    Last edited: Aug 6, 2015
    I have been doing a massive amount of reading and therein lies the confusion of what's best. I was asking what others who possibly have setup a similar infrastructure on what options are best if they know. I thought this was a place to chat about technology and the possible benefits. I guess I was wrong?

    I understand how RDP works. My question was regarding there being a flag to the certificates already in use when setting up Direct Access and VPN within Windows Server. I assumed it was because the internal domain was the same as the public domain. I just wasn't sure. Isnt the .local a poor idea as well? At least that's what I've read. Sorry, I guess I'll have to read more and research that myself.

    People suck. A vague question to gather some insight from people results in a single response of just do this and research it yourself. Lol wow.

    *edit* Maybe I got the vibe of the reply wrong but that's how it came across to me. No just here but many forums I have inquired about best practices in various scenarios and it seems to be the general theme of responses. People either flex knowledge or don't care to respond. Having a theoretic conversation about solutions in different situations that open up creativity or bring forward the option to discuss uncommonly known/used techniques or software options is frowned upon. **
  5. sebus

    sebus MDL Guru

    Jul 23, 2008
    This attitude will take you nowhere...
    .local is not good if you have Apple Macs in the mix, then use .lan

    For certificates to be issued properly you really should have Certificate Authority setup. Or you will be doing certificates in OpenSSL.

    You are over-complicating simple task, problem is you do not know what you want...