TERMS This document and what comes with it are provided as-is with blunt warning: Use at your own risk, buyer beware. You break your system; you own the resolution as well. We have no liability for what you do, or can't do, or fail to do with this information. Your entire protection is to start over again with a protected backup, or from protected system. If you don't want to accept this idea, please don't use this document. In this third part of the series "How to add an additional Domain Controller from a remote office to the SBS domain" we will review some common events and errors that will always appear whenever a SBS server is rebooted. Those can be safely ignored, as long as no other errors or warnings show up after both servers are fully up and running. The Directory Services event log is very important and it should not show any errors or warnings on the remote Branchoffice server ever. It will also have the steps to create an email alert when the RRAS VPN connection is down. The next step will be to modify the SBS Windows XP Firewall GPO so it will include the remote subnet in a few settings. We will then modify the Default Website in IIS to include the remote subnet. You will have to mind though, that each time you would need to rerun the CEICW wizard, you will have to correct the IIS settings manually again. If you have run the SBS BPA tool on a SBS server that has the Windows 2003 SP2 installed, you will have been noted to adjust a few registry settings for the TCP/IP service. It is a good thing to make those same changes on the remote Branchoffice server as well and the complete steps will be described. RRAS on a SBS server which has ISA 2004 installed, is behaving a bit different from a common server without ISA. This is because most settings in RRAS are being dictated by ISA 2004 and there are not many settings you can change without it being reset by ISA every time the ISA services are being restarted. This also has consequences for WINS and DNS and the behavior is being described as well as some solutions. You will have to realize though, that when you browse the Network Neighborhood from the SBS network, you will never see the remote machines appear. In the remote office however, you will see the SBS machines appear in Network Neighborhood. This is totally due to using this kind of site-to-site VPN connection with RRAS and ISA 2004. The last page has a graphical overview of the ComputerWorks network with the public and private IP's that have been used in this series of articles. The contributions from Justin Crosby from Microsoft CSS were very valuable for the last chapter and I want to thank him again.