Thursday, August 28, 2008

How the new SBS 2008 Internet Address Management Wizard Works

As you saw from the major differences between SBS 2003 and SBS 2008 post, the SBS 2003 Configure E-Mail and Internet Connection Wizard (or CEICW) was broken into 5 different wizards.  The part that configures your external domain name was brought into this wizard, the Internet Address Management Wizard

Now similar to the 2003 CEICW wizard, everything on the local box is configured to the domain name of your choice, that includes:

  • Remote Web Workplace - IIS is configured to respond to the host header of your domain name
  • Certificate Authority - While the CA is new to SBS 2008 as an "installed by default" component, the specific thing the IAMW does here is configure the website self-issued certificate used to encrypt the traffic between the client and the server, as well as validating the identity of the server to the client.
  • TS-Gateway - Also new to SBS 2008, this is configured to line up with the new domain name as well to allow connectivity to the client computers through the Remote Web Workplace
  • Exchange - Email SMTP connectors, and Exchange authoritative domain names are configured to be the domain name of choice.
  • UPnP Enabled Routers - If your router supports UPnP, ports 25, 80, 443 and 987 are opened to point to the Windows SBS 2008 server.

What's new to SBS 2008, is the ability to configure a Domain Name Provider automatically with your Host Records, Mail Records, Spam Records, and Service Records.  To do this you must use one of our supported providers.  Those providers in alphabetical order are, eNom , GoDaddy.com, and Register.com.  (If your provider is not supported, send them to our partner page!)

So, when configuring a domain name, how does this work?

It's not complicated by any means.  When buying a new domain name, the wizard uses your Internet Connection and sends the Country/Region data you entered during setup to a Microsoft Referral service.  This service responds with the domain name providers you can buy domain names from within your Country or Region. With this data, we are able to show the following page where you can choose which provider to work with:

image

At this point, there is no further contact with the Microsoft Referral service, and the server communicates directly with the partner of your choice to help you find an available domain name.  If you choose to send the rest of your postal address to the domain provider, they may use some of that data in domain name spinning to help you find an available domain name, and they may also default some of this information into the check-out process, speeding things up a little.

Eventually you will open a web browser with the domain name provider to provide your purchasing information.  Once you have bought your domain, and any other additional services you may want to buy for your server, then you simply return to the wizard and input the newly created (or potentially already existing) credentials with the domain name partner into the wizard.  The server stores them securely in the credential manager for use immediately, and also later.

The wizard will then configure the local box and network, then reach out via a secure API, to the domain name provider and configure an A-Record, MX-Record, TXT-Record (for the SPF), and an SRV-Record (for Outlook Autodiscover).  If the domain name is not ready to be configured (which can often be the case in a migration), the Dynamic DNS client tries every 10 minutes (by default) to update these records, and as soon as the domain name is ready, the records are updated.

Over time, the Dynamic DNS client will keep your A-Record up to date with your current IP address.  This can be customized or disabled (in the Static IP case) via the property page in the Windows SBS console, on the Network Tab, and Connectivity Sub-tab.  However, the Dynamic DNS client also gets information about your domain name, like if it's about to expire, or if your password has changed, and will report it in the Server Report, so you might want to leave that on.

Our current partners, at the time of this post, offer the following domain names.  This is obviously subject to change without notice:

Register.com

.asia, .biz, .br.com, .ca, .cc, .cn, .cn.com, .co.nz, .co.uk, .com, .com.br, .com.cn, .de, .de.com, .eu, .eu.com, .hu.com, .info, .jp, .jpn.com, .net, .net.cn, .net.nz, .org, .org.cn, .org.uk, .qc.com, .ru.com, .sa.com, .se.com, .se.net, .tv, .uk.com, .uk.net, .us, .us.com, .uy.com, .vg, .web.com, .ws, .za.com

GoDaddy

.ag, .com.ag, .net.ag, .org.ag, .asia, .at, .be, .cc, .cn, .com.cn, .net.cn, .org.cn, .co.nz, .net.nz, .org.nz, .de, .fm, .tw, .idv.tw, .com.tw, .org.tw, .eu, .jp, .me.uk, .org.uk, .co.uk, .ms, .tc, .nu, .vg, .ws, .org, .com, .tv, .net, .biz, .us, .mobi, .jobs, .name

eNom

.com, .net, .org, .info, .biz, .us, .name, .de, .uk, .cn, .co.uk, .org.uk, .me.uk

If you already have a domain name, you can transfer it to one of the partners, or just use it! Now you don't have to worry if your DNS records are updated correctly, just look for the green check!

22 comments:

Miroslav said...

Can I use some kind of third party program to update the Dynamid DNS domain on godaddy registration.

Sean Daniel said...

Currently only the built in Dynamic DNS client is supported.

Rich Lusk said...

Sean,

This is really cool!! One question. Can a domain be transferred to one of the supported providers during the wizard setup or should the domain be transferred before the SBS install?

Thank you.

Sean Daniel said...

Hi Rich,

You can do it either. The wizard will let the domain provider know that you want to transfer it. Or you can transfer it before hand. Which ever is most convenient for you.

If you don't transfer before hand, you may see some benign errors from the Dynamic DNS client as it attemps to configure your domain name every 10 minutes, and until it's transfered, clearly that won't work.

Cheers.

bawacx said...

Does my Domain have to be hosted by one of the supported providers? I have a domain registered with GoDaddy, but the site is hosted elsewhere and I get a message that the site can't be transferred when trying to connect to the provider's site. Upon entering the domain information (domain, username, password)SBS2008 cannot connect to GoDaddy.

Sean Daniel said...

If you're already hosted with GoDaddy, just skip their web-interface and type in your username and password for GoDaddy

we only touch the A, MX, SRV, TXT records for the domain, we won't touch any WWW or @ records for the domain.

Try it, it'll work great. Trust me. ;o)

aim said...
This comment has been removed by the author.
Sean Daniel said...

In response to the deleted comment. For all to see, yes, if you use one of hte partners listed, you do not require a static WAN IP address, and you can just continue to use your dynamic IP.

Save some money eh!?

DeVaL!aN Lee said...

i had a problem. i couldnt login to godaddy even though i confirmed my login detail is correct.

there is 2 provided by godaddy, 1 is login name, another 1 is cust no. i tried both while couldnt login godaddy internet address management yet.

Please assist. thanks.

Sean Daniel said...

Hey DeVaL!an,

You should contact GoDaddy about this issue, its the same username and password you use to log into their website.

Graham said...

Sean,
were would I be able to check for the errors from the Dynamic DNS client.

I am investigating some communications from my new sbs 2k8 box that are destined for port 53. happen every 10 mins. to the opendns serves that i have set as dns forwarders.

Sean Daniel said...

In the eventlog, or in the log file. log file I think is in %program files%\windows small business server\logs. and I don't recall the name, but it's one of the newer touched ones, and should be descriptive from its name

DeVaL!aN Lee said...

Hi Sean,

yes, im using the same username and password for it. i even tried to click the link on the wizard and login on the website.

it has no problem on the website but in the wizard just keep on failed.

i contacted godaddy too. they asked to reset password. did it, but same error persist. i replied their support email, they said they did not support off shore server as mine.

im so confused. Please help..

Sean Daniel said...

Are you behind a proxy? it's probably best to take this offline. Send me an email using the email tab at the top of this page. Ultimately this sort of issue should go to GoDaddy's support, but I'm interested now.

DeVaL!aN Lee said...

Hi Sean,

i had sent u a email 2 days earlier. Hope to got it and hope to hear from u soon.

Thanks.

John McNickname said...

There's a lot of emphasis with SBS2008 and having an Internet domain name. We did a migration where the customer had a static IP but no DNS address pointing at it whatsoever. We ended up having to accept the remote.theirdomainname.ie which was obviously incorrect.

What's the situation when you don't have a DNS name and just a static IP?

Sean Daniel said...

You just point the internet domain name at the static IP addrss. sounds like what you did was correct.

sean

John McNickname said...

How do you mean exactly, the fact is we don't have an internet domain name.

Sean Daniel said...

That's easy then, just run through the Internet Address Management wizard, and choose to buy one, our software will set up the rest.

John McNickname said...

SO in other words you HAVE to have an internet domain name? You can't just have a static IP?

Sean Daniel said...

it's hard to have a certificate match with a static IP address. I mean you don't *have* to, but for $8.99/year, isn't it worth it? Plus with the built in dynamic IP address handling, you can drop the static IP and save some money!

John McNickname said...

Fair enough, we ended up finding there domain providers control panel and adding a hostname there. Worked out well, next thing is the Standard SSL cert. The wizard certainly doesn't give an option for NO domain name. Possibly IIS will give an option for creating an IP only certificate but thats beyond me. Thanks for the advice.