Troubleshooting WINS Servers
Troubleshooting WINS server problems can be largely avoided by making sure you understand and correctly set up and configure your WINS database topology. Following are a few key clues that you may come across that point to a server-side WINS problem. All of these were discussed throughout the chapter, so we just reference them here as things to be aware of when troubleshooting your WINS server. To go over the configuration steps refer back to the related section of the chapter. WINS replication...
Understanding Automatic Private IP Addressing APIPA Ymz
12. You are the systems administrator for a small network of fewer than 10 users on a single network segment, which is configured for peer-to-peer network resource sharing.You are using Windows XP and Windows 2000 on all of your client desktops and you decide to avoid the hassle of installing DHCP or manually configuring static IP addresses by using APIPA.You are using two file servers, both running Windows Server 2003, which also have the ability to use APIPA. Everything is running smoothly...
Note Yxh
PEAP uses Transport Layer Security TLS to provide an added layer of protection. PEAP also provides other benefits including an encryption channel that protects other EAP methods running within PEAP, fast reconnect the capability to reconnect to a wireless access point using cached session keys facilitating quick roaming between wireless access points, TLS-generated dynamic keying material, and server authentication that prevents deployment of unauthorized wireless access points. Figure 8.55...
Scenario RRAS Passes Requests to Another DHCP Server
Scenario 2 assumes that you have chosen the Dynamic Host Configuration Protocol DHCP radio button in Figure 3.41.When you choose this option, all DHCP lease traffic is sent through the RRAS server by means of the DHCP Relay Agent.The DHCP server configured in the DHCP Relay Agent's properties is responsible for carrying out the entire DHCP lease process with the client, again by means of the DHCP Relay Agent. Both the client IP address and all IP configured options are distributed by the...
Introduction Cpo
In the previous chapter, we looked at the VPN capabilities of Windows Server 2003.We reviewed the importance of network infrastructure design and connectivity requirements when designing and implementing a VPN. Primary connectivity for Windows Server 2003 relies on Transmission Control Protocol Internet Protocol TCP IP .The Internet relies on TCP IP and consequently, the growth of the Internet has driven the use of this open protocol. Through this growth, other standards have developed to...
Conclusion
IP routing involves using both direct and indirect routes to deliver packets to their intended destinations. Static and dynamic routing tables are used to determine how to best send the packet. With the use of the IP protocol and other associated protocols Application layer protocols, UDP datagrams, ICMP messages, routing protocols , messages are reliably and quickly encoded, sent, and decoded. Many of the topics covered in this section will be discussed in even greater detail in subsequent...
Types of Security Templates
Microsoft offers several preconfigured security templates through the Security Configuration and Analysis management console as well as online.You can apply a precon-figured security template to your system or use it to compare your existing configuration settings to predetermined settings provided by the security template. Templates are available for several configuration scenarios. Microsoft provides templates for the following Default security Setup security.inf System root security...
Nonclassful Classless Subnet Masking
In classful subnetting, each subnet has the same number of host addresses. In many cases, this is not an optimal solution because we often need some segments that have only a few IP addresses and other segments that have hundreds. For example, administrators commonly group resources that are in physical proximity to one another on the same segment. However, you might want routers and gateways on small segments that are isolated from the rest of the network through subnetting. With classful...
I Wam
Debug Logging j Event Logging Monitoring j Interfaces 1 Forwarders Advanced Root Hints 1 Disable recursion also disables Forwarders Secure cache against pollution Name checking i Multibyte UTF8 j Load zone data on startup From Active Directory and registry J Enable automatic scavenging oF stale records Scavenging period o days Next, you see Server Options, listed here and described in Table 6.2. Disable recursion also disables forwarders This option is off by default. BIND secondaries This...
Security Concerning the DNSUpdateProxy Group
There are some security concerns to be aware of when putting the DNSUpdateProxy Group into action. If you put your DHCP servers in this group, all records updated by those servers are not secure in your DNS database. If your DHCP server is a domain controller as those in many branch office configurations are , all the service location SRV , and forward lookup A records registered when starting the Netlogon service will not be secure.What can you do to address these concerns 1. Do not put any of...
Arp Rarp
Root BPDU Prio NS Query req. ARP Request, Ti Root BPDU Prio ARP Request, T Protocol EIG-RP Query req. Query req. Query req. Query req. Root BPDU Prior NS Query req. NS Query req. f ARP Request, T Root BPDU Prio Protocol EICRP ARP Request, T Root BPDU Root BPDU Root BPDU NS Query req. ARP Request, Ti .rget IP 192.168 ity 0x8000, Port .rget IP 192.168 Packet ID 0 or SLOPPY.VIGIL.1 or SLEEPY.VIGIL.1 or SLOPPY.VIGIL.l or SLEEPY.VIGIL.l ity 0x8000, Port or SLOPPY.VIGIL.l or SLEEPY.VIGIL.1 .rget IP...
Integrating the Windows Server DNS Server with DHCP 1
5. Your company has a Windows Server 2003 domain. All of your servers run Windows Server 2003 and all of your workstations run Windows XP Professional.Your DHCP server is configured with the default settings and all of your Windows XP machines are configured as DHCP clients with the default DHCP client settings.You want to use DNS dynamic updates to automatically register the host record and PTR record for all of your workstations. Which of the following must you do to accomplish your goal A....
NonWINS NetBIOS Registration
When a non-WINS client tries to register its name via a broadcast, the proxy agent hears the registration request and passes it to the WINS server for name verification. If the name is not in use, it replies with a successful name registration message but does not register the name in the WINS database. If you want to have WINS manage the NetBIOS name of non-WINS clients, you will need to enter a static entry in the WINS database as discussed earlier in Managing WINS Records.
Configuring OSPF on A Windows Network
In this exercise, we will configure two Windows Server 2003 routers to advertise OSPF routes. As mentioned earlier in this section, it is preferable to use RIP v2 instead of RIP v1 for routing because it supports CIDR, a method capable of carrying subnet information within routing updates. In the previous example, if we used networks with nondefault subnet masks for example, a 10.0.0.10 24 address instead of 10.0.0.10 8 , RIP version 1 will not properly advertise the routes because it does not...
Configuring RRAS Packet Filters
Routing and Remote Access packet filters provide network security by controlling certain types of network traffic into or out of your LAN. RRAS packet filters are applied through the Routing and Remote Access Service MMC on a per-interface basis. RRAS packet filters work on an exception basis. This means that the filters can do either of the following Allow all traffic except that specified in the filter Deny all traffic except that specified by the filter Packet filtering rules are a vital...
Basic DNS Concepts
Now that you've learned about DNS naming conventions, let's look at five basic concepts related to DNS. Each will be explored in more detail later in this chapter, but this introduction will give you an initial understanding of DNS concepts and terminology.There are five areas that we'll discuss DNS servers, DNS resolvers, resource records, zones, and zone files. The DNS system relies on a distributed database for efficient name resolution. These databases reside on DNS servers that manage the...
DHCP Leases
The process a DHCP client goes through in order to obtain an IP address and any network specific configuration options is called the DHCP lease process.A DHCP lease is a configurable amount of time that defines for how long a client has permission to use a particular IP address.This time limit is referred to as a lease duration. By default,Windows Server 2003 sets this value to eight days the same default value was assigned to DHCP leases configured using Windows 2000 DHCP server . It is a best...
Example of Subnetting a Class C Network
In real world scenarios, you might need to create subnets that contain only a few IP addresses. This is done to logically isolate devices on separate networks. Examples of networks with a few devices include routers on a network backbone or a point-to-point WAN connection that needs only two addresses. In these cases, you want to create small subnets to avoid wasting IP addresses. This is done with Class C network addresses, which already use 24 bits to denote the network space. As you subnet a...
Database Size
As you add more and more WINS clients to your Windows domain, the WINS database will continue to grow larger. By default, the WINS service is intelligent enough to automatically schedule the database to be compacted online at off intervals. However there may be times when you find it necessary to manually compact the database. The WINS database is located in the systemroot system32 wins directory by default and is named wins.mdb. Its database is made up of the long-time Microsoft standard JET...
Inverse ARP
On nonbroadcast-based multiple access NBMA networks, such as wide area technologies including ATM, frame relay, and X.25, the network interface address is not the MAC address. Instead, it is a virtual circuit. In these cases, the IP address is mapped to the virtual circuit over which the packet is traveling. In resolving addresses in NBMA networks, the virtual circuit identifier is known but the receiving node's IP address is not. Inverse ARP InARP is used to resolve the IP address on the other...
Info Tte
We've already discussed the fact that a Class A network uses the first octet as the network address.You can see from the default subnet mask shown in the preceding table that the first octet is set to all 1s dotted decimal 255 . Recall that a network ID cannot be set to all 1s. Thus, when you use logical ANDing with any Class A network and the default subnet mask, it will always yield the Class A network ID. For example, if the Class A network ID is 66.x.y.z, it would be represented as...
Exam Warning Rmo
The MAC address is the piece of the reservation that actually identifies the client as it first initiates its DHCPDISCOVER broadcast. The MAC address is a 48-bit binary number, but it is notated as 12 hexadecimal digits arranged in pairs. It is imperative that you type this address correctly. You can find out the MAC address from the client computer by running ipconfig all. If you cannot physically visit the client computer, you can use the ping and arp commands to identify this number and then...
Exam Warning Pvf
The responsible person's mail address must be typed in FQDN format or it will not be accepted. Windows will ask if you want it to change it for you if you accidentally use an ' ' symbol instead of the . format between the user's name and the domain name. Example joejones.syngress.com. Figure 6.39 Configuring the DNS Zone Transfer Intervals Figure 6.39 Configuring the DNS Zone Transfer Intervals
Configuring NAT and Static NAT Mapping
In this exercise, we will configure NAT and a static NAT mapping for a Web server as shown in Figure 8.93. 1. Open Routing and Remote Access. Start Administrative Tools Routing and Remote Access. 2. From the Routing and Remote Access management console, right-click the server name and select Configure and Enable Routing and Remote Access. If this option is grayed out, select Disable Routing and Remote Access to start with a fresh configuration. 3. From the Routing and Remote Access Server Setup...
Spap
3. You administer a network composed of your corporate office and four separate remote offices located throughout the state. In an effort to avoid long distance charges, you have acquired fractional T-1 Internet access for each office. Each office has a Windows Server 2003 server configured with Network Address Translation NAT .You want to implement a VPN configuration that ensures that only users from the remote offices can access resources on your corporate network.You also want to ensure...
Client Name Registration
WINS enabled clients are configured with the IP address of either one or two WINS servers. The first IP address is referred to as the primary WINS server and the second one is called the secondary WINS server.When a WINS client starts, it directly registers its name and IP address with the IP address of its primary WINS server. If the first attempt at registering with the primary WINS server fails because the server is unavailable, the client will attempt only two more registration requests...
Delegation and Glue Records
Delegation and glue records are records added to the zone to delegate a subdomain into a separate zone.A stub zone, defined earlier, contains only the SOA, NS, and glue records for the zone. This helps the parent domain remain up-to-date with regard to the authority of delegated zones. The delegation record is a Name Space NS record in the parent zone that lists the parent zone as authoritative for the delegated zone. The glue record is an A type record A RR for the DNS server authoritative for...
Security Templates Ucl
1. A junior administrator has modified the permissions on the c drive of your file server.The operating system is installed on the c drive and the data is stored on the d drive.What is the simplest way to restore the default permissions for the file server A. Apply the securews.inf security template to the file server to apply the proper permissions. B. Apply the Setup secure.inf security template to the file server to apply the proper permissions. C. Apply the rootsec.inf security template to...
Adding Static WINS Records
In this exercise, we will show you how to manually add static WINS records of type unique to your database. 1. Click Start Administrative Tools WINS to open your WINS MMC snap-in console. 2. Highlight your Active Registrations container. Right-click and choose New Static Mapping as shown in Figure 4.33. Figure 4.33 Creating New Static Mapping Figure 4.33 Creating New Static Mapping 3. In the New Static Mapping dialog window, type the NetBIOS computer name of the non-WINS client as shown in...
Automatic Renewal
Lease renewal is something that is continually happening on all DHCP clients for which the lease duration has not been set to unlimited. By definition, lease renewal is the process by which a configured DHCP client tries to renegotiate its current IP information and options with its leasing DHCP server. Lease renewal is an automatic process and is determined by the lease duration settings in the properties of the DHCP scope to which the client's address belongs. The beginning of the lease...
Configuring the Windows Dialup RAS Server Oha
3. You have been asked to set up a Windows 2003 dial-up RAS server for your company.Your clients use Windows XP and Windows 2000 Professional computers. Company policy requires the most secure authentication possible. How will you configure your dial-up RAS server to meet company policy A. Configure CHAP authentication. B. Configure MS-CHAP v2 authentication. C. Configure PAP authentication. D. Configure EAP-TLS authentication. 0 D. Answer D is correct, because the certificate-based EAP-TLS...
Configuring Alternate IP Addressing Configurations
Windows XP and Windows Server 2003 clients can also be configured with alternate IP address configurations. This is especially helpful for laptop computers that may connect to a variety of networks such as branch office, home office, and vendor sites. The alternate IP addressing configuration also is used if the DHCP server cannot be contacted, as an alternative to APIPA. The alternate configuration includes IP address, subnet mask, default gateway, and DNS and WINS server IP addresses....
RRAS NAT Services Web
11. You are talking with another network engineer about network address translation. She claims that ICS and Microsoft NAT are the same thing. What are two major differences between ICS and Microsoft's implementation of NAT as provided in Microsoft's server product line Choose all that apply. A. NAT supports multiple public addresses, ICS does not. B. ICS works on Windows 2000 Server and Windows Server 2003, NAT does not. C. ICS supports multiple public addresses, NAT does not. D. NAT works...
IP Lease Acknowledgement
In the fourth and final stage of the DHCP lease process, the original DHCP offering server will respond to the client with a DHCPACK message.This is yet another broadcast message, which includes the IP address to be assigned to the client, along with any additional DHCP configured options, such as a default gateway or DNS server. See Figure 3.5 for an illustration of the DHCPACK message. In rare instances, the DHCP server will respond with a DHCPNAK message. This is a negative acknowledgement...
Using an Import to Create Your LMHOSTS File
In this exercise, we will show you how to import a standard text file into your Windows Server 2003 system in order to generate an LMHOSTS file. Make sure the file is formatted correctly before importing it, as discussed previously there is no need to name it or remove the file extension however, because this process will do that automatically. 1. Click Start Control Panel Network Connections Local Area Connection Properties. 2. Scroll down and highlight Internet Protocol TCP IP and then click...
I Lwq
9. You have implemented a NAT Basic Firewall configuration to allow your LAN clients to use private IP addresses and still access the Internet.You enabled the automatic assignment of IP addresses with the default scope. Things seem to be running well, but you get calls that the internal IIS server is occasionally unreachable. When you investigate, you see messages that indicate an IP address conflict. What is the best solution to prevent the IP address conflict from occurring A. Manually assign...
Info Tjg
0 D.The local subnet address is 66.22.192.0 this is the address to which the computer whose routing table we're viewing is attached.The subnet mask is 255.255.224.0.This means that the network address space uses 8 8 3 bits, or 19 bits.You can use bitwise ANDing to compare the IP address to the subnet mask to determine whether the address is local or remote. Dotted decimal result 66.22.192.0 Based on the result of the bitwise ANDing, the IP address is attached to the same subnet as the sending...
Integrating DHCP with Active Directory
With the introduction of DHCP into any network environment, you introduce a substantial amount of risk. Before Active Directory, there was no effective way to secure the implementation of a DHCP server installed on a Microsoft network. All a person needed was the ability to install the DHCP service, configure a scope, and activate it to be able to hand out IP addresses.Rogue DHCP servers, operating without the knowledge of the administrator, were not uncommon. In today's Active Directory...
J J
The following three settings are applied to all connections with TCP IP enabled. For resolution of unqualified names Append primary and connection specific DNS suffixes r Append parent suffixes of the primary DNS suffix Append these DNS suffixes in order I attemptl.com I attempt2.com DNS suffix for this connection connectionspecificsuffix.com W Register this connection's addresses in DNS Use this connection's DNS suffix in DNS registration Figure 6.49 Querying DNS Using DNS Suffix Search Order...
DNS Forwarder and DNS Slave Servers
The first thing a DNS server does when it receives a query is to check its cache and then its local zone for caching-only servers, it can check only cache . If the needed information cannot be found and the server is not authoritative for the requested data, it must check with other DNS servers to see if the query can be resolved. There might be cases when you don't want your DNS server to communicate directly with DNS servers on the Internet, for example. In this case, you can configure DNS...
Scope Options
Scope-level options are next in line and are specific only to the scope to which they belong. Using the previous example, if you wanted each of your clients to have a different default gateway, you would configure these as Scope options. Scope options override Server options. For example, if you had configured a global Server option for the distribution of a common DNS server, but had one scope that needed a different DNS server, you would configure this as a separate Scope option. Scope...
Info Opi
4.2 4.2.1 Configuring RRAS Packet Filters 4.5.3 4.6.1 Configuring the Windows 2003 Dial-up RAS Server 665 2003 Dial-up RAS Gateway PPP Multilink and Bandwidth Allocation Protocol BAP 680 PPP Multilink Protocol BAP Protocols 4.1.1 Configuring Wireless Connections Categorizing Wireless Networks Wireless Security 4.1.3 4.2.5 Configuring Remote Access Policies 4.2.4 4.3 Understanding Router Protocols
Class D and Class E
Recall our earlier discussion of IP multicasting. Class D is reserved for IP multicast addresses. The first four high-order bits are set to 1110. The remaining 28 bits are used for individual IP multicast addresses. Multicast Backbone on the Internet MBONE is an extension to the Internet that supports IP multicasts and uses Class D addresses. MBONE allows a single packet to have multiple destinations and is most often used in real-time audio and video applications. Class E addresses are not...
Hk The LMHOSTS File
The LMHOSTS file is a static file located in the systemroot system32 drivers etc directory.Windows looks for this file every time it boots and loads whatever data exists in it into NetBIOS name cache for faster queries. To make LMHOSTS files use the NetBIOS name cache effectively, you can use the PRE tag prefixes to make certain those entries remain in the cache permanently and are resolved instantly. The sample LMHOSTS file that ships with Windows Server 2003 has a default file extension of...
Internet Printing Protocol
The Internet Printing Protocol IPP is related to SMB and CIFS. It provides the ability to perform various printing operations across the network including an internetwork using HTTP version 1.1. In Windows Server 2003, IPP requires that the IPP Server be running Microsoft Internet Information Services 6 IIS 6.0 , which is not installed by default. There are a large number of RFCs that define different specifications for IPP. For more information, see the IEEE's PWG Printer Working Group Web...
WINS Proxy Agent
Though it is called Windows Internet Naming Service, WINS is not limited to Microsoft Windows clients using its services. Microsoft supports other clients using its database to register and query its database if those clients support using a WINS server as their name server. There are, however, certain circumstances where clients do not support the use of WINS yet understand NetBIOS naming and can use NetBIOS over TCP IP. Microsoft supports these clients by means of a proxy. A WINS proxy is a...
Rogue DHCP Server Detection
Rogue DHCP server detection is built into the way that Windows 2000 and Server 2003 DHCP servers announce themselves when starting up the DHCP service. Exactly how this works depends on whether the DHCP server is a member of the domain or a standalone. If the DHCP server is a domain member, it will query the Active Directory when it starts up, and the Active Directory will return a list of authorized DHCP servers. The querying server checks the list, and if its own IP address is there, it...
Troubleshooting Remote Access Client Connections Spr
13. You move some of the servers on your network to a new subnet.You manually update the DNS server records for these servers. A client contacts you to complain that their computer cannot access resources on one of the moved servers.You successfully ping the server by IP address. When you ping the server by name, you notice that a different IP address is listed. How can you quickly rectify this problem A. Run the gpupdate command to update the name resolution cache. B. Run the ping -a command...
Automatic Backup
To perform an automatic backup of your WINS database, follow these steps 1. Click Start Administrative Tools WINS to open your WINS MMC snap-in console. 2. Right-click your WINS server name and select Properties. 3. In the WINS servers properties window, type the path you want to use to automatically back up the WINS database in the default backup path window. For example, systemroot system32 wins backup, as shown in Figure 4.53. 4. Check the Back up database during server shutdown option...
Windows Server DNS Server Roles
In Windows Server 2003, DNS servers can be assigned one of several roles.The authoritative DNS server for a zone is the standard primary DNS server. Standard secondary DNS servers can be configured to provide three main benefits for the network Reduction of traffic on wide-area links Reduction of the load on the primary DNS server A DNS server can also be configured as a caching-only server or a forwarder.