Exam Warning

If you choose Append the DNS suffixes (in order), only domain names listed in that window will be tried for resolution purposes. Both the connection-specific and primary DNS suffix are ignored. If clients are not configured with multiple DNS suffixes as in Figure 6.50, their Primary DNS suffix is appended to the name and resent to DNS.The Primary DNS suffix can be found by going to Start Control Panel System Computer Name Change More as shown in Figure 6.51. If resolution is still unsuccessful,...

Configuring and Managing the WINS Server

Configuring and managing your WINS server correctly ensures seamless NetBIOS name resolution throughout your network environment. It is important to detail your configuration before it is approved and put into your production environment.To correctly configure your WINS server topology and manage its records, there are several key factors you must consider. These include Configuring WINS replication Manual versus automatic Managing WINS records and its database Backup and restore of the WINS...

Ipseccmd

The command line tool ipseccmd is used to script the creation of IPSec policy, and display active SAs and policy assignments. ipseccmd is no longer supported on Windows Server 2003 and its functionality is replaced by netsh.All IPSec-specific functionality is present in the netsh utility.You can view information about IPSec policies using either the netsh ipsec static show command or the netsh ipsec dynamic show command.

Resolving NetBIOS Names to IP Addresses

The standard resolution methods for resolving NetBIOS names to IP addresses were mentioned previously in the review of NetBIOS name resolution.Those methods can be used together along with other name resolutions protocols like DNS in order to provide a client with a positive name resolution request. What we will detail here are the different scenarios or name resolution methods that Windows clients can be configured to go through in order to map NetBIOS names to IP addresses. Though NetBIOS can...

Example of Subnetting a Class A Network

You know that Class A networks use the first octet as the network address and the remaining three octets for host address spaces. In a Class A network that is not subnetted, you can have one network and up to 16,777,214 host addresses. Even if you subdivide the network into 8,000 subnets, you would still have up to 2,046 host addresses per subnet. This is not an optimal solution if 1400 of your subnets need only four host addresses. Instead, you can recursively subdivide subnets to sizes more...

Lpe

Match the IP address based on this subnet mask Displaying the records from the WINS database is a potentially long and resource intensive operation.The response time is much improved if the database is filtered either by a specific name prefix or by a unique owner. Enabling result caching makes subsequent queries faster but increases the memory consumption. 3. Each one of the tabs can contain its own data, and the search will be issued as a combination of all of them. The new searching console...

Twc

Q I want to allow my DHCP servers to use Dynamic updates to register DNS records without taking ownership of each record in my Windows Server 2003 network. Can I do this and still continue to use secure-only updates in DNS A Yes.Windows Server 2003 introduced the option to supply credentials other than those of the DHCP server to register A and PTR records with your DNS server when your DHCP server is made a member of the DNSUpdateProxy group. This is acceptable to a secure-only Active...

Configuring ICMP Router Discovery

In this exercise, we will configure ICMP router discovery. 1. Open Routing and Remote Access. Start Programs Administrative Tools Routing and Remote Access. 2. In the left pane of the RRAS console, click General. 3. In the right pane, right-click the interface on which you want to enable router discovery, and then click Properties. 4. On the General tab, select the Enable router discovery advertisements check box. 5. In Advertisement lifetime (minutes), type or select the time after which a...

Info

Any available network access point preferred Access point (infrastructure networks only Computer-to-computer (ad hoc netwoiks only Any available network access point preferred Access point (infrastructure networks only Computer-to-computer (ad hoc netwoiks only Automatically connect to non-preferred networks 5. Specify how often Active Directory is to be polled for updates by typing a value in Check for policy changes every number minutes. 6. Specify the type of wireless network that clients...

Note

To add other types of DNS resource records manually, right-click on your DNS zones name and select Other New Records. A Resource Record Type dialog window will appear, giving you the ability to choose the type of resource record you want to enter. The most common are A, CNAME (alias), and MX records, which is why they have a direct option to create them on the context drop-down menu. Figure 6.22 Manually Adding DNS Records Figure 6.22 Manually Adding DNS Records Figure 6.23 Adding a New Host...

Vqa

You might be unable to configure a DNS server as a forwarder if the Active Directory Installation wizard did not detect any DNS servers during setup. In this case, it configures the DNS server as the root server, which cannot be configured as a forwarder. The root zone (.) must be deleted via the DNS Manager console or the command line dnscmd ZoneDelete . DsDel. The DsDel is used only for Active Directory integrated DNS. Question related to why a DNS server cannot reach the Internet may be...

Configuring DHCP Scopes

DHCP scopes are the basic building blocks for developing a framework for network segments on which you want to deploy DHCP clients. By definition, a scope is a range of IP addresses. This range has a beginning and an ending IP address that define the inclusive IP addresses that are available for clients to obtain. Configuring a DHCP scope is done via the DHCP management console snap-in. If you have installed the Administration Pak for Windows Server 2003, you will notice some new Microsoft...

Ipw

The tracert command enumerates the routing path that IP traffic will take to a given destination. Again, some basic statistical information is also listed with the trace. This command is a little less detailed than the pathping command. . From a command prompt, type tracert w.x.y.z, where w.x.y.z is the remote system address whose path you are testing. The results from a tracert are displayed in Figure 8.109. Tracing route to microsoft.com 207.46.134.222 over a maximum of 30 hops

Mlz

For more information on how Microsoft uses the sixteenth character of the NetBIOS name to define various functions, see Microsoft Knowledge Base article 163409. Additional related articles are 119495 and 154608. A NetBIOS name is either a unique name (belongs exclusively to one device) or a group name (belongs to a group and is nonexclusive).When a NetBIOS process needs to communicate across the network, it does so by specifying a unique name. When it needs to communicate with multiple...

Srv

Holds a specific host's IP address (IPv4 32-bit address). An IPv4 address is the standard four octet IP address with which you're familiar. Maps a DNS domain name to an IPv6 128-bit address. IPv6 is a later version of the Internet Protocol with additional functionality (described later in this chapter). Key RRs are signed by the key from their parent zone. This record holds the public key for zones that are able to use DNS Security Extensions (DNSSEC). DNSSEC is discussed later in this chapter....

Configuring Internet Authentication Services

You configure IAS for centralized authentication of remote users.What are two major advantages of IAS for authentication A. IAS provides open standard authentication, providing authentication for remote access devices from multiple vendors. B. IAS provides a proprietary authentication mechanism, providing authentication for remote access devices from multiple vendors. C. IAS provides single sign-on authentication for remote and local users through Active Directory. D. IAS provides single...

Disabling APIPA

It is possible to disable the generation of APIPA addresses on your Windows Server 2003 DHCP clients if you want to use only valid DHCP server scope addresses, even in the event that a DHCP server is not available.To do so, you need to edit the windows registry and make the following changes 1. Open the Registry Editor by running Reged32.exe and traverse to the following keys, depending on whether you want to disable APIPA for one network card or all network cards. Use this key, where...

Ibm

NetBIOS designed for, 280 Server Message Block developed by, 37 See also Token Ring ICMP (Internet Control Message Protocol), 28 ICS (Internet Connection Sharing), 146, 849 identification, 28 idle timeout, 701 IEEE 802.11 standard, 5, 685, 693-699 IEEE 802.1X configuration tab, 692 IEEE 802.1X standard, 686-693 IEEE (Institute of Electrical and Electronics Engineers), 4-5 IETF (International Engineering Task Force), 410 IGMP (Internet Group Management Protocol), 28-29, 731 IIS server, 806 IKE...

Class A

Class A addresses are designed for very large networks with few logical network segments and many hosts. Class A addresses always have the high-order bit (or left-most bit) set to zero. The first octet (the left-most eight bits) is used to define the network ID. The host addresses use the second, third, and fourth octets. This can also be represented as w network ID, x.y.z host ID (using the convention that all IP addresses are composed of four octets and represented as w.x.y.z). Let's look at...

Understanding Automatic Private IP Addressing APIPA

You are the systems administrator for a small network of fewer than 10 users on a single network segment, which is configured for peer-to-peer network resource sharing.You are using Windows XP and Windows 2000 on all of your client desktops and you decide to avoid the hassle of installing DHCP or manually configuring static IP addresses by using APIPA.You are using two file servers, both running Windows Server 2003, which also have the ability to use APIPA. Everything is running smoothly...

DNS Console

You should already be somewhat familiar with the Windows Server 2003 DNS administrative console after reading this chapter. There is some monitoring functionality built right into this console. To access this functionality, open the Monitoring tab on the Properties of your DNS server name. To do this, right-click your DNS server name and select Properties. Click the Monitoring tab as shown in Figure 6.63. Figure 6.63 Monitoring and Testing Your DNS Installation Figure 6.63 Monitoring and...

Advanced Options

The Advanced tab on the Properties page of your WINS server contains a few more settings that we feel are important to identify.You can get to this configuration dialog window as shown in Figure 4.51 by clicking Start Administrative Tools WINS to open your WINS MMC snap-in console. Right-click your WINS server name and select Properties. Click the Advanced tab. Figure 4.51 Configuring Advanced WINS Options Figure 4.51 Configuring Advanced WINS Options Configuration settings on this tab include...

How Bitwise ANDing Works

The term ANDing comes from a form of mathematics called Boolean algebra. Computers use Boolean operators in their circuitry. Integrated circuits contain components known as gates and inverters. A gate (or inverter) has one or more inputs. Their output is based on the state of those inputs.The state can only be off (0) or on (1). In Boolean terms, it can only be true (1) or false (0).AND gates will return (or output) 1 if all inputs are 1 and will return 0 if any input is not 1. An OR gate will...

Configuring Multilink With BAP

In this exercise, we will see the basic configuration for Multilink with dynamic BAP capabilities for a Windows Server 2003 Routing and Remote Access server. Later in this chapter we will revisit Multilink by configuring advanced settings through a Remote Access Policy for Multilink with BAP. 1. Because Multilink and BAP bind multiple physical connections together (usually dial-up) to increase available bandwidth, start with a basic gateway configuration as configured in Exercise 8.04. 2. From...

Configuring IAS

In this exercise, we will look at a basic IAS configuration. 1. Click Start Control Panel Add Remove Programs. 2. Click Add Remove Windows Components. 3. From the dialog box in the Windows Components Wizard, select Networking Services Details. 4. Select Internet Authentication Service followed by OK Next. Now that IAS is installed, it is time to configure the properties for the IAS server as follows 1. Click Start Programs Administrative Tools Internet Authentication Service. 2. Right-click...

Review of Windows Server Remote Access Concepts

A VPN is an extension of a private network that utilizes links through shared or public net-works.VPN technology is built on extensions to the point-to-point (PPP) protocol. PPP encapsulates upper layer network traffic to carry it through media that typically could not carry this encapsulated traffic. Think of this is a method for packaging data before transporting it to another location. Data is packed, or encapsulated, on one end of the link and it is unpacked on the other end. This transport...

Configuring the Windows Dialup RAS Gateway

A Windows Server 2003 Remote Access Server configured as a dial-up gateway provides dial-up connectivity for users located on the same LAN as the RRAS dial-up server.This RRAS gateway provides LAN-to-LAN connectivity for users of both the local and remote LAN or LANs. Figure 8.28 illustrates an example of an RRAS server configured to provide LAN-to-LAN connectivity for corporate LAN users. When configured to provide shared dial-up access via a common modem or modem pool, the RRAS dial-up server...

Configuring Basic Firewall Support

Now more than ever, security is a major concern in today's corporate environment. One way to improve basic security on an Internet-connected network is to install a firewall. Windows Server 2003 comes with basic firewall support built in. A firewall compares network traffic, as it passes through the firewall, to a set of preconfigured rules. Traffic streams are accepted or rejected based on the rules they match. To enable basic firewall support in Windows Server 2003, a public interface must be...

Using Network Monitor

You have captured frames of traffic from your network. Unfortunately there is so much data you are having difficulty finding the data you need. Which methods can you use to quickly locate only the desired data from the packets you captured (Choose all that apply.) A. Apply a Capture filter on the captured data that allows only the information you need in the Capture window. B. Apply a Display filter on the captured data that allows only the information you need in the Capture window. C. Search...

VPN Server Placement

Another important consideration in VPN connectivity is server placement. It is often more beneficial to have a VPN server protected by a firewall, as opposed to placing the VPN server outside of the firewall with direct Internet connectivity available to the VPN server. Again,VPN client operating systems can affect this decision. Because VPN client operating systems will usually dictate the authentication protocols and encryption methods used, this in turn will affect the proper placement of...

Summary of Exam Objectives

To successfully manage a network in today's environment, you must have a firm understanding of IP addressing and how to work with classful and classless subnetting issues. Classful addressing uses standard publicly assigned Class A, B, or C network IDs with the default subnet masks 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively. In addition, classful networks can be subdivided into smaller, equal-sized segments or subnets. These subnets are created by borrowing bits from the host...

Ntbackup Graphical Utility

In prior versions of Windows, in order to use the built in ntbackup.exe utility to back up your WINS database, you had to stop the WINS service prior to starting your backup. This was true because the WINS database was constantly open, and thus could not be backed up. This led to the extra overhead of creating special batch file jobs that would automatically stop the WINS service, start an ntbackup job, and then restart the WINS service. If anyone needed to use WINS for NetBIOS resolution at...

Converting Decimal and Binary Numbers

These exercises are designed to reinforce what we've learned about binary and decimal conversions. Each activity is followed by a step-by-step explanation. 1. Convert the following number to binary 24. Using the technique just described, we first write out the bit values of an octet 128 64 32 16 8 4 2 1. Next, we look for the highest value that is less than the number given. In this case, the highest number is 16. We set the Bit 4, which is equivalent to decimal 16, to 1. Next we subtract 16...

Supernetting Class C Networks

Useable network addresses have grown scarce as companies have expanded their networks and connected to other networks via the Internet. To prevent the problem of running out of Class A and Class B network addresses that are needed by very large companies, the Internet addressing authorities decided to try to preserve some of these network addresses. For example, if a small company needs about 2,000 addresses for all of its anticipated expansion, assigning it a Class B network would waste...

K

See Layer Two Tunneling Protocol (L2TP) L2TP IPSec. See Layer Two Tunneling Protocol with Internet Protocol Security (L2TP IPSec) labels, 417 LAN. See Local Area Network (LAN) LAN adapter, 671-672 LAN Manager (LM), 784-786 latency, 863 Layer 2 Forwarding (L2F), 574, 597 Layer 2 switches, 11, 14 Layer 2 tunneling protocols, 597 Layer 3 switches, 14 Layer 3 tunneling protocols, 597 Layer 4 switches, 14 Layer Two Tunneling Protocol (L2TP) described, 599-600 ports, adding on VPN server, 606...

Self Test

A Quick Answer Key follows the Self Test questions. For complete questions, answers, and explanations to the Self Test questions in this chapter as well as the other chapters in this book, see the Self Test Appendix. Installing and Configuring the Windows Server 2003 DNS Server 1. Your company has been planning a migration from their Windows NT 4.0 domain to a new Windows Server 2003 domain for over a year.You have a corporate office in Charleston, SC and 15 satellite branches spread out over...

Transmission Control Protocol

Data from the Transport layer's TCP is organized into segments. These are sent down through the protocol stack and headers are added. Each network technology (Ethernet, Token Ring, etc.) has a particular way it encapsulates data. This particular encapsulation is called the frame format. Each technology uses its own frame format. In Ethernet technologies, the frame of data is a fixed-length and is generally referred to as a packet. The Ethernet IP packet contains a preamble, destination and...

General Lease Duration Rules

DHCP scopes can be defined as a set of configurable IP address options along with hard-coded IP address ranges that ultimately service DHCP clients during their DHCP lease process. Lease duration times are scope independent and thus can be set differently for each scope on your DHCP server. Here are four general rules of thumb you can use when deciding what your lease duration time should be for each network segment's scope If the number of IP addresses available per subnet greatly exceeds your...

Dns

To view the monitoring conliguration, on the Action menu, click Properties and then select the Monitoring tab. For more information about troubleshooting a DNS server, see Help. If you are getting continual recursive query failures, you might want to make sure that another administrator has not disabled recursive queries on your DNS server. You can find this out by looking at the Advanced tab shown in Figure 6.61, and by making sure the Disable recursion (also disables forwarders) option check...

DNS Extensions

The DNS protocol defines and uses a number of fixed-length fields, each with a defined set of values.These fields, however, have been used for a variety of incremental improvements to the DNS protocol, and some method for further extending the DNS protocol's capabilities was needed. RFC2671 defines the first extension to the DNS protocol, EDNS0. It is assumed that subsequent extensions will be needed, thus the anticipated number scheme is EDNS0, EDNS1, EDNS2, and so forth. For more information...

Nonclassful Classless Subnet Masking

0 The process of creating variable length subnets is a recursive function this means that subnets are further subdivided (one or more times) to yield subnets with varying numbers of host addresses. 0 Variable length subnetting forms a tree-like structure of subnets, similar to a directory tree on a disk drive. 0 Variable length subnetting is accomplished by creating a variable length subnet mask (VLSM).This determines the number of resulting subnets. 0 The VLSM for a subnet is created from the...

Windows Server Active Directory Integrated DNS Servers

A DNS server, NS1Jones, on the domain us.somecompany.com, consistently fails to resolve names from the domain canada1company.com and mexicounocompany.com. It resolves names within the us.somecompany.com zone, for which it is authoritative, with no problems. What is the likely cause of this problem, assuming both external domains exist A. NS1Jones is unable to perform recursive queries. Check the Advanced properties of the DNS server. B. NS1Jones is configured to be a forwarder. Disable...

Installing and Configuring the Windows Server DNS Server

Your company has been planning a migration from their Windows NT 4.0 domain to a new Windows Server 2003 domain for over a year.You have a corporate office in Charleston, SC and 15 satellite branches spread out over the east coast. In each branch, you are currently running a Windows NT 4.0 domain controller that is also functioning as a DNS, WINS, and DHCP server. In the corporate office you have three domain controllers and two member servers. The member servers in corporate are running WINS,...

Configuring DNS Clients

Joey is a desktop engineer for a computer software company in downtown New York City called Solutions. His company has just integrated themselves with two other smaller software development companies to try to build a stronger customer service application in their com petitive market. The network groups have been combined and have successfully created a shared network backbone. They have also set up and confirmed that each company is now hosting secondary copies of the other's DNS domains....

[Leaving [Lmhosts file

Although the LMHOSTS file might contain the old IP address of the accounting server, it comes after the HOSTS file in the host name resolution process for ftp application access. Answer B is incorrect, because the question states that no static entries are used in DNS, so the accounting clients must not have been getting ftp server resolution via DNS. Answer D is incorrect, because if WINS was incorrect John would not have been able to ftp the file either. If set up to...

DNS Server with Internet Publishing

Chris works for a ski enthusiast's online purchasing e-store hosting its external Web domain site at skimoreworkless.com. Chris has an internal group of Web designers that publish to this Web site via its www.skimoreworkless.com Internet address. Chris hired a group of network consultants to come in and build a new Windows Server 2003Active Directory domain environment for their company's internal use. Chris sat down with the consultants to answer a few questions before they got started, one of...

Integrating the Windows Server DNS Server with BIND

You have been hired as a consultant for CX2 Consulting.Your job is to assist in the migration from Windows NT 4.0 to Windows Server 2003. CX2 Consulting will be implementing Active Directory and Exchange 2003.The company is currently using a Linux DNS server running BIND 4.9.2. CX2 Consulting has given you a few requirements for DNS. They want to take advantage of dynamic updates for their Windows 2000 Professional clients. They want to continue using the BIND DNS server. Which of the...

Troubleshooting the Windows Server DNS Server

Your network consists of four Windows Server 2003 domain controllers, three Windows 2000 member servers, and 50 Windows XP Professional machines.Your users are reporting that they cannot log onto the network.You believe this problem is due to the client machines not being able to resolve names via the DNS server.You want to test and verify that the workstations can talk to the DNS server over the network.Which of the following tools could you use (Choose all that apply.) 0 A, B. Answer A is...

Rras Nat Services

You are talking with another network engineer about network address translation. She claims that ICS and Microsoft NAT are the same thing.What are two major differences between ICS and Microsoft's implementation of NAT as provided in Microsoft's server product line (Choose all that apply.) A. NAT supports multiple public addresses, ICS does not. B. ICS works on Windows 2000 Server and Windows Server 2003, NAT does not. C. ICS supports multiple public addresses, NAT does not. D. NAT works...

Configuring Remote Access Policies

Your organization supports several users that work from home offices. Each home-based user connects to the network through a VPN.The DSL connections used by each home-based user are configured with static IP addresses.You want to use a remote access policy to ensure that the home-based users connect to the office only from their home office computers. What is the simplest way to accomplish this task A. Configure smart-card authentication for each home-based user. Configure a remote access...

Configuring Wireless Connections

You are tasked with the design and implementation of a new wireless network for your corporate campus. Users will connect to various access points around campus using primarily laptops and PDAs. How will you design an authentication scheme to simplify the administration of the 1,000+ users of this system A. Configure a single Windows Server 2003 system as the logon server. Create local accounts for all network users. B. Configure a pair of Windows Server 2003 systems as Active Directory domain...

Configuring LAN Routing

You are designing the corporate global network for your company.You have to decide on an authentication method. What is the preferred authentication method for Windows Server 2003 in a high security environment 0 B. Answer B is correct, because the Extensible Authentication Protocol with Transport Level Security (EAP-TLS) provides certificate-based authentication of users and computers in a Windows Server 2003 environment. 0 Answer A is incorrect, because MS-CHAP does not provide authentication...

Spap

The strongest encryption available is EAP-TLS with certificates. The lack of a certificate infrastructure dictates the use of MS-CHAP v2. MS-CHAP v2 provides the strongest encryption for VPN authentication on Windows Server 2003 systems therefore, Answer A is correct. 0 Answer B is incorrect, because PAP sends passwords in clear-text. This completely violates the corporate security policy since no encryption is used on the password or username. Answer C is incorrect, because CHAP...

O

Address classes and, 52-55 in binary to decimal conversion, 49 in classful subnet masking, 99-100 explanation of, 45 subnet masking and, 60, 61-62, 66 subnetting and, 55 for subnetting Class B network, 112 one-way hash algorithms, 586 one-way hashing, 592 Open Shortest Path First (OSPF) advantages features of, 721-722 configuring, 722-730 for dynamic routing, 80, 81, 708 frame relay questions about, 82 in general, 720 routing table view and, 129-130 summary of, 758 supports CIDR blocks, 122...

R

See Remote Authentication Dial-in User Service RARP (Reverse Address Resolution protocol), 29-30 RDA (Remote Desktop for Administration), 574 Record Name field, 330 Record-Specific Data, 430 adding DNS database records, 487-490 delegation glue, 431-434 stale, aging scavenging, 452 recursive queries from DNS console, 534-536 host name resolution and, 436-438 summarized, 458 recursive subnetting, 104 red X, 789,794 Redirector, 22 Refresh, 430 refresh interval, 501,...

Exam Objectives in this Chapter

2.1 Install and configure the DNS Server Service. 2.1.1 Configure DNS server options. 2.1.2 Configure DNS zone options. 2.1.3 Configure DNS forwarding. 2.2.1 Manage DNS zone settings. 2.2.2 Manage DNS record setting. 5.3 troubleshoot server services. 5.3.1 Diagnose and resolve issues related to service dependency. 5.3.2 Use service recovery options to diagnose and resolve service-related issues. 0 Exam Objectives Frequently Asked Questions

Install and Configure Automatic Client Update Settings

You now have a working SUS server on your corporate LAN so it is time to configure the clients.The updated Automatic Update client is available for Windows 2000 Professional, Windows 2000 Server, and Windows 2000 Advanced Server (all with Service Pack 2 or higher),Windows XP Professional,Windows XP Home Edition, and Windows Server 2003 family.Windows 2000 Data Center Server uses a special service for system update capabilities separate from the standard SUS service. Three options are available...

DVD Presenter

Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+, Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the University of Pennsylvania, where she provides network planning, implementation and troubleshooting services for various business units and schools within the University. Her specialties include Microsoft Windows NT and 2000 design and implementation, troubleshooting and security topics. As an MCSE Early Achiever on Windows 2000, Laura, was one of the first in the...

Configuring the WINS Client

You are an ASP.NET Web developer working for an Application Solutions Provider in Seattle,Washington. Because of the kind of work you do, your company allows you the flexibility to work from home about 90 percent of the time.The other 10 percent of the time is spent in the office, at corporate meetings, or presenting new code to other development workers.Your manager Akin asks you to present your current code in a meeting on Wednesday afternoon, to show the other developers.You show up...

Configuring the Windows Server VPN Server

After the completion of your company's PKI project, the CIO of your company has asked you to design a secure solution to give users located at satellite offices access to a new Web-based intranet application.There are typically two or three users in each of the seventeen remote offices. Client computers are using a mix ofWindows 98 and Windows XP Professional for their operating systems.Your corporate intranet server sits behind a NAT enabled router.What solution will provide the best security...

Pbv

CA (certificate authority), 618-619 cable, 6-7 cache hints file, 440 cache time-out, 363, 525 disabling client side DNS caching, 516-517 option for WINS records, 324-325 caching-only DNS server, 442 calling routers, 618-619, 620 Canonical Name (CNAME), 415, 427-428, 487 Capture Addresses menu item, 840 Capture Buffer settings item, 841 Capture Filter dialog box, 841-842 capture filters display filters, 843 monitoring filters, 841-843 network trace, 843-847 Capture Summary, 844, 845-846...

Subnetting Review

In this exercise, we're going to walk through a subnetting scenario to reinforce what you've learned about classful subnetting. Using the network address 134.40.0.0 and the default subnet mask, you will create subnets that will allow for no more than 2,150 hosts per subnet. You'll determine the number of subnets, address ranges, the subnet mask, and the number of network bits used. 1. 134.40.0.0 is a Class B network using 16 network bits by default. This can support up to 65,534 hosts before...

Enhanced hnode

Enhanced h-node type clients use the same resolution methodology as regular h-node clients with the addition of DNS in the resolution path. If DNS is also configured on your WINS clients, it will be used to try and resolve NetBIOS names. By default, Microsoft Windows 2000 XP Server 2003 NetBIOS clients that are configured to use a WINS server use enhanced h-node NetBIOS name resolution. Enhanced h-node client types will resolve NetBIOS names in the following order

Configuring RIP on a Windows Server Network

Route Lan Wan Internet Windows 2003

In this exercise, we will configure RIP v2. 1. Begin by configuring LAN Routing in Routing and Remote Access. Click Start Programs Administrative Tools Routing and Remote Access. 2. In the left pane of the Routing and Remote Access management console, right-click the server name and select Configure and Enable Routing and Remote Access. If this option is grayed out, select Disable Routing and Remote Access to start with a fresh configuration. 3. On the first page of the Routing and Remote...

Static and Dynamic IP Routers

Routing tables can be updated manually or dynamically. If the table must be updated manually, it is considered to be static. If the table can be updated automatically, it is considered to be dynamic. Static routing works well in small environments but does not scale well to larger networks. Another useful application of static routing is in subnets that are separated from the rest of the network. Rather than using routing protocols across WAN connections, static routes can be entered manually...

Exam Objectives Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com. Q How likely am I to see a question related to the DoD DARPA model or ARPANET on the exam A It's unusual to see a question directly related to these topics but you will see questions...

Assigning Addressing Information to Network Clients

Your corporate network uses DHCP to dynamically assign IP addresses to clients. You're installing a new router and have been given the router's assigned static IP address.You configure the router and add it to the network. Immediately, you begin getting calls from users who cannot connect to the network. When you ping the router, you get errors. What is the most likely cause of this problem A. The router is using an address within the scope of the DHCP addresses. B. The router is using a...

WINS Monitoring and Statistics

WINS keeps an ongoing history of statistical information within its database. These statistics can be viewed in the WINS MMC console by following these steps 1. Click Start Administrative Tools WINS to open your WINS MMC snap-in console. 2. Right-click your WINS server name and select Display Server Statistics as Figure 4.86 Displaying WINS Server Statistics Figure 4.86 Displaying WINS Server Statistics You can use the statistics shown in Figure 4.87 to determine any of the following bits of...

Apipa

IP Addressing Configurations Summary of Exam Objectives Exam Objectives Fast Track Exam Objectives Frequently Asked Questions 152 Self Test Self Test Quick Answer Key Chapter 3 The Dynamic Host Configuration Protocol 161 Introduction 1.2 Review of DHCP 1.2.1 DHCP Leases General Lease Duration Rules The DHCP Lease Process IP Lease Request (Discover) IP Offer Response IP Selection Request IP Lease Acknowledgement Lease Renewal Automatic Renewal Manual Renewal 1.2.5 1.4.4 Server 2003 DHCP Server...

Monitoring and Troubleshooting Internet Connectivity

A LAN client is unable to navigate to www.syngress.com using Internet Explorer.The user can access network resources, but cannot access any Web sites outside of the corporate domain. Which of the following tools will assist you in identifying the problem (Choose all that apply.) 0 A, C. Answer A is correct, because PING can help you by starting with the local loopback adapter, then the local adapters address, default gateway, and ultimately the destination, www.sysgress.com. Answer C is...

Ozj

Network address translation (NAT) C. Virtual private network (VPN) access and NAT D. Secure connection between two private networks 7. Your company is designing a software package that will replace legacy applications that currently use IPX SPX for connectivity with TCP IP as a transport mechanism. Currently, the software engineers on your four remote office networks need access to a common test server located in your corporate office. The connectivity...

WINS System Monitor Objects

The Windows System Monitor is a real-time diagnostics tool for troubleshooting WINS data traffic flowing between your WINS server and each of your WINS clients. System Monitor allows you to target specific object-related counters found on your system and track the data associated with those counters. Found in the Administrative Tools menu under the heading Performance, System Monitor can be set up to log real-time WINS registration, renewal, and query events, and to alert you regarding any...

Review of DHCP

0 The DHCP protocol provides the ability to dynamically and automatically assign clients an IP address from a prebuilt pool of addresses. 0 DHCP is a broadcast protocol that uses four steps in the leasing of an IP address DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK. 0 DHCP and BOOTP are different protocols with different purposes, although they share the same broadcast UDP ports of 67 and 68. DHCP is based on BOOTP but provides TCP IP configuration options in addition to an IP address...

M

If you enable shadow copies, Windows will use the default schedule and settings, and create a shadow copy of the selected volume(s) now. Important The default settings are not appropriate for servers that have high I O load. For heavily used servers, you should manually configure shadow copies and place the storage area on a volume that will not be shadow copied. For more information about best practices for setting up shadow copies, biick herd. D o you want to enable shadow copies 5. It may...

Understanding Basic IP Routing

A remote user reports that her computer doesn't seem to be able to connect to the corporate network. From your computer, you use the ping utilities to try to contact her computer, using its IP address.This returns the following message Packets sent 4, Received 0, Lost 4 (100 loss) .You also try pinging her computer by its name, cooperjones. Ping returns the following message Ping request could not find host cooperjones. Please check the name and try again. Based on these results, what would...

Adding Routing Table Entries

The Routing tool is accessed via the command prompt by clicking Start Run, typing cmd and pressing Enter. This opens a command prompt window in which you can run a variety of command-line utilities including ping, tracert, and route. To add routing table entries, open the command prompt window. Figure 2.3 shows how to access the route command help, which shows you how the commands are formatted and what parameters can be or must be included. At the prompt, type route help and press Enter. This...

Review of DNS

Lisa Cooper works in the finance department, which has its own domain, finance.eastcoast.somecompany.com. Lisa Chandler works in the operations department in the same branch office as Lisa Cooper. While having lunch one day, Lisa Cooper mentions to Lisa Chandler that she'd renamed her computer to LISAC because it originally had come configured as HQV53X09 and she just didn't like that. Lisa Chandler becomes concerned when she hears this because her computer is named LISAC and she knows you...

Name Resolution

The resources you provide on your LAN must be accessible by some means. Although you may be familiar with IP addresses, and may even know the IP address of every host on the network, it is not reasonable to assume that your clients will be able to use IP addresses to access those resources. The simple solution is to provide friendly names that can be used by your clients, such as www.syngress.com or BRAGI PublicFiles, and so on. In order to facilitate friendly names, we must provide readily...

Integrating the Windows Server DNS Server with WINS

WINS is used in the Windows NetBIOS world as DNS is used in the Windows host world. Whereas WINS resolves NetBIOS names to IP addresses, DNS resolves host names to IP addresses. Windows Server 2003 DNS allows the ability to integrate your existing WINS database into your DNS database to allow DNS-only clients name resolution of NetBIOS names. By default, downlevel Windows clients that do not use DNS for name resolution must rely on your WINS server.Thus your Windows 2000,Windows Server 2003,...

Test Day Tip

Two very powerful commands in Windows Server 2003 are pingpath and netsh. Review this chapter and the Windows Help files to make sure you understand the power of these commands. Also, there is no substitute for basic experience. The more time you spend using the tools available to you, the better your understanding of their benefits and limitations. The nslookup command is used to troubleshoot and test DNS information for client systems.When used with a computer name or FQDN within an Active...

Joey forgot to check Use this connections DNS suffix in DNS registration

Joey forgot to add the IP addresses of the other company's DNS servers in the DNS window. C. Joey forgot to add his domain name to the DNS suffix search order list. D. Nothing, there must be a problem with the Web site's host record. 0 C.Answer C is correct, because as soon as you enter a single domain into the DNS suffix search order window, both your DNS suffix for this connection and your Primary DNS suffix are not used anymore to append to host names during the resolution process....

Supporting Network Infrastructure

Several design considerations need to be taken into account when designing a network infrastructure with VPN gateways.Address allocation, routing table maintenance, name resolution, auto-static routing update, and dynamic routing updates all affect the network infrastructure design. In this section, we will see how dynamic routing, name resolution, and auto-static updates are affected by VPN gateways in a network infrastructure. DHCP clients, for example, may receive IP addresses from a DCHP...

Figure The Tcpip Protocol Suite and OSI Model

TCP IP's Network Interface layer translates into Layers 1 and 2 of the OSI model, performing the same functions as the latter's Physical and Data Link layers. The TCP IP Internet layer maps to the Network layer in the OSI model. In both models, the Transport layer is the next layer up, though in the DoD model, it originally was referred to as the Host-to-Host layer. The Application layer in the DoD model maps to the top three layers of the OSI model Session, Presentation, and Application. As...

Setting up wins to Interoperate with dns

How Make Parental Control Dns Server

In this exercise, we will show you how you can set up your DNS zones to query your WINS database on behalf of your DNS clients for requests not found in DNS. This is useful if the majority of your server names are NetBIOS names stored in WINS, but you wish to use DNS to resolve these names. 1. Click Start Administrative Tools DNS to open your DNS console. 2. Expand your Forward Lookup Zones container. 3. Highlight the zone you want to configure, right-click it, and select Properties. 4. In your...

Integrating the DHCP Server with Routing and Remote Access

RRAS support is being implemented by more and more companies as their employees are beginning to work from their homes over fast DSL Cable Internet services and VPN connections, in addition to traditional dial-up accounts. Most internal networks today use the TCP IP protocol as the primary or only network transport protocol for internal communication and resource sharing. In order to facilitate the internal use of TCP IP for remote access, your RRAS server has to be able to allocate TCP IP...

Troubleshooting Windows Server VPN Services

There are several possible problems that can prevent clients or other VPN routers from connecting to the VPN service. The best approach to troubleshoot connectivity problems is to follow the OSI reference model and approach the problem from the simplest possible connectivity problems first. Work your way up in complexity, climbing the OSI reference model as you go. Remote access connections in general have an added level of complexity because they first rely on an underlying connection before...

Configuring Multicast Scopes

Multicast scopes provide DHCP functionality to clients via a multicast IP address. Multicast addresses are secondary addresses that can be assigned to computers to make them members of a multicast group. This allows messages to be sent to multiple computers by using a single address, as opposed to unicast addressing in which messages are addressed to one individual computer. Multicast addresses fall within the Class D address range of 224.0.0.0 to 239.255.255.255. Multicasting provides a...

IP Routing Tables

Any IP node that initializes the TCP IP stack will generate a default routing table based on the configuration of that node. For instance, when your network-connected desktop boots up and initializes the TCP IP stack, it will create a default routing table based on your computer's unique IP address, which includes the network ID as well as the default gateway default router and subnet mask. The table also contains the logical or physical interface, typically the network interface card, to be...

Using System Monitor to Monitor Active Queries per Second

This exercise is designed to teach you how to use the Windows Server 2003 System Monitor to pinpoint and track WINS specific data. 1. Open the Performance MMC console System Monitor from your Administrative Tools menu or type perfmon at the Run command . 2. At the bottom of the screen, click each of the predefined counters for example Pages sec and press the Delete key. This will clear all counters except the ones we are interested in seeing. 3. Click the Add button the plus icon on the middle...

Client Name Renewal

At the TTL extinction period, the WINS client will go through the process of name renewal with its configured WINS server, in an attempt to refresh its existing NetBIOS name registration. Because WINS is a dynamic database, WINS clients can register and unregister their names themselves. They do this at configured time intervals depending on the TTL of their registered name.The default TTL interval configured for Windows Server 2003 WINS server is six days, and is shown in the Renew interval...

Configuring DHCP Reservations

DHCP Reservations provide a way to reserve a particular IP address for a specific client, which is useful for clients that always need to have the same address.Why not just assign a static IP instead You could, but then the client would not be able to get other configuration options DNS server, default gateway, etc. from the DHCP server if when those options change you would have to change them manually on every statically assigned computer. Reservations are treated a bit differently than the...

Configuring the DHCP Relay Agent

Ceste has been working for the client services department at a local bank in Richmond,Virginia for over a year. He is responsible for client connectivity to the corporate network backbone. Ceste is a member of the DHCP Users group and uses his privileges as a member of this group to gauge the status of DHCP leases and available IP addresses. Jamie is a systems engineer for the same bank, and is responsible for the back-end configuration of all DHCP servers and scope configuration. He is a...

Tunneling Protocols Supported by Windows Server

Windows Server 2003 includes two VPN tunneling protocols for remote access via VPN connections PPTP, which uses MPPE for encryption. L2TP with IPSec to provide for higher layer encapsulation and encryption features necessary for VPN connectivity.This combination is known as L2TP IPSec. We will explore the features of both of these protocols in the following passages. The PPTP Forum, a joint venture between Microsoft and several other companies with interests in remote access technology 3COM,...

Configuring Forward Lookup Zones

If your goal is to create an authoritative DNS zone for your or some other company's domain name, you must configure a forward lookup zone. Let's break that term up into two parts to define it more easily forward lookup and zone Forward Lookup Forward lookup refers to the manner in which a DNS server resolves a host name to an IP address. Forward means name to IP. Zone A zone is a portion of a contiguous name space in which a server has been given the authority to resolve DNS queries. To...

User and Vendor Class Options

User and Vendor classes are optional methods of classifying or grouping machines or users into unique units for individual configuration. Options configured at these levels overwrite any options at the scope or server level. Both of these options were first introduced with Windows Server 2000 and are becoming more widely used to granularly manage and define the client base. They can be defined in the following manner Do any of your DHCP servers host multiple DHCP scopes Do any of these scopes...

Configuring the Windows Server VPN Gateway

You have been assigned the task of configuring a VPN server for several remote users to access your corporate network.You open the Routing and Remote Access Server Setup Wizard to begin this process. Using Figure 7.31 as a guide, which of the following options will provide you with a base VPN server for this task Choose all that apply. Figure 7.31 Routing and Remote Access Server Setup Wizard Configuration Routing and Remote Access Server Setup Wizard Vou can enable any of the following...

NetBIOS Name Discovery

Once a NetBIOS name is registered, other computers on the network may want to locate application or file level resources on that workstation or server. To accomplish this, a similar method is performed on the local segment called a NetBIOS name query. A NetBIOS name query takes the destination name it is looking to locate and either broadcasts it or sends it to a configured name server for resolution. Depending on the method, if a positive match is found for the name, either the owner of the...

Enterprise Admins Group

The Enterprise Admins group is often called the all powerful group in the Active Directory environment.There is good reason for this, because members of this group have the ability to do whatever they want on an enterprise or forest-wide level. This includes full rights over the DHCP servers. One special feature of this group is that it is the only Active Directory group that has the right to authorize a DHCP server. Because the Enterprise Admins group does have so much power over the network,...

PPP Authentication Process and Protocols

Authentication is the process of verifying an identity.This verification could be for a user, a computer, or both. After a user has been authenticated, we can control access to resources and maintain information about logon and access rights used. Authentication is the first line of defense when securing a network. The Point-to-Point protocol PPP provides encapsulation capabilities for higher layer protocols like TCP IP and IPX SPX as well as multilink and authentication capabilities. In this...

Removing Routing Table Entries

A routing table entry can be removed in several ways. If the command line utility, route, was used to create the entry and the entry was not entered using the -p parameter, the entry will be lost when the computer is restarted. If the entry was defined as a persistent route using the -p parameter, the entry can be removed either via the command line utility or via the Routing and Remote Access administrative tool interface. To clear the table of all gateway entries, use the -f switch with the...