Caching Only Servers

Caching-only servers do not host any zones and are not authoritative for any particular domain. The information they contain is limited to what has been cached while resolving queries. In determining when to use this kind of server, note that when it is initially started, it has no cached information. The information is obtained over time as client requests are serviced. However, if you are dealing with a slow WAN link between sites, this option might be ideal because once the cache is built,...

Practice Deploying a Radius Server

In this practice, you configure IAS to handle remote access authentication and authorization from requests received by Routing And Remote Access. Exercise 1 Configuring the RADIUS Client In this exercise, you install IAS on Computer1 and configure Routing And Remote Access as a RADIUS client. 1. On Computer1, insert the Windows Server 2003 installation CD-ROM. 2. From Computer1, log on to Domain1 as Administrator. 3. By using Add Or Remove Programs in Control Panel and the Windows Components...

Netdiag

Netdiag is a command-line utility that you must install manually from the Windows Server 2003 installation CD. The utility is included in the group of tools called the Windows Support Tools. You can install this group of tools by browsing the CD to the Support Tools folder and double-clicking Suptools.msi. After the setup program is complete, you can run Netdiag from the installation directory you selected during the setup process. Like Network Diagnostics, Netdiag runs a series of tests on the...

Configuring Demand Dial Interfaces

The first step in deploying demand-dial routing is to configure a demand-dial interface on each computer you want to function as a demand-dial router. You can configure these interfaces by using the Demand-Dial Interface Wizard. You can run this wizard as an extension of the Routing And Remote Access Server Setup Wizard, or as an option after the Routing And Remote Access service has already been configured and enabled. If you have previously configured and enabled the Routing And Remote Access...

Reconciling the DHCP Database

If you detect that the DHCP database information is missing or inconsistent, you can attempt to resolve the problem by reconciling DHCP data for any or all scopes. Scope IP address lease information is stored in two forms by the DHCP Server service Detailed IP address lease information, stored in the DHCP database Summary IP address lease information, stored in the DHCP database When reconciling scopes, the detail and summary entries are compared to find inconsistencies. If you choose to repair...

Info

Router (Default Gateway) page (optional) This page allows you to specify which default gateway (and alternates) should be assigned to DHCP clients. Domain Name And DNS Servers page (optional) This page allows you to specify both the parent domain to be assigned to client computers and the addresses of DNS servers to be assigned to the client. WINS Servers page (optional) This page allows you to specify the addresses of WINS servers to be assigned to the client. Clients use WINS servers to...

Exercise Testing the Configuration

In this exercise, you ping the hosts in the newly delegated domain. You perform this exercise on Computerl, which uses the local DNS server for name resolution. 1. If you have not already done so, from Computerl, log on to Domainl as Administrator. 2. Open a command prompt and type ping computerl.sub.domainl.local. Then press Enter. An output indicates that the host computerl.sub.domainl.local is responding from the IP address l92.l68.0.l. If the ping is unsuccessful, at the command prompt,...

Troubleshoot Tcpip Addressing

Static IP addressing is an error-prone procedure, and the techniques for debugging errors such as duplicate IP addresses, mistyped IP addresses, incorrect subnet masks, and incorrect default gateways are well-known. The Ipconfig command-line utility displays TCP IP configuration information, whereas Tracert addresses the problem of packet loss in a large network. The Ping command-line utility determines whether a specified IP address is reachable. The PathPing utility, introduced in Microsoft...

Troubleshooting Demand Dial Routing

The following list provides a conceptual summary of the configuration requirements for a demand-dial routing deployment and of the associated potential points of failure. Review this summary and refer back to it as needed to help you troubleshoot routing through demand-dial interfaces. 1. A number of basic features must be enabled on both ends of the connection for demand-dial routing to function. First, verify that Routing And Remote Access is configured and enabled on both servers. Second,...

Understanding Static Routes

Static routed networks do not use routing protocols such as RIP or OSPF to communicate routing information between routers. A static routed IP environment is best suited to small, single-path, static IP internetworks. For best results, the internetwork should be limited to fewer than 10 subnets. In addition, these subnets should be arranged consecutively (in a straight line) so that traffic pathways are predictable. A final guideline for static routing is that the topology for internetworks...

Configure Routing And Remote Access User Authentication

This objective requires that you know how to configure RAS on a server running Windows Server 2003. You need to be able to configure user authentication to a preprepared specification. You need to know how to ensure that a secure authentication protocol (Kerberos v2) is used, and how to prevent the use of downlevel protocols such as New Technology Local Area Network Manager (NTLM). You should know that with EAP, the mechanism that authenticates a remote access connection is negotiated by the...

Monitoring Network Traffic with Netstat

One tool you can use to help monitor your traffic is a command-line tool called Netstat. Netstat provides information about existing network connections and network activity statistics. For instance, if you wanted to determine on which ports a system was listening for connections, you could execute the Netstat -a command. This would determine that the ports that you want closed are indeed closed. However, just knowing which ports are open might not be enough data to close the hole. Indeed, you...

Identifying Name Resolution Issues

Figure 12-17 shows another example that you might encounter. C > ping tailspintoys.c Ping request could not Figure 12-17 DNS unable to resolve requested host name Here the result returns no sign that the name resolution is occurring. In this situation, the next logical step is to verify the user's DNS settings and server to ensure that both are returning the values expected from the Ping operation. Check to see that the client's network adapter is using a DNS server that is part of your...

HandsOn Kerberos Tracking

To track logon, you must first prepare and start the tools that will be used. Ensure that auditing of logon events and account logon events is turned on for DCs and domain computers. This should be done in the Default Domain Policy. Make sure the policy has been updated. Download and install the Resource Kit utilities Kerbtray.exe and Klist.exe. Make sure a copy is available on the logon client. Start Network Monitor and start a capture prior to logon. Optionally, make a folder on the DC to...

Deploying IAS as a Radius Server

For basic RADIUS scenarios in which no RADIUS proxy is implemented, deploying IAS as a RADIUS server requires configuration both at the client running Routing And Remote Access and at the server running IAS. Exam Tip Pay close attention to this section. You need to know how to configure RADIUS clients and servers on the 70-291 exam. To configure a computer running Routing And Remote Access as a RADIUS client, first open the server properties dialog box in the Routing And Remote Access console,...

Using Service Recovery Options to Diagnose and Resolve Service Related Issues

Most of the services that are installed by Windows Server 2003 run under the Local System context that is, the special Local System account controls when the service should be started and stopped. However, additionally loaded services (usually by Microsoft or third-party applications) run under potentially different contexts. Often, when the service is being loaded, the administrator is asked for specific credentials under which the service is run. This way, instead of providing the service...

Exploring DHCP Audit Logging

Conflict Detection Attempts Dns

By default, the DHCP Server service writes daily audit logs to the folder WINDOWS System32 Dhcp. These audit log files are text files named after the day of the week. For example, DhcpSrvLog-Mon is the log file that records all DHCP server activity between midnight and ll 59 P.M. on Monday, and DhcpSrvLog-Tue is the log file that records all DHCP server activity between midnight and ll 59 P.M. on Tuesday. Audit log files are typically overwritten after seven days, at which time a new log file...

Security Configuration Wizard

The Security Configuration Wizard (SCW) is a wizard that guides you through the process of creating, editing, applying, or rolling back a security policy based on the selected roles of the server. After you have installed SP1, the SCW is made available as a new Windows component that you can add through Add Or Remove Programs in Control Panel. After you add this Windows component, you can launch the tool through the Start Menu. The SCW greatly simplifies the process of configuring security on a...

Implementing Managing and Maintaining Routing And Remote Access

Microsoft Windows Server 2003 can be configured as a router, as a dial-up server, as a virtual private network (VPN) server, and as a Network Address Translation (NAT) provider. Two such servers can be configured to send data between two private networks securely over the Internet. The Internet Authentication Service (IAS) on Windows Server 2003 can be configured to provide the Remote Authentication Dial-In User Service (RADIUS) to RAS servers that are RADIUS clients. Where Windows Server 2003...

Understanding DHCP Relay Agent

DHCP Relay Agent allows client computers to obtain an address from a DHCP server on a remote subnet. Typically, DHCP clients broadcast DHCP Discover packets that are then received and answered by a DHCP server on the same subnet. Because routers block broadcasts, DHCP clients and servers must normally be located on the same physical subnet. However, two methods can help you work around this limitation. First, if the routers separating the DHCP server and clients are RFC 1542-compliant, the...

Difference Between NAT and ICS

Like NAT, the ICS feature built into Windows provides Internet connectivity to hosts through a single interface a dial-up or permanent connection on a Windows computer. Like NAT, ICS also allows internal clients to preserve private IP addresses while these clients connect to public external addresses. Finally, NAT includes a component called Basic Firewall that blocks all but response traffic from entering the internal network. This component corresponds to Windows Firewall, which provides a...

Close Network Monitor Exercise Capturing DHCP Lease Renewal Traffic

In this exercise, you capture traffic from a DHCP lease renewal. 1. If you have not already done so, from Computer1, log on to Domain1 as Administrator. 3. Start a capture by clicking Start Capture. 4. Switch to Computer2. Unlock Computer2 if necessary by reentering the DOMAIN1 administrator credentials. 5. At a command prompt, type ipconfig renew, and then press Enter. After a few moments, an output displays the newly refreshed IP configuration. 7. In Network Monitor, stop the capture by...

Maintaining a Infrastructure

This examination domain requires that you know how to maintain and troubleshoot your network. You need to know how to monitor the health of your network and ensure that it can cope with the bandwidth requirements specified by the network design plan. You need to know when a network is operating normally, and how to produce a baseline showing normal traffic patterns. You need to know how to capture network traffic statistics, and how to compare these statistics with your baseline data in order...

Objective Questions

The Active Directory domain structure of the fourthcoffee.com forest is shown in the following illustration. DC1 is the first domain controller in domain accounts.den-ver.fourthcoffee.com. Clientl is a client in the same domain. No changes have been made to the primary or connection-specific DNS suffixes on either computer. What is the FQDN of Clientl 2. Resource1 is a multihomed Windows Server 2003 member server in the design.treyre-search.corp Active Directory domain. One of Resource1's...

Lesson Connecting to a Windows Server Network Infrastructure

In Windows, network connections are logical interfaces between software (such as protocols) and hardware (such as modems or network adapters). To connect to a network infrastructure, you will need to view, configure, and troubleshoot these network connections. After this lesson, you will be able to Bind protocols, services, and clients to a network connection Change the binding order of components bound to a connection Configure an IP address manually Configure an alternate IP address Recognize...

Using the Routing And Remote Access Console

The Routing And Remote Access console is the graphical user interface (GUI) tool you use to configure routing in Windows Server 2003. In a basic installation in which Routing And Remote Access has been configured only for LAN routing, the Routing And Remote Access console includes two main nodes for each server node the Network Interfaces node and the IP Routing node. Figure 9-3 shows these nodes. Routing and Remote Access j -B Server Status S-g COMPUTER 1 (local) i j L Network Interfaces B-jH....

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. You have configured a subnet with two DHCP servers, DHCP1 and DHCP2. DHCP1 provides addresses within the first 80 percent of the subnet's scope range, and DHCP2 provides addresses for the remaining 20...

Exercise Using Nslookup in Interactive Mode

In this exercise, you use Nslookup in interactive mode to compare the outputs of lookups in Nodebug, D2, and Debug modes. You then perform specialized queries within the default zone. 1. If you have not already done so, from Computer1, log on to Domain1 as Administrator. 2. At a command prompt, type dnscmd zoneresetsecondaries domainl.local nonsecure. This command enables zone transfers to any server, which allows you to view the full contents of the domain1.local zone by using Nslookup. 3. At...

Exercise Configuring NAT Through a Demand Dial Interface

In this practice, you configure NAT through a demand-dial interface. 1. Log on to Domain1 from Computer1 as Administrator. 2. Open the Routing And Remote Access console. 3. In the console tree, right-click the COMPUTER1 (Local) node and, from the shortcut menu, select Configure And Enable Routing And Remote Access. The Routing And Remote Access Server Wizard launches. 4. Select Network Address Translation (NAT) and click Next. The NAT Internet Connection page appears. 5. Select Create A New...

Additional Uses for Kerberos Tools

Kerbtray.exe and Klist.exe provide a wealth of information. In addition, you can also use Netdiag to determine how Kerberos is functioning. These tools are all relatively simple to use. Understanding Kerbtray If the Kerbtray icon shows only question marks, you know that no Kerberos tickets are in the cache. This situation can occur if a computer is not connected to the network or if no DCs are available. Double-click the Kerbtray icon to see a list of tickets obtained since logon....

Exploring VPN Deployment Scenarios

VPNs are typically deployed either to allow users remote access to a network or to connect two or more private networks. The following section describes the configuration requirements for these scenarios and for a third, mixed scenario in which the VPN server is located behind a firewall. Because all three scenarios involve network access beyond the VPN server, the VPN servers in all cases must be enabled for LAN and demand-dial routing (settings found in the General tab of the server...

Using the Performance Console to Create Alerts

So far in this chapter, you have seen that Task Manager is an easy-to-use tool, and you already know that the Performance console is a powerful tool. How do you know when it's best to use which tool You might choose to use the Performance console over Task Manager for two main reasons Access to more performance counters Ability to send alert triggers based on specific criteria You have already seen that dozens of counters are available through the Performance console. Now let's take a look at...

Configuring VPN Types

Windows Server 2003 includes support for two types of VPNs PPTP and L2TP IPSec. If you did not originally specify a VPN remote access server role when you ran the Routing And Remote Access Server Setup Wizard, Windows Server 2003 includes only five ports for each VPN type. Because each port enables a single remote access connection, a typical Routing And Remote Access installation by default allows only five simultaneous connections of each type. These ports appear in the Routing And Remote...

Tuning Advanced Server Options

When initialized for service, DNS servers running on Windows Server 2003 apply installation settings taken either from the boot information file, the Registry, or the Active Directory database. You can modify these settings on the Advanced tab of the server properties dialog box in the DNS console, as shown in Figure 5-28. Debug Logging Event Logging i Monitoring Disable recursion (also disables forwarders) Load zone data on startup From Active Directory and registry V Enable automatic...

Analyzing DHCP Messages

The DHCP messages exchanged in the various stages of a lease process can be seen and analyzed in Network Monitor captures. This section describes the structure of individual DHCP messages so that they can be recognized within a larger pattern of exchanges between DHCP clients and servers. Figure 8-2 illustrates the general structure of a DHCP frame. As shown in the figure, the header is made up of 15 sections, including a variable-length Options section. The DHCP message type is distinguished...

About the Authors

Mackin MCSA, MCSE, MCT is an author, editor, consultant, and trainer who has been working with Microsoft networks since 1997. He holds a master's degree in telecommunications and network management. Ian McLean MCSE, MCDBA, MCT has over 35 years of experience in industry, commerce, and education. He started his career as an electronics engineer before going into distance learning and then education as a university professor. He currently runs his own consultancy company. Ian has written 15...

Determining the Host Capacity of a n Network

To determine the host capacity of a network whose subnet mask is expressed in slash notation as n, use the following formula c 2 32_n - 2, where c represents the number of computers that can be accommodated by a given network, and n represents the number of bits in the network ID of that network. For example, in a 20 network, n 20. Therefore c 2 32-20 - 2, or 212 - 2, or 4096 - 2, or 4094. So, a 20 network can accommodate 4094 computers. Here is another example In a 28 network, n 28. Therefore,...

Page Case Scenario Exercise

You work as a network consultant, and you have been hired by three companies to solve problems related to network connectivity. While visiting each company, you draw sections of the relevant portions of the network. Use the following drawings to determine the IP configuration error that has led to a disruption of network connectivity at each company. Client C has an incorrectly configured default gateway. The default gateway should be set to 192.168.1.129. Client A IP address 192.168.1.116 28...

Objective Answers

Incorrect This configuration seems at first glance to be OK. The subnet mask has been reduced by a single 1 and the addresses are contiguous. However, let us look at the third octet So the two networks would have different network addresses given a 23 255.255.254.0 subnet mask. B. Incorrect This supernetted network is valid 206.10.12 22 with a host range 206.10.12.1 through 206.10.15.254. However, the networks allocated to your organization are 206.10.13.0 24 and 206.10.14.0 24, and an...

Configuring RIP

RIP is a dynamic routing protocol that helps routers determine the best path through which to send given data. Routes to destinations are chosen according to lowest cost. By default, this cost is determined by the number of hops or routers between endpoints however, you can manually adjust the cost of any route as needed. Importantly, RIP discards routes that are determined to have a cost higher than 15. This feature effectively limits the size of the network in which RIP can operate. Another...

Exploring Remote Access Authorization Scenarios

The following selection presents a summary of the remote access authorization process. In each scenario, authorization settings at the remote access server differ when User1, a member of the Telecommuters group, attempts to connect through a dial-up line. Figure 10-20 shows the order of remote access policies defined at the server. Exam Tip You need to be familiar with the encryption settings for the exam. Server Status g COMPUTER1A local 1 J . Remote Access Clients 0 Il Ports IE IP Routing...

Name Servers

The Name Servers tab, shown in Figure 5-23, allows you to configure NS resource records for a zone. These records cannot be created elsewhere in the DNS console. Start of Authority SOA WINS I Zone Transfers Start of Authority SOA WINS I Zone Transfers Server Fully Qualified Domain Name FQDN represents an IP address retrieved as the result of a DNS query and may not represent actual records stored on this server. represents an IP address retrieved as the result of a DNS query and may not...

Name Checking

By default, the Name Checking drop-down list box on the Advanced tab of the DNS server properties dialog box is set to Multibyte UTF8 . Thus, the DNS service, by default, verifies that all domain names handled by the DNS service conform to the Unicode Transformation Format UTF . Unicode is a 2-byte encoding scheme, compatible with the traditional 1-byte US-ASCII format, that allows for binary representation of most languages. Figure 5-29 shows the four name-checking methods you can select from...

Using Network Monitor Triggers

Network Monitor's main function is to capture packets as they cross the network. So much occurs at once that trying to find the information you need is often nearly impossible. Therefore, one important skill to master with Network Monitor is the ability to quickly locate what you are looking for when the action happens. Setting Triggers Network Monitor provides a facility to alert you when certain conditions are met. This facility might be helpful under a variety of circumstances where you set...

Frame Size

By default, Network Monitor captures each frame in its entirety. However, you can reduce the number of bytes of each frame captured by lowering the frame size setting. For example, if you set the frame size to 128, Network Monitor will capture only the first 128 bytes of each frame. The minimum frame size setting is 64 bytes the maximum setting aside from the default setting of Full is 65,535 bytes. You might want to reduce the frame size because, typically, it is only the beginning of a frame...

WSUS Deployment Scenarios

You can deploy WSUS in a variety of ways that depend on the size of your network, your administrative structure, and your available bandwidth. Some of these deployment scenarios are described below. Single WSUS Server Small-Sized or Simple Network In a single WSUS server scenario, administrators can set up a server running WSUS inside their corporate firewall, which synchronizes content directly with Microsoft Update and distributes updates to client computers, as shown in Figure 12-35. Note...

Troubleshooting Connections Using Ping and Path Ping

Ping is a tool that helps to verify IP-level connectivity PathPing is a tool that detects packet loss over multiple-hop trips. When troubleshooting, the Ping command is used to send an ICMP echo request to a target host name or IP address. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use the Ping tool to locate remote hardware problems and incompatible configurations. When troubleshooting network connectivity, use the Ping...

DNS Server Performance Counters

The DNS performance object in System Monitor includes 62 counters. You can use these counters to measure and monitor various aspects of server activity, such as the following Overall DNS server performance statistics, such as the number of overall queries and responses processed by a DNS server UDP or TCP counters, for measuring DNS queries and responses that are processed using either of these transport protocols Dynamic update and secure dynamic update counters, for measuring registration and...

Problem Making Your IPSec Policy Work

In the following exercise, you create and assign an IPSec policy, only to discover that the two computers cannot communicate at all. You can use a number of steps and tools to troubleshoot an IPSec policy, as described in the following list. Note IKE auditing is turned on by default. If auditing of logon events is turned on, IKE posts negotiation results in the Security Event log. Once policies have been assigned and are working, you can turn this feature off by adding the DisableIKEAudits...

Secure Cache Against Pollution

By default, the Secure Cache Against Pollution option is enabled. This setting allows the DNS server to protect its cache against referrals that are potentially polluting or nonsecure. When the setting is enabled, the server caches only those records with a name that corresponds to the domain for which the original queried name was made. Any referrals received from another DNS server along with a query response are simply discarded. For example, if a query is originally made for...

Reading the IP Routing Table

Routers use routing tables to determine where to send packets. When IP packets are sent to an IP router, the router reads the destination address of the packet and compares that destination address to the entries in the routing table. One of these entries is used to determine which interface to use to send the packet and to which hop gateway the packet will be sent next. To assist in this process, each routing table entry includes the five columns described in the following sections, as shown...

Managing Security Through Group Policy

Group Policy holds a unique position with respect to a network's security infrastructure. On the one hand, Group Policy provides a means to deploy and manage a security infrastructure. On the other hand, Group Policy provides the actual substance of that security infrastructure every GPO contains nodes whose configuration represents many of the most important security considerations for a network. Although basic Group Policy concepts remain beyond the scope of this training kit, it is important...

Lesson Summary

NAT is a service built into a router that modifies the source address of IP datagrams before sending them on to their destinations. This functionality allows NAT clients to connect to the Internet by sharing one or more publicly registered IP addresses on the computer running the NAT service. In Routing And Remote Access, NAT can also be configured to function as a DHCP allocator, a DNS proxy, or a WINS proxy. NAT can be understood as a fully configurable version of ICS. To function, NAT...

IP Routing Interface Features

These management features are accessible through the IP Routing node of the Routing And Remote Access console. When you select the General node within the IP Routing node, the interfaces configured for your server appear in the details pane. Right-clicking a demand-dial interface reveals various demand-dial management and troubleshooting commands, as shown in Figure 9-24. Routing and Remote Access Server Status - COMPUTER1A local Network Interfaces a-IE IP Routing JL General J Static Routes jji...

Network Diagnostics

Network Diagnostics is a graphical troubleshooting tool, built into the Windows Server 2003 interface, that provides detailed information about the local computer's networking configuration. To access the tool, first launch Help And Support from the Start menu. From the Help And Support Center window, click Tools in the Support Tasks area. Finally, expand Help And Support Center Tools from the Tools list, and then select Network Diagnostics. The Network Diagnostics window appears in the right...

Page Lesson Review

You have configured a scope with an address range of 192.168.0.11 through 192.168.0.254. However, your DNS server on the same subnet has already been assigned a static address of 192.168.0.200. With the least administrative effort, how can you allow for compatibility between the DNS server's address and DHCP service on the subnet By configuring an exclusion for the address 192.168.0.200, you can most easily allow for compatibility between the DNS server and the currently configured DHCP...

Enable Netmask Ordering

The Enable Netmask Ordering option is selected by default. This default setting ensures that, in response to a request to resolve a single computer name matching multiple host A resource records, DNS servers in Windows Server 2003 first return to the client any IP address that is in the same subnet as the client. Note Multihomed computers typically have registered multiple host A resource records for the same host name. When a client attempts to resolve the host name of a multihomed computer by...

Q

File or Folder Access Auditing access to a particular file or folder is a two-step process. First, you must configure the Audit Object Access policy to audit successes or failures, or both as required . Then, you must configure the properties of the files or folders for which you want to audit access. In the properties of the file or folder, select the Security tab, click the Advanced button, and then select the Auditing tab. In the Auditing tab, configure the desired members of the system...

Setting the Primary DNS Suffix

You can specify or modify a computer's primary DNS suffix in the DNS Suffix And NetBIOS Computer Name dialog box, as shown in Figure 4-15. DNS SuffiH and NetBIOS Computer Name Primary DNS suffix of this computer Change primary DNS suffix when domain membership changes NetBIOS computer name This name is used for interoperability with older computers and services. Figure 4-15 Specifying a primary DNS suffix To access this dialog box, in the System Properties dialog box, click the Computer Name...

Exercise Use IP Security Monitor to Monitor an IPSec Connection

In this exercise, you monitor IPSec activity using the IP Security Monitor snap-in. 1. Open IP Security Monitor on both computers by adding the snap-in to an MMC. 2. Check that the active IPSec policy is the one you assigned. 3. Examine the details about the active policy. Are the details what you expected Select the Main Mode Figure 11-45 and Quick Mode Figure 11-46 Security Associations nodes and double-click the SA in the details pane. This step tells you which encryption is being used....

Case Scenario Exercise

You work as a network consultant, and you have been hired by three companies to solve problems related to network connectivity. While visiting each company, you draw sections of the relevant portions of the network. Use the following drawings to determine the IP configuration error that has led to a disruption of network connectivity at each company. Client A IP address 192.168.1.116 28 Default gateway 192.168.1.126 Client A IP address 192.168.1.116 28 Default gateway 192.168.1.126 Client B IP...

Memorizing Subnet Mask Octet Values

To handle IP addressing questions on the 70-291 exam, you will also need to memorize the nine possible values that might appear in a subnet mask octet. Use Table 2-4 below to help you memorize these values. The values in the top and middle rows have been labeled d values and r values respectively to provide consistency with references to these values that appear elsewhere in the chapter. Begin by covering the top row of the table. Once you can recite without hesitation the d value associated...

Load Zone Data On Startup

By default, the Load Zone Data On Startup drop-down list box is set to the From Active Directory And Registry option. Thus, by default, DNS servers in Windows Server 2003 initialize with the settings specified in the Active Directory database and the server Registry. However, this setting includes two other options, From Registry and From File, as shown in Figure 5-30. Figure 5-30 Server initialization options Figure 5-30 Server initialization options When you select the From Registry option...

BIND Secondaries

The BIND Secondaries option is enabled by default. As a result, DNS servers running on Windows Server 2003 do not use fast transfer format when performing a zone transfer to secondary DNS servers based on BIND. This restriction allows for zone transfer compatibility with older versions of BIND. Fast transfer format is an efficient means of transferring zone data that provides data compression and allows multiple records to be transferred per individual Transmission Control Protocol TCP message....

What Does Disabling Recursion On Ns2 And Ns3

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the Questions and Answers section at the end of this chapter. 1. You are the network administrator for Lucerne Publishing. The Lucerne Publishing network consists of a single domain, lucernepublishing.com, that is protected from the Internet by a firewall. The firewall...

Allow Zone Transfers Server 2008

Allow Zone Transfers Server 2008

The Zone Transfers tab, shown in Figure 5-25, allows you to restrict zone transfers from the local master server. For primary zones, zone transfers to secondary servers by default are either completely disabled or limited to name servers configured on the Name Servers tab. The former restriction applies when the DNS server has been added by using the Manage Your Server window the latter, when it has been added by using the Windows Components Wizard. As an alternative to these default...

Exercise Use Netsh to Manage IPSec

Any task you can perform with the IP Security Policy snap-in and the IP Security Monitor snap-in, you can do with the Netsh command. You can also perform tasks with Netsh that you cannot do from a console, such as the following instituting computer startup security, performing computer startup traffic exemptions, running diagnostics, performing default traffic exemptions, performing strong certificate revocation list CRL checking, performing IKE Oakley logging, modifying logging intervals, and...

Verifying the Server Configuration

When verifying the DHCP server configuration, you can begin with the DHCP server address. To provide leases for clients on the local subnet, the DHCP server computer must be assigned an address whose network ID is common to that logical subnet. In addition, the DHCP Server service must be bound to the connection to that subnet. To verify a DHCP server's network bindings, select the Advanced tab in server properties and click the Bindings button. This procedure opens the Bindings dialog box,...

Using Netcap to Capture Network Traffic

Netcap.exe is a command-line utility that you can use to capture network traffic to a capture file. You can then load the file in Network Monitor to view the captured traffic. The Network Monitor tool does not have to be installed on the computer running Windows Server 2003 to use Netcap. You can also use Netcap on computers running Windows XP, which makes it an extremely attractive way to capture traffic for later review. The tool is available after the Windows Server 2003 Support Tools have...

Questions and Answers

You have configured your remote access server to distribute addresses to remote access clients through a DHCP server. However, you find that your remote access clients assign themselves with only APIPA addresses. Name two possible causes of this scenario. There is not a DHCP server available on the network segment, and a DHCP relay agent has not been configured. The DHCP server did not have 10 free addresses in its scope when the Routing And Remote Access server started up. 2. Which...

Exercise Use Netsh to Monitor IPSec

After you have created and assigned the IPSec policy using Netsh, use Netsh commands to monitor the session. 1. From either computer, start Netsh Netsh 2. Use the Show command and review the active policy to see whether your policy application worked show policy name telnet level verbose 4. Set the diagnostic value to log all events the default is 0 or no logging using this command set config property ipsecdiagnostics value 7 5. Set the IPsecloginterval value to 60 seconds set config property...