Failure to Contact a DHCP Server

When you configure your Windows computers to obtain their IP addresses and other TCP IP configuration settings from a DHCP server, you may sometimes find that the DHCP server has apparently assigned an incorrect IP address to a computer. No matter what address scope you have configured the DHCP server to use, a client might have an address that begins with 169.254. This is not an address that the DHCP server has assigned. Rather, the computer has failed to contact the DHCP server on the network...

Using Manual Enrollment

Stand-alone CAs cannot use auto-enrollment, so when a stand-alone CA receives a certificate request from a client, it stores the request in a queue until an administrator decides whether to issue the certificate. To monitor and process incoming requests, administrators use the Certification Authority console, as shown in Figure 11-5. Certification Authority (Local) Test CH Pending Requests C l Failed Requests Request ID Requester Name Binary Certificate Ct 02 INT-ADATUM IU BEGIN CERTI 134...

Working with IPSec Policies

The IP Security Policies snap-in for Microsoft Management Console (MMC) is the tool you use to view and manage IPSec policies on a computer running Windows Server 2003. By default, the snap-in is incorporated into the Group Policy Object Editor console, and on member servers, into the Local Security Policy console. You can also add the snap-in to a new MMC console and configure it to manage the policies on any individual computer or Active Directory domain. You deploy IPSec policies in much the...

Lesson Planning DNS Security

Although DNS servers perform functions that are intrinsically benign, the possibility of their compromise does pose a significant threat to your network security. Part of the design process for your name resolution strategy is keeping your DNS servers, and the information they contain, safe from intrusion by potential predators. As you have learned, DNS name resolution is an essential part of TCP IP networking. Both Internet and Active Directory communications rely on the ability of DNS servers...

Case Scenario Exercise

You are the network infrastructure design specialist for Litware Inc., a manufacturer of specialized scientific software products, and you have already created a network design for their new office building, as described in the Case Scenario Exercise in Chapter 1. The office building is a three-story brick structure built in the late 1940s, which has since been retrofitted by various tenants with several different types of network cabling. Your network design for the building calls for the...

Lesson Implementing a DNS Name Resolution Strategy

Once you have determined your network's name resolution requirements and designed your DNS namespace, it is time to actually implement the name resolution services by installing and configuring servers. Towards this end, you must first decide how many servers you need and where you are going to locate them, and then determine how you are going to configure the servers. After this lesson, you will be able to Explain the functions of caching-only DNS servers and forwarders List the types of zones...

Active Directory Permissions

Windows Server 2003 has yet another system of permissions, which you can use to specify who can access and manage objects in the Active Directory database. On a large network, working with Active Directory objects is a common administrative task. Administrators frequently have to create or delete user objects or modify the properties of existing objects. To delegate these tasks to other people, you might want to modify the default permissions for all or part of the Active Directory database....

Configuring DNS Security

It is common for administrators to run the DNS Server service on Windows Server 2003 domain controllers, particularly when they use Active Directory-integrated zones. One benefit of storing the zone database in Active Directory is that the directory service takes over securing and replicating the DNS data. However, even if you do use Active Directory-integrated zones, there are additional security measures you might consider. See Also The Microsoft DNS Server service has its own security...

Using Fibre Channel

Fibre Channel is a high-speed serial networking technology that was originally conceived as a general purpose networking solution, but which has instead been adopted primarily for connections between computers and storage devices. Unlike SCSI, which is a parallel signaling technology, Fibre Channel uses serial signaling, which enables it to transmit over much longer distances. Fibre Channel devices can transmit data at speeds up to 100 megabytes per second using full duplex communications,...

Lesson Selecting Network Transport Layer Protocols

Once you have selected a data-link layer protocol for your network, your concerns for the physical infrastructure are finished. It is now time to move upward in the OSI reference model and select the protocols for the network and transport layers and above. There is no need to be concerned about protocol compatibility at this point, because all the data-link layer protocols in current use can function with any network transport layer protocol combination. After this lesson, you will be able to...

Lesson Selecting Data Link Layer Protocols

Connecting a group of computers to the same physical network gives them a medium for communication, but unless the computers can speak the same language, no meaningful exchanges are possible. The languages the computers speak are called protocols if the computers on a network are to interact, every computer must be configured to use the same protocols. Selecting the appropriate protocols for the network is an important part of the network infrastructure planning process. After this lesson, you...

Key Terms

Attenuation The tendency of a signal to weaken as it travels along a medium. The longer the distance traveled, the more the signal attenuates. All signals attenuate as they travel along a network medium, but different media are subject to different degrees of attenuation. Signals on copper-based cables such as UTP attenuate relatively quickly, while signals can travel longer distances over fiber-optic cable because they attenuate less. Ad hoc topology A wireless networking topology in which two...

Exercise Creating an MMC Console and Viewing the Default Policies

In this exercise, you create an MMC console containing the IP Security Policies snap-in and use it to view the default IPSec policies on your server. 1. Log on to Windows Server 2003 as Administrator. 2. Click Start, and then click Run. The Run dialog box appears. 3. In the Open text box, type mmc, and then click OK. The Consolel window appears. 4. From the File menu, select Add Remove Snap-in. The Add Remove Snap-in dialog box appears. 5. Click Add. The Add Standalone Snap-in dialog box...

Exercise Creating GPO Links

The GPO you created for the Domain Controllers container in the practice for Lesson 2 is not intended to stand alone. It builds on the Member Servers container's GPO you created in the practice for Lesson 1. In this practice, you link the Member Servers container's GPO to the Domain Controllers organizational unit. 1. Log on to your Server01 computer as Administrator. 2. Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users And Computers. The...

Questions and Answers

For each of the following DNS server functions, specify whether you must have a. A DNS server with a registered IP address c. A DNS server with a connection to the Internet d. Administrative access to the DNS server 1.J Internet domain hosting a, b, c, and d 2.J Internet client name resolution c 3.J Web server hosting a, c, and d 4.J Active Directory domain hosting d 1.J What is the technical term for a DNS client implementation Resolver 2.J In what domain would you find the PTR resource record...

Desktop Hardware Specifications

Unlike the hardware specifications for servers, which tend to be more specialized, depending on their role, desktop workstations are more general-purpose computers. Your objective in creating desktop hardware specifications is to design systems suitable for a wide variety of tasks. The ideal situation would be a single desktop computer design that is suitable for all the users on your network. From a purchasing standpoint, this would enable you to order a larger number of identical computers...

Using Network Load Balancing Manager

When you display the Network Load Balancing Manager application, the bottom pane of the window displays the most recent log entries generated by activities in the NLB Manager (see Figure 7-8). These entries detail any configuration changes and contain any error messages generated by improper configuration parameters on any host in the cluster. El gjg Network Load Balancing Clusters S kj www.int.adatum.com (192.168.2. ' 03 CZ3NET(3COM) Host configuration information for hosts in cluster...

Deploying a Network Load Balancing Cluster

Once you have planned the network infrastructure for your NLB cluster and decided on the operational mode, you can plan the actual deployment process. The basic steps in deploying NLB for a cluster of Web servers on a perimeter network are as follows 1. Construct the perimeter network on which the Network Load Balancing servers will be located. Create a separate LAN on your internetwork and isolate it from the internal network and from the Internet using firewalls. Install the hardware needed...

Using Static Routing

Another important element of your routing strategy is your decision to use static or dynamic routing on your network. To forward network traffic to the proper locations, the routers on your network must have the correct entries in their routing tables. With static routing, network administrators must manually create and modify the routing table entries. Dynamic routing uses a specialized routing protocol to update the table entries automatically. Static and dynamic routing both provide the same...

NLB Operational Modes

The servers that are going to be the hosts in your NLB cluster do not require any special hardware. There is no shared data store as in a server cluster, for example, so you do not have to build a storage area network. However, NLB imposes certain limitations on a server with a single network interface adapter in a standard configuration, and in some cases, you can benefit from installing a second network interface adapter in each of your servers. Windows Server 2003 Network Load Balancing has...

Lesson Designing a DNS Namespace

Once you have determined how your network will use the DNS, it is time to begin designing the DNS namespace for your network. The namespace design can include a host-naming pattern for all the computers on your network, as well as the more complex naming of the network's domains and subdomains, both on the Internet and in Active Directory. After this lesson, you will be able to Create an effective DNS domain hierarchy Divide domain and host naming rules Create a namespace with internal and...

Objective Questions

You are a network administrator who has been given a security template. Your supervisor wants you to check that all the Windows Server 2003 domain controllers are using the account policies, audit policies, event log settings, and security options stored in the template. In the case of any domain controller that is not using the same settings, you are to apply only the missing elements from the template to that computer. Which of the following procedures would enable you to perform both...