//SS III Installation and Configuration
//S8 DHCP
Revise:
• DHCP Scope : DHCP Manager
• DHCP RelayAgent
• Additional information (IPA of WINS and DNS servers can be sent to client
• Administration is centralised
• DHCP server doesn't assign same IPA twice
• No typos or mistakes
• Client Auto-reconfiguration when subnet changes
• Control over which IPA are used
However
• Can't auto detect manually assigned IPA, need to exclude.
Control Panel->Network_.Protocols->TCP/IP->Properties->Optain address from a DHCP server
1 Client : IP lease request
2 Server : IP lease offer
3 Client: IP lease selection
4 Server: IP lease acknowledgement
• Server [DHCP Manager] - renewal denied - release delay
• Client [ipconfig /release] - release immediate
Three situations :
• 50% - lease renewal request to issuing server
• 87.5% - lease renewal request broadcast to any DHCP server
• 100% - IP lease request
ipconfig /review - forces renewal [to reflect client scope change]
DHCPDISCOVER- lease request phase
DHCPOFFER - lease offer phase
DHCPREQUEST - lease acknowledgment
DHCPDECLINE - lease selection
DHCPACK - lease renewal
DHCPNACK - lease renewal
DHCPRELEASE - lease renewal
To Configure DHCP Server
• Create a scope of IP addresses
• Set lease duration
• Exclude (optional)
• Reserve (optional)
• Set DHCP options (router; DNS; WINS) (optional)
• IPA range
• Subnet mask
• Duration
•Exclude (optional)
- One scope per subnet
- Can't reduce, only exclude
DHCP Scope properties
Deactivate
Renewal (% time until client renews)
Reserve
For: routers; DNS; WINS, and; Web servers.
Global or specific scope
Order of preference: client->specific scope->global
[Manual settings on client causes big problems]
• 001 Subnet mask
• 003 Router
• 006 DNS Servers
• 044 WINS/NBNS Servers (IPA of NBNS)
• 046 WINS/NBT node type (resolution method)
• 051 Lease time
Different options for different groups => different scopes
For:
• Domain Controllers
• Clients assigned by other methid
• IPA usedd by RAS for dail-in
• DNS
• WINS
• Routers
Reserve IPA that are hard coded in client's HOSTS and LMHOSTS files
Multiple DHCP servers must have same pool of reserved addresses
Need:
•IPA
•MAC address (Unique Identifier)
For clients on different subnet, a DHCP Relay Agent is required [as broadcasts can't pass routers]
When client broadcasts, Relay Agent forwaards this information to DHCP server.
Can have multiple scopes ( for different subnets)
Multihomed computer. Ywo cards: One with DHCP server on it, and listens for broadcasts on other card/network [that doesn't have DHCP server] and forwards them.
Can use router that can act as Relay Agent instead. Or have DHCP server on both networks [fault tolerence, small scope for other net work
where
control panel->network->services->Add->DHCP Relay Agent
Needs IPA [static is important] of DHCP server
New tab appears in Network... controlpanel [to specify IPA of DCHP servers]
• Have DHCP server one each subnet
• Each DHCP server must have a different scope
• If server fails DHCP Relay Agent can forward to DHCP server on other ssubnet
• Each server must have IPA for other remote subnets
• 75% IPA local, 25% IPA remote
Two subnets and only one DHCP server=>Install DHCP Relay Agent
If router can't forward DHCP message=>Install DHCP server on that subnet
Fault Tolerence=>Maintain pool of IPA for each subnet other than own
•View and Modify
• Renew or Release
/review
/all
Contains:
• scope options
• lease and renewal information
Files:
• Dhcp.mdb
• Dhcp.tmp
• J50 and J50#####.log
• J50.chk
Tasks:
• Backing up (automatic - unlike WINS)
• Restoring
• Compacting
Activity
• Added
• Deleted
• Modified
//E8 DHCP
//S9 WINS
Exam Objectives
1) Install & Configure WINS
2) Running WINS on Multihomed Computer
3) Configuring static mappings
4) Configuring DHCP replication
5) Configuring LMHOSTS files
6) Configuring HOSTS files
7) Importing LMHOSTS to WINS
Revise:
• Install & Requirements WINS
• Configuring static mappings
• Use of WINS proxy
• Database Replication, Push/Pull
nbstat -c
nbstat -R
NetBIOS broadcasts, good for small networks, bad for routers
LMHOSTS files solves this: "static text file"
Limits broadcasts, increases administration
Must be updated manually to reflect an IPA change
Can be centrally managed unlike HOSTS
• NT 3.5 server/workstation
• 95 or Workgroups 3.11 with TCP/IP
• MS-DOS 3.0
• LAN MAnager Server2.2c
Must specify WINS IPA address to client :
DHCP - auto;
Manual -
Where
controlpanel->network-0>TCP/IP->Properties->WINS tab->Primary WINS
• Static mappings [IPA and NetBIOS name of non-WINS client]
•WINS proxy [listens forNetBIOS broadcasts and relays them to WINS]
As b-nodes can't pass through routers, WINS proxy must be on same subnet
WINS can resolve names for DNS
DNS=static
WINS=dynamic
1. New Client->Server: name registration quiery [sourceIPA, NetBIOS name, and destination IPA]
2. WINS searches database for entry
3. Server-> Existing Client: name quiery request [NetBIOS name]
4. Existing Client->Server: name quiery response [NetBIOS name]
Server->Client:negative name registration response
5. Existing Client->Server: no response
Server->New Client: positive name registration response [expiry time]
Needs to be registered after TTL (TimeToLive). Enforce by WINS, keeps database clear
Increase TTL=> database outdated
Decrease TTL => Increase traffic
name refresh request
name refresh response
1. Upon client shutdown WINS informed to remove client name from database with name release request
2. WINS searches database for entry
3. Name is removed and gives name release response [NetBIOS name removed]
• How many WINS needed for the clients - one primary an d secindary WINS per 10,000 clients
• How many WINS for fault tolerence - primary and secondary, replication between WINS
• Can bandwidth support WINS traffic - WINS traffic less than broadcast
• non-WINS client name registration - WINS proxy
Where
Control Panel->Services->Add->WINS->Restart
Configuring
Where
WINS Manager->Server menu->Add->IPA of server
1. Make Administrator
2. WINS Server Configuration dialog:
• Renewal Interval [96 hours]
•Extinction Interval [96 hours]
• Extinction timeout [96 hours]
• Verify Interval [576 hours - 24 days]
• Pull parameters : Initial Replication, Number of retries
• Push Parameters : Initial Replication, Replicate on address change
WINS packets can cross networks : One server for entire network, can suffice.
Secondary continues registration and renewal.
Only if primary is down
Requirements: NT 3.5, not necessarily PDC, must have static mappings of IPA, Gateway, and subnet mask (DHCP not recommended)
Manually or DHCP.
• Manual -
Where
Control Panel->Network->Protocols->TCP/IP->Properties->->WINS->Primary IPA
Control Panel->Network->Protocols->TCP/IP->Properties->WINS->Secondary IPA
• DHCP -
Where
Administrative Tools->DHCP Manager->Options menu->044 WINS NetBIOS Name Service Servers
Administrative Tools->DHCP Manager->Options menu->046 WINS NetBT Node Type
Network->Protocols->TCP/IP->Properties->IPA->Optain IPA
Primary always used
Secondary used whenb primary is down
Client constantly checks for primary while using secondary
Intercepts name quiery broadcasts from non-WINS clients on local subnet and forwards to WINS on remote subnet
Need to change registry to not browse on one network card
Where
Regedt32->HKEY_LOCAL_MACHINE->SYSTEM\CurrentControlSet\Services\Browser\Parameters\->Edit->Add Value
Value Name: UnboundBindings
Data Type: REG_MULTI_SZ
String: NetBT_<name of network adapter driver to be disabled>
To find name of adapter:cmd->ipconfig /all->"Ethernet Adapter"
Must have same IPA for Pimary and secondary WINS on both network cards
Manually adding a NetBIOS name-IPA (of non WINS or non WINDOWS) client mapping on the server
• WINS is quieried before LMHOSTS is parsed
• LMHOSTS must be manually maintained on non WINS clients
• Use static mapping for clients which are important machines to maintain same name: servers
Where
Administrative Tools->WINS Manager->Mappings->Static Mappings->Add Mappings->
Types:
• Unique
• Group
• InternetGroup
• Multihomed
->IPA->Add->Close
Three auto generated NetBIOS service types:
• Redirector
• Messanger
• Server
Current mappings across servers via Push/Pull partners
Push->Pull forcing
Push -> Pull : Notify
Pull->Push : replication request
Push->Pull: New database via two methods:-
•Wait until number of updates collected
• Immediate replication on demand
Pull can notify Push that replication is required
Pull requests database version number higher than that present on pull
Consider:
• WAN croseed?
• How important is current database
Where
WINS Manager->Server->Replication Partners->WINS Servers to list->Push & Pull & Other-> Replication Options->Configure (Pull & Push)
WAN Push->Pull [12 hours update]
LAN Push/Pull->Pull/Push
Primary and Secondary must be Push and Pull to eachother
The further apart the WINS servers the less frequent the update
Same city = 15 minutes
X-Country = 1+ hour
Contains:
• names
• lease and renewal information
Files:
• Wins.mdb
• Wins.tmp
• J50.log and J50#####.log
• J50.chk
Tasks:
• Backing up (unlike DHCP)
• Restoring
• Compacting
Activity
• Lease Update
• Name resolving
• Housekeeping
Autobackup (3 hour default)
Specify in WINS MAnager
Also backup Registry entries
Where
Regedt32->HKEY_LOCAL_MACHINE->SYSTEM\CurrentControlSet\Services\Wins
NT 3.5 [default 24 hr]
• WINS Manager - click on good folder
• Move manually - Delete Winstmp.mdb, J50#####.log and J50.log [all are created automatically], and move Wins.mdb from backup to WINS Directory
Automatic, but may become fragmented
Compacting speeds up and reduces size
DB < 30MB recommended
Jetpack <database name> <temp database name>
Must stop WINS server using Services dialog box, or:
net stop wins
Three states:
Active
Released
Extinct
scavenging removes extinct entries.
Automatic.
Renewal and Extinct Times.
Can use WINS manager to force.
Parsed line at a time
nbstat -R reloads file into memory
• #PRE - [pre]loads into name cache and for #DOM and #INCLUDE:- put at end of file as it slows parsing
• #DOM - Client: specifies Domain Controllers domain on remote subnet [for authentication]. Domain controller : enables account information replication. Not needed if WINS is on your subnet, as Domain Controllers name's added automatically to database. Loaded into domain name cache.
• #INCLUDE - Centrally held, clients include this. Reduces administration. <filename> parsed as local: LMHOSTS file;{Stripped of 16th bit and any zero and use host name resolution};Local Machine name;HOSTS;DNS. File is central LMHOSTS or text file
• #BEGIN_ALTERNATE
• #END_ALTERNATE
10.30.32.23 helper
10.30.32.23 nis #PRE
10.30.224.13 adsm #PRE #DOM:MARKETING
10.30.32.137 server1 #PRE #needed for include
#INCLUDE \\server1\share\lmhosts
10.30.32.138 server2 #PRE #needed for include
10.30.32.139 server3 #PRE #needed for include
#BEGIN_ALTERNATE
#INCLUDE \\server2\share\lmhosts
#INCLUDE \\server3\share\lmhosts
#END_ALTERNATE
IPA first then name
Put heavily used mappings at top
# Case sensitive
10.30.32.200 RUBY ruby Ruby
#Fully Qualified
10.30.32.200 ruby.green.com
Wherecontrol panels->network->TCP/IP Properties->WINS->Import
\\<remote server>\<system root>\system32\drivers
Same as including.
To verify entry IS in cache:
nbstat -c
//E9 WINS
//S10 DNS
Exam Objectives
1) Configuring DNS server roles
2)Installing and configuring DNS on NT Server
3)Integrating DNS with other name servers
4) Connecting DNS to DNS root server
Revise:
DNS terminology:zones, domains, resolver, distributed database, name servers
Different types and uses
Query types
Types of DNS files
Integrating WINS and DNS
Hierachy of domain name spaces
subdomains
Domains and subdomains grouped into zones
Fully Qualified Domain Name (FQDN) resolved from right to left [least to most specific]
Segmenting domain into zones makes adminstration easier. Zone is a database. Contains whole or part of domain
Store information for zone[s] which they are responsible
Most important.
Additions, Modifications amd deletions occur here.
Machine where local file is held.
zone transfer: secondary downloads information from primary upon initialisation
Secondary server
Cannot change database
Downloads data from primary
• Fault tolerence
• Secondary name servers communicate across WANs
• Load balancing
Unlike WINS secondary works in junction with primary, not only when primary dies.
Name server can be primary of one zone and secondary of another zone as databases are seperate
Where
Administrative Tools->DNS Manager->Right click server name->New Zone->Select Primary or Secondary
Secondary->Zone <zonename>->Server <server name> -> Zone Info (accept defaults or enter actual master zone name and master zone filename)->Enter IPA of master zone server
Subdomains may now be created.Default zones
• Cache
• 0.in.addr.arpa
• 127.in.addr.arpa
• 255.in.addr.arpa
Provides information to secondary servers.
Not most important.
Primary or secondary
Recommend using secondary when:
• Primary is overloaded
• Path to secondary is more efficent, nearest server...
Quieries and caches results
Returns quicker as cached.
Starts with no information but grows quickly
Default at install.
Three types and TTL
• Recursive - client and server. Forwarder quieries DNS root server, all client-forwarder calls are recursive.
• Iterative - between name servers. Resolved from right to left. [root, .com, green.com (returns IPA)
• Inverse - name from IPA. Domain in-addr.arpa. organised by IPA., in reverse order 128.32.30.10. Resolved from right to left, like FQDN.(Normally left to right)
• TTL - cached resolved names duration. Set by Primary. Increase makes outdated mappings, Reduce increases traffic
• Database file - zone file, contains zone information. Edited on primary , replicated on secondary
• Cache file - see Connecting to root server
• Reverse lookup file - contains pointer records. Same as HOSTS
• Boot - Configures DNS Server on startup. Auto created in registry in NT 4
CNAME - Alias for a host. Often used for FTP or WWW
Microsoft provides:
Cache.dns to link to root server
Default at install.
Can administer over MS DNS Server but not UNIX
MS DNS can query WINS
Where
Client:
Start->Control Panels-> Network->Protocols->TCP/IP->Properties->DNS
Server:
Start->Control Panels-> Network->Services->Add->DNS->CD
Use Domain Name Service Manager
Where
Administrative Tools->DNS Manager->DNS menu->New Server->Name of local server (becomes caching-only server)
Domain can't contain information.
Must make zone first to create domain.
Done after adding zone, see Configuring
Where
Domain:
Start->Programs->Administrative Tools->DNS Manager->Right click on zone->New Domain->Enter name
Subdomain:
Start->Programs->Administrative Tools->DNS Manager->Right click on domain->New Domain->Enter name
Where
Start->Programs->Administrative Tools->DNS Manager->Right click on zone->New Resorce Record
• A - address of host [IPA must be supplied]
• NS - name server [DNS Server name must be supplied]
• SOA - start of authority [DNS Server name must be supplied]
• CNAME [DNS Server name must be supplied]
Default intalled: A (Local machine name), NS, SOA, CNAME (WWW), CNAME (FTP)
DNS passes leftmost part of FQDN to WINS
NetBIOS name must be same as host name
WINS lookup
Add a resource record to zone database file manualy:
<domain> IN WINS <IP address of WINS server>
Using DNS Manager
Where
Start->Programs->Administrative Tools->DNS Manager->Right click on zone->properties->WINS Lookup->Use Reverse Lookup->IPA->Add
nslookup [-option...][hostame| - server]] - default for local DNS server
server servername - for server other than that configured for local machine
Quiery DNS server for information
Two modes
• Interactive - lookup or print information on hosts and domains
• Non-interactive - gives information on single server
//E10 DNS
//S11 SNMP
Exam Objectives
1) Configuring SNMP
2) Choosing appropriate services to install on NT server
Revise:
• Basics: communities, traps, and security
• Configuring agent to accept requests from certain machines
• NT is only a SNMP agent and not Management Console
• When to install and for what situation
Monitor and manages devices (routers, hubs and bridges [gateways, server,hosts]), or SNMP agents, on network
Parts:
• SNMP agents
• Management Information Bases
Learn:
• Configuring SNMP
• Managing SNMP communities
Where
Start->Control Panels-> Network->Services->Add->SNMP->CD->Restart->Control Panels-> Network->Services->check services and trap services have been added.
• SNMP services accepts requests from Management Console
• SNMP Trap services recieves traps from SNMP agent and forwards to Management Console
• trap is generated automatically when a predifined event occurs on the host machine (i.e. hacker tapping in)
• Contact person and location of agent machine
• Availables communities
• IPA [or Hostname] of Central Management Console
trap destination is the Central Management Console
Client/Server
SNMP Manager - Central Host
NT is only a SNMP agent and not Management Console and involves SNMP community
• SNMP service
• SNMP agent software
• MIB - stores object descriptions and values for all managable items - provided by vendors and MS
Must install TCP/IP first
All agents maintain a database of objects
• Definition of the objects data type
• Text description
• Read/Write access
Management console quieries SNMP agent (with WINS MIB how many NetBIOS requests successful)
Grouping of hosts for management purposes
Communities = One managment console and number of agents
Where
Start->Control Panels-> Network->Services->SNMP->Proprties->Traps->Community name
Default community name Public [case sensitive]
Agent may belong to five communities
Agent can send trap information to five hosts [management consoles] within that community
Trap send for shutting down,start up and quieries from Management Console
In multiple communities, traps can be sent to a console in (up to) all five communities
• Public includes all SNMP agents on network
• Agents should belong to community that specifies location/purpose of Agent computer
• Physical
• Applications [default]
• Data/Link
• Internet [default]
• End-to-End [default]
Defaults begin with vowel
Authentication service between agents and management console to verify messages (uses community name)
If message not authenticated by community name not processed.
Optional trap sent to community informing authentication failure [agent rejected host]
If Public is removed, agent accepts from any community [ unwanted messages from rouge console]. Also, Public help domain groupings
• Send Authentication trap - [trap] Agents don't talk to eachother, only to trap destinations [of their community]
• Accepted Community Names - If a Management Console of another community is brought on network, agent will ignore quieries from this new host.
• Accept from any/specfic host [IPA or hostname] - tightens security further
Where
Start->Control Panels-> Network->Services->SNMP->Proprties->Security->Only Accept SNMP Packets from these hosts->Add->Enter IPA
Mimics Management consol has quieried agent
snmputil command agent community objectID
command - get, get-next, set
agent - target for quiery
community
objectID - long and complex number 1.2.6.1.5.1.221.1.7.2.1.1.1
Example:
//E11 SNMP
//ES III Installation and Configuration
This page was created by SimpleText2Html 1.0 on 19-Feb-100.