Installing and Configuring TCP/IP - Del Mar Collegeacademy.delmar.edu/Courses/ITSC1405/eBooks/Win2K-03(ServerSec… · different. For information on how to install TCP/IP during setup,

Chapter 4

Installing and Configuring TCP/IP

In This Chapter� Installing TCP/IP

� Configuring TCP/IP

� Configuring additional TCP/IP services

This chapter provides all that you need to know to install and configureTCP/IP and its related services for Windows 2000. It is essential that

you correctly install and configure the TCP/IP protocol if you intend to use it on your Windows 2000 Server network. Why? In Chapter 2, I discussed theinitial setup of Windows 2000 Server as a foundational issue that will markhow your network performs forever. The same can be said about TCP/IP and its foundation-level role on your network. Simply stated, if you are not completely successful in installing and configuring TCP/IP, then TCP/IPmisconfigurations will come back to haunt you for the life of your network.Got it?

TCP/IP Installation PreparationsThe good news is that the previous TCP/IP chapter (Chapter 3) has preparedyou for this moment: installing and configuring TCP/IP. And if that isn’t goodenough, feel free to peruse the next few TCP/IP chapters before performingthe installation described in this chapter. Be advised that many problems ona network (including failed installations) can be traced to defective networkprotocol installations. That is, TCP/IP was installed (for example, during theWindows 2000 Server installation), but important TCP/IP-related informationwas incorrect or missing. And while these topics are touched on in otherTCP/IP chapters, this is the chapter where the hands meet the keyboard.

A plain TCP/IP protocol installation in Windows 2000 requires a certain level ofmanual configuration. A few planning steps up front may dramatically lessen thechances of failure. To manually configure TCP/IP with Windows 2000 Server, youneed to consider the following.

4620-1 ch04.f.qc 10/28/99 11:58 AM Page 121

Will the computer function as a Dynamic Host Configuration Protocol (DHCP)server or will it act as a DHCP client (obtaining its TCP/IP configurationinformation from another DHCP server on the network)?

It has been my experience that you should manually configure TCP/IP onWindows 2000 Server and have true client workstations such as Windows2000 Professional and Windows 95/98 act as DHCP clients, if for no otherreason than that a clear demarcation line is drawn between server and client. Plus, it seems that you’re always modifying the TCP/IP configurationon a server, but not necessarily the client workstation. And any such TCP/IPmodifications that are made can be propagated very efficiently across yourWindows 2000 network to DHCP clients when the DHCP lease is renewed.More on that nugget in a moment.

Determine whether you want this Windows 2000 Server to act as a WindowsInternet Name Service (WINS) server. In a single-server environment, the answeris typically yes because WINS aids greatly in resolving NetBIOS names to TCP/IPaddresses in mixed Windows NT and Windows 2000 network environments.

Windows 2000 Server supports WINS for backward compatibility reasons. Beadvised the preferred method of name resolution in Windows 2000 Server isDynamic DNS. Dynamic DNS is discussed in Chapter 6.

So assuming that you are going to manually configure TCP/IP on yourWindows 2000 server and not receive your configuration from an existingDHCP server, let’s revisit the “necessities” to configure TCP/IP. Of course, I’m assuming that you’ve read the earlier TCP/IP chapters and have a basicunderstanding of TCP/IP configurations. Map out the following information in advance of the TCP/IP installation process (see the sample as-builtnetwork diagram in Figure 4-1):

■ The IP address and subnet mask for each network adapter card installedinside the machine.

■ The IP address and subnet mask for any PPP connection you will makefrom the machine. This is typically modem-specific TCP/IP configurationinformation stored on a per-dialer basis under Dial-Up Networking (nestedinside the Accessories menu selection from Programs). You will make thistype of manual TCP/IP configuration when attempting to connect to theInternet via Dial-Up Networking from your machine.

■ The IP address for the default gateway on the local subnet. Unless you aretruly using routing (for instance, with a Cisco router), this value is typicallyone of the Windows 2000 servers on your subnet. It may even be the IPaddress of the Windows 2000 server on which you are configuring TCP/IPas part of this exercise.

■ The IP address(es) and DNS domain name(s) of the DNS servers on yournetwork/internetwork. Depending on whether you are connected to theInternet, these values will vary. I’ll discuss this in more detail later on inthis chapter.

122 Part II: TCP/IP■ ■

4620-1 ch04.f.qc 10/28/99 11:58 AM Page 122

Figure 4-1: TCP/IP configuration on a small network

I strongly recommend that you consider creating a LAN/WAN plan as part ofthe as-built drawing process discussed in Chapter 1. There’s nothing like amap to guide your TCP/IP configuration efforts.

Installing TCP/IP on Windows 2000 ServerThe TCP/IP protocol is implemented by default when you are installingWindows 2000 Server. TCP/IP is thus known as the default protocol. Because Windows 2000 Server only allows the custom installation optionduring setup, you will have the opportunity to add other protocols and evenremove TCP/IP. On that last point, I wouldn’t recommend removing TCP/IPbecause it provides such great networking functionality in a Windows 2000Server environment (such as supporting robust direct Internet connections!).

Did you know that the TCP/IP protocol became the default installation protocolcommencing with Windows NT Server 3.51 and higher? Prior to that, the defaultprotocol was NWLink IPX/SPX for Windows NT Server 3.50 and NetBEUI forWindows NT Advanced Server 3.1. Just a little trivia I thought you might enjoy.

At setupAssuming you allow the installation of TCP/IP during the Windows 2000Server setup, here are some issues to address.

Windows® 2000 Server machine

Windows® 98 Windows® 2000Server machine

Windows® 95

IP: 204.67.124.200Subnet Mask: 255.255.255.0

Default Gateway: 204.67.124.200Will act as DHCP Server

(IP Lease Range: 204.67.124.150 - .190)

IP: 24.67.124.101Subnet Mask: 255.255.255.0Static Address Assignment

Dynamic IP Address Assignment

Dynamic IP Address Assignment

Chapter 4: Installing and Configuring TCP/IP 123■ ■

4620-1 ch04.f.qc 10/28/99 11:58 AM Page 123

First, make sure that TCP/IP is indeed selected as at least one of theprotocols that will be installed. It’s OK to install others, but always revisit the reasons for installing additional protocols. For example, if you are using an older HP JetDirect card, perhaps you will need to install the DLC protocol. NWLink IPX/SPX is a good protocol installation choice if you have NetWare servers present.

Second, make sure that the correct network adapter card has beendetected. This is a great opportunity to watch Windows 2000 Serverperform autodetection. Regrettably, the detection, while on target for known network adapters with drivers found in the \i386 setupsubdirectory, will most assuredly come up short (as expected) for newer network adapter cards shipped after the Windows 2000 Server build you are working with. Be sure to keep handy the network adapterdriver disk that shipped with your new network adapter card.

Finally, minimize the number of TCP/IP-related services that are installedduring the setup of your Windows 2000 server. The fewer services that areinitially installed, the fewer suspects to detain and question when networktroubles brew.

I’ve seen too many TCP/IP services installed at startup upset the apple cart.One example is the SNMP service, which is often installed only to enhancethe number of object:counters available in Performance Monitor. Why else would SNMP be installed on a Windows 2000 Server when the networkdoesn’t even use SNMP-aware devices or management applications? Thatsaid, under these scenarios, you can get startup event errors that not only populate the System Log in the Event Viewer, but can also cause otherBackOffice applications to fail, such as Microsoft Exchange and Proxy Server.Be advised.

Even if you installed TCP/IP as part of the Windows 2000 Server setup, I recommend that you read the next section that discusses how to install TCP/IP. I call this my snow-day strategy. In my hometown of Seattle, Washington, whenever we receive snowfall, the city literally shuts down because of the hilly terrain. I’ve made a pact with myself that on these days, when I’m unable to get to work, I will trot down to mybasement office and review my old BackOffice manuals, even though Iprobably have BackOffice (including Windows 2000 Server) running just the way I want it to. Well, given that we only receive snow once or twice a year, this forced review of BackOffice setups and administration alwaysresults in my remembering something simple I had forgotten, something I could be doing better, or perhaps something I should stop doing. So byreviewing the TCP/IP setup section next, perhaps you can benefit from my snow-day strategy.


4620-1 ch04.f.qc 10/28/99 11:58 AM Page 124

On an existing Windows 2000 serverPerhaps you have valid reasons to install the TCP/IP protocol at a later date,or you need to reinstall the TCP/IP protocol when troubleshooting. Here ishow you do it. It is important to understand that whether you install TCP/IPduring the setup of your server machine or you add TCP/IP to an existingWindows 2000 Server, the desired end is still the same: a properly functioningTCP/IP protocol suite. Granted, the means for getting to this end are slightlydifferent. For information on how to install TCP/IP during setup, review thediscussion in Chapter 2. To install TCP/IP on an existing Windows 2000Server, perform the steps that follow.

STEPS:To install Microsoft TCP/IP

Step 1. Log on as an administrator or member of the Administratorsgroup at the Windows 2000 Server machine on which you will be installing or reinstalling the TCP/IP protocol.

Step 2. Launch the Network and Dial-up Connections applet in one of two ways: from Control Panel or using the secondary menu from My Network Places (see Figure 4-2).

Figure 4-2: My Network Places secondary menu

Because the Network and Dial-up Connections applet is a commonlyused tool, you might consider creating a desktop shortcut, as shownin Figure 4-3. To do this, simply right-click the Network and Dial-upConnections applet when Control Panel is displayed and select theCreate Shortcut option. This selection will only allow you to placethe shortcut on the desktop.

Continued


4620-1 ch04.f.qc 10/28/99 11:58 AM Page 125

STEPS:To install Microsoft TCP/IP (continued)

Figure 4-3: Creating a Network and Dial-up Connections shortcut

Step 3. Open, via a double-click, the Local Area Connection (in thisexample) or the appropriately named connection (which youwould have created). The Local Area Connection Status dialogbox will be displayed (see Figure 4-4).

Figure 4-4: Local Area Connection Status dialog box

Step 4. Click Properties and the Local Area Connection Properties dialogbox will appear (see Figure 4-5).

Step 5. Click Install and the Select Network Component Type dialog boxwill appear.


4620-1 ch04.f.qc 10/28/99 11:58 AM Page 126

Figure 4-5: The Local Area Connection Properties dialog box

Step 6. Highlight the Protocol object and click Add. Select InternetProtocol (TCP/IP).

Step 7. The Internet Protocol (TCP/IP) installation will be automaticallycompleted and you will be asked to specify whether the TCP/IPconfiguration information will be obtained from another DHCPserver or whether you will manually configure the TCP/IPinformation, which is discussed in the next section.

Configuring TCP/IPRemember that two cases arise in which you would configure TCP/IP manuallyon a Windows 2000 server. First, the server may be a DHCP server, requiring astatic IP address. The second (you guessed it) is when you do not acquire yourTCP/IP configuration information from a DHCP server. These points are fairgame on the Windows 2000 MCSE exams.

Because you are now implementing manual TCP/IP configurations, be sure torevisit your network plan or as-built drawings so that you avoid duplicate IPaddresses on the same network.

Duplicate addresses will result in the error message shown in Figure 4-6, and you will see unpredictable or downright weird behavior on your network.Typically, the host that had the IP address originally is unimpeded. However,the second host that attempts to assume the same IP address will have nonetwork functionality. The rule regarding duplicate IP addresses? In general,the first host wins and all other hosts trying to use the same IP address lose.


4620-1 ch04.f.qc 10/28/99 11:58 AM Page 127

Figure 4-6: The duplicate IP address error message

STEPS:To configure TCP/IP manually

Step 1. The Internet Protocol (TCP/IP) Properties dialog box (Figure 4-7)is the starting point for manually configuring TCP/IP. As shownpreviously, this dialog box will automatically appear in a manualconfiguration scenario when you are installing TCP/IP.

Figure 4-7: Internet Protocol (TCP/IP) properties

Note that if you attempt to close the Internet Protocol (TCP/IP)Properties dialog box without providing any TCP/IP configurationinformation, you will receive an error message communicatingthat the adapter needs at least one IP address (see Figure 4-8).


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 128

Figure 4-8: Configuration error message

Step 2. Complete the IP Address, Subnet Mask, Default Gateway andPreferred and Alternate DNS fields (see Figure 4-9). You must setunique IP address information for each bound adapter. Type thatvalue in the IP Address field.

Figure 4-9: Completed Internet Protocol (TCP/IP) properties

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 129

STEPS:To configure TCP/IP manually (continued)

Note that for automatic TCP/IP configuration via a DHCP server,you would select the Obtain an IP Address from a DHCP Serverradio button in the TCP/IP Properties dialog box.

Step 3. You must provide the information required in the Subnet Maskfield. As discussed at length in Chapter 3, this information may be any of the items in Table 4-1.

Table 4-1 Possible Subnet Mask Values

Class Value

Class A 255.0.0.0

Class B 255.255.0.0

Class C 255.255.255.0

Other Appropriate subnet mask based on your subnetting scenario (for example,255.255.255.240)

Step 4. You may or may not provide an IP address value for the DefaultGateway field depending on your situation. Here again, it’s like taxlaw: everyone’s situation is typically unique. If you are on a singlesubnet, this is not a required value.

On the MCSE exams, understand that the Default Gateway value is anoptional entry on nonrouted networks.

Single subnet scenarios will typically leave this value blank or insert the IPaddress value of one of the Windows 2000 servers. Multiple subnet or routedscenarios will typically insert the value of the actual router (for instance, aCisco router).

Leaving the Default Gateway value blank doesn’t mean that your subnet doesn’tparticipate in a routed network scenario. Routing may occur in other ways:Remote-Access Services (RAS), Microsoft Proxy Server, or the Windows 2000Server routing table (via the route command).


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 130

Properly configured, RAS can act as a router to the other networks includingthe Internet. RAS can also do this while acting as a gateway that translatesnetwork-based communications between different types of protocols. RAScan even transport data from a fundamentally nonroutable network based on NetBEUI (a nonroutable protocol) to another network such as TCP/IPbased on its capability to act as both a router and a gateway.

Another routing scenario on a Windows 2000 Server network when theDefault Gateway field is left blank occurs when Microsoft Proxy Server is part of the picture. This occurs in one of two ways. First, when theWinSock Proxy (WSP) client is installed on a client, all Windows Socketsactivity or calls are redirected to Microsoft Proxy Server. In English, thatmeans you can leave your Default Gateway field blank on a client, yet haveyour Internet Explorer browser correctly find a resource on the Internet viaMicrosoft Proxy Server and a valid Internet connection. In essence, MicrosoftProxy Server is acting as the default gateway via the WSP client configurationand the Proxy Server declaration you make on the Connection tab sheet ofInternet Explorer.

A second Microsoft Proxy Server routing scenario relates to the use of theIPX protocol for a client on your internal network and the TCP/IP protocol for your connection to the Internet. Properly configured (be darn sure to read the README and RELEASE NOTES files that ship with Microsoft ProxyServer to correctly implement an IPX client. Trust me!!!), the IPX-based clientdirects its Internet communications through Microsoft Proxy Server to theTCP/IP-based Internet. Bingo — routing and gateway functionality all in one.

The route command allows for routing when the Default Gateway field is leftblank by enabling you to create static routes between networks. This wasdiscussed in Chapter 3.

Static routes created by the route utility always override the default gateways.

Advanced TCP/IP configurationsClicking the Advanced button on the Microsoft TCP/IP Properties dialog boxwill spawn the Advanced TCP/IP Settings dialog box (see Figure 4-10). Modifythe settings on the IP Settings, DNS, WINS, and Options tabs as required. Don’tpanic, I’ll be discussing these tabs in a moment! You will see that many of the IPaddress settings you’ve previously entered are shown again in the AdvancedTCP/IP Settings dialog box.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 131

Figure 4-10: Advanced TCP/IP settings

Adding IP addressesThis is your opportunity to add multiple IP addresses to an adapter. Truth be told, I’ve learned the hard way that this is never more than an interimsolution or workaround to a specific problem (such as the three I describelater). Regrettably, I’ve found that this feature exposes some of the funda-mental weaknesses in the TCP/IP protocol stack in Windows 2000 Server.Adding multiple IP addresses to a single adapter “kinda” works, but never as well as adding multiple adapters, each with its own unique IP address, to the same Windows 2000 Server. Stated another way, I’d rather have threenetwork adapter cards with three unique IP addresses than one networkadapter with three IP addresses assigned to it. I’ve encountered differenttypes of errors when assigning multiple IP addresses to a single adapter. One example was an intermittent network failure. Here, the inability of workstations to access a distributed database that relied heavily onTCP/IP-based communications, such as Windows network implementationsof the Progress database application and their use of the good old HOSTS file, was ultimately traced back to having multiple IP addresses assigned to the network adapter in the server.

This is a known gotcha on the MCSE exams. Spend an extra few moments in this section understanding why you would or wouldn’t assign multiple IP addresses to a single network adapter card.

Why would we ever assign multiple IP addresses to a single network adaptercard? For several reasons, all based on TCP/IP encounters that I’ve had overthe years:


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 132

■ Scenario one: This is a case of a client being surprised by the rapidconsumption of existing IP addresses.

This scenario, from the Windows NT Server days, but with implications forthe Windows 2000 Server era, involves a client that was underengineeredand underserved by the previous Internet consultant. The consultant did not allow for growth, so the client received a small range of real IPaddresses from the consultant. Later, the firm experienced growth and had a second but separate range of real Internet addresses assigned to the site. To enable all of the workstations to see and use the server, asecond IP address from this new range of IP addresses was assigned andbound to the single adapter inside the server (see Figures 4-11 and 4-12).

Figure 4-11: A small network with a single IP address assigned to the server network adapter card

Figure 4-12: A small network with two IP addresses assigned to the server network adapter card

Windows 2000 Server204.107.6.200210.25.44.102

USER C204.0107.6.103

USER D204.107.6.104

USER B204.107.6.102

*Ethernet*Ethernet

USER A204.107.6.101

USER E210.25.44.103

USER F210.25.44.104

USER H210.25.44.106

*Ethernet*Ethernet

USER G210.25.44.105

Windows 2000 Server204.107.6.200

USER C204.0107.6.103

USER D204.107.6.104

USER B204.107.6.102

*Ethernet*Ethernet

USER A204.107.6.101


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 133

It didn’t work. No sooner was this second address range implemented on the network than I (the newly hired consultant) started to receiveservice-related calls that User A couldn’t browse the Internet, User B’s Internet e-mail didn’t work, and the point-of-sale machine (User H)couldn’t write to the Progress database on the server machine. One $80 network adapter later (plus my labor, which of course exceeded the price of the network adapter), each subnet had a specific networkadapter inside the server machine. And each of these network adaptershad only one IP address. Life was good! (Note that I did turn on routingunder the Routing tab sheet under TCP/IP Protocol properties. I willdiscuss this feature shortly.)

A follow-up comment to scenario one: Several months later, for a varietyof reasons, an effort was made to clean up the split IP address layout. Anew ISP was selected and an Internet IP address range that was morethan sufficient to accommodate the present and future IP addressingneeds for this firm was acquired. That allowed the server machine tooperate with just one network adapter. Life was really good after that!

■ Scenario two involves network rework because the MCSE textbook was followed too closely in designing the network, resulting in a TCP/IPdesign that wasn’t the best fit for various networking components. Thefix you will read of in the following paragraphs involved assigning two IPaddresses to the server’s network adapter for a short period of time.

Here a client had a network that, while not incorrectly configured, wasn’t(shall we say) optimally configured. This firm had designed a network right out of the Microsoft Official Curriculum (MOC) with “classroom” IPaddresses of 131.107.2.2xx with a Class C subnet (255.255.255.0). It basicallyworked until the Cisco router engineer voiced objections to having a ClassB range of host addresses associated with a Class C subnet mask. Fairenough. But because I couldn’t get to each client machine instantaneouslyto change its IP address (even via lease assignments with DHCP), I had totemporarily assign a second IP address (perhaps 204.107.2.200) to thenetwork adapter inside the Windows 2000 Server machine.

It worked fine and allowed the clients to log on to the network under either the old IP address range (131.107.2.2xx) or the new IP address range(204.107.2.2xx). This temporary fix of having two IP addresses assigned to the same network adapter on the server was kept in place for just a few days. At that point, the network adapter card inside the Windows 2000Server machine assumed just the new IP address. The problem was solved,resulting in a happy client and a happy Cisco router engineer.

■ Scenario three is similar to scenario two. This is a case of “borrowing”private network IP addresses for a few days until the authentic Internet-registered IP addresses are obtained from the ISP.

Often, a client will proceed with a TCP/IP-based network installationprior to receiving its real IP address assignment from the InterNIC. Thereare usually compelling business reasons to move ahead without regard


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 134

for what IP addressing is being used. These reasons, of course, typicallyinvolve money, such as an expiring support agreement on an old AS-400that the client (a) doesn’t want to renew and (b) wants to convert toWindows 2000 Server and the BackOffice applications pronto! In thesecases, I’ve used the dummy IP address range of 10.0.0.x while awaiting an IP address assignment (typically Class C) and domain registrationfrom the InterNIC.

In the real life scenario involving my client, once my client received theInternet-registered IP address range from the Internet Service Provider, Ibriefly had to support the phony IP address range (10.0.0.x) and the real IPaddress range until each client machine could be properly reconfigured.Again, this example underscores the appropriate use of multiple IPaddresses assigned to a single network adapter.

To add multiple IP addresses, simply click the Add button and enter the IP address on the screen shown in Figure 4-13.

Figure 4-13: Adding TCP/IP addresses

Clicking anywhere on the Subnet Mask field will automatically populatethis entry for you. Thus, you do not need to manually enter the requiredsubnet mask value if you are conforming to the traditional Classes A, B,and C host range rules. For example, if you entered 204.107.6.165 as anadditional IP address and clicked Add, the Subnet Mask column wouldalready be populated with 255.255.255.0 (the Class C subnet mask value).Beware of using unusual combinations of IP address and subnet maskvalues and relying on the automatic Subnet Mask field populate feature.For example, if you were an ardent MCSE student and set up your network


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 135

exactly like those found in classrooms using the MOC, you would be introuble with the automatic Subnet Mask field populate feature. That’sbecause the MOC setup of 131.107.6.x is a Class B host value, but the MOCuses a Class C subnet mask value. Bad news when using the automaticSubnet Mask field populate feature. In this example, you would need tooverwrite the default subnet mask value of 255.255.0.0 and insert255.255.255.0 to truly conform to the MOC class setup guidelines.

I successfully added one dozen TCP/IP values to one network adapter beforetiring of the exercise. You can actually add up to 255 IP addresses to a singlenetwork adapter.

However, understand that Microsoft’s official position with respect toassigning multiple IP addresses to a single network adapter is useful for a computer connected to one physical network that contains multiple logicalIP networks. Enough said.

Multiple gatewaysHang on to your hat. This field isn’t what you may think it is. Perhaps youthought this was the Holy Grail of having a Windows 2000 Server machineparticipate on two internetworks simultaneously. An increasingly commonscenario, illustrated in Figure 4-14, is when the corporate LAN may beconnected via a Frame Relay-based WAN and the Internet connection is via an ISDN or ADSL/DSL connection from the corporate headquarters.

However, the Gateways field isn’t designed to accommodate this routingneed. It is designed to create redundant routes on the same internetwork.Thus, defining multiple gateways would be useful for a corporate networkthat rightfully needs robust WAN connectivity between its sites and is willingto pay for it! The proper use of multiple gateways is shown in Figure 4-15.

Figure 4-14: Corporate WAN and ISDN Internet connection

Router

Windows 2000 ServerPDC

Microsoft Proxy Server

ISDN Router

DSU

CorporateWAN

INTERNET


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 136

Figure 4-15: Windows 2000 Server on a corporate WAN

By the way, the solution for the multiple internetwork scenario presented inFigure 4-14 is to create multiple static routes via the route utility. And be sureto make those routes persistent with the –p command line switch, or else youwill have to enter the static routes again when you reboot the Windows 2000Server machine.

The bottom line on multiple gateways? Properly configured, internetworkingcommunications capabilities are maintained even when transmission problemsare occurring because the system will try other routers in the internetworkconfiguration to ensure success.

If you use multiple gateway entries, be sure to make wise use of the metricvalue. The lower the metric (a.k.a. cost), the higher the priority for thatroute. Stated another way, a metric of 1 has a lower cost than a metric of 2,and you should always be looking for ways to lower your costs. You may beinterested to know the Metric field replaces the Up and Down buttons usedfor multiple gateways in the old Windows NT Server 4.0 days.

Other configuration issuesSeveral additional tab sheets on the Advanced TCP/IP Settings dialog boxneed configuring to fully implement the TCP/IP protocol stack. These tabsheets, beyond the IP settings discussed above, are DNS, WINS, and Options.

WANvia

Telco B

DSURouter

DSURouter DSU

DSU

Router

Router

Windows 2000 ServerCorporate - PDC

Windows 2000 ServerPDC

Corporate HQSite

Portland Site

WANvia

Telco A

The intent of the "Gateways" field in the Advanced IP Addressing dialog box is to support redundant WAN paths


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 137

DNSDNS, of course, offers robust name resolution for TCP/IP hosts. This lengthytopic is discussed in Chapter 6, and it is the preferred name resolutionapproach in Windows 2000 Server. You also should use DNS to interact betterwith non-Windows network computers such as UNIX and Internet hosts. Thissection discusses DNS from the client configuration side; Chapter 6 discussesDNS from the server side (that is, running a DNS server).

The DNS configurations made on the DNS tab sheet are global. Thesemodifications are not made on a per-network adapter basis, but rather a per-machine basis. The entries that you make here affect all networkadapters on your Windows 2000 Server machine.

STEPS:To configure TCP/IP DNS connectivity

Step 1. Assuming you have the Network and Dial-Up Connections appletopen, launch the local area connection of your choice. The LocalArea Connection Status dialog box will appear.

Step 2. Select the Properties button. The Local Area ConnectionProperties dialog box will be displayed.

Step 3. Highlight the Internet Protocol (TCP/IP) component and select the Properties button. The Internet Protocol (TCP/IP) Propertiesdialog box will be displayed.

Step 4. On the General tab of the Internet Protocol (TCP/IP) Propertiesdialog box, select the Advanced button.

Step 5. Select the DNS tab. The DNS tab sheet will be displayed (see Figure 4-16).

Figure 4-16: DNS tab sheet


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 138

Step 6. In the DNS address, in order to use the field, enter the values foryour DNS servers. These are IP addresses, typically provided byyour Internet Service Provider (ISP). Note that you most oftenenter a pair of DNS addresses so that you have multiple locationsto seek name resolution.

If for some reason your ISP neglected to provide you with DNS addresses, youcan typically find this information at the ISP’s Web site as part of its supportinformation or a Frequently Asked Question (FAQ). Why do I share this withyou? Because on more than one occasion, in the wee hours of the morning,with the ISP staff safely in bed, I’ve found this critical DNS address informationexactly this way.

You may also, via the up or down arrows, select the DNS site youwant to visit first when attempting to resolve a host name.

You might also make a third entry, for your ISP’s SMTP mail server, if you planto use DNS resolution with the Microsoft Exchange IMS (Internet Mail Service)and the SMTP server is separate from the other DNS servers maintained by theISP. Failing to make the correct entry in the DNS Service Search Order field andelecting to use DNS with the IMS may result in message delivery failure to theInternet. In English, get it right and it will work.

Although Microsoft Exchange is a BackOffice application and Windows 2000 Server an operating system, this example does serve to demonstrate how BackOffice applications areintegrated with the underlying Windows 2000 Server operatingsystem. Figure 4-17 shows one form of such integration, with theselection of DNS being used by Microsoft Exchange’s IMS.

Step 7. In the middle section of the DNS tab, there are three settings youmay select. The Search primary DNS domain and DNS domain ofeach connection radio button allows you to limit third-level andother unqualified DNS domain name searches to the computer’sparent DNS domain. Note that you can find a more robustdefinition of this radio button simply by right-clicking when your mouse is over the option (giving the radio button the focus) and selecting the What’s This? secondary menu option.

The checkbox titled Search the parent domains of the primaryDNS domain allows you to extend the search from the parentdomain to the parents (for example, grandparents) of the parentdomain. Again, the What’s This? secondary menu option for thisitem provides an extensive explanation of this ability.

The Search these DNS domains (in order) radio button allows you tolimit the DNS domain names that may be searched for, in so manywords. Again, see the What’s This? secondary menu option for a farmore detailed and technical explanation (that is, if you really havetime on your hands).

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 139

STEPS:To configure TCP/IP DNS connectivity (continued)

Figure 4-17: The Microsoft Exchange IMS configured to use DNS for message delivery

Step 8. Complete the DNS domain name field. This is the DNS domain nameassociated with this network connection. It’s very important, as thenext secret explains.

Failure to correctly complete the Domain field will cause the Internet MailService to fail upon startup in Microsoft Exchange 5.x.

Microsoft Exchange will write out Error #4067 to the Applicationlog in Event Viewer (see Figure 4-18). But you’ll probably learn ofthis misconfiguration another way, from the users who complainthey don’t have Internet-based e-mail. It seems that users arealways your best error log.

DNS


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 140

Figure 4-18: A missing TCP/IP domain name error generated by Microsoft Exchange

WINS addressesThe WINS Addresses tab sheet offers a client-side configuration to enable themachine you are configuring to point to one or more WINS servers. It is alsowhere you may identify the machine you are setting up to be one of thosemachines you’re pointing at as a WINS server (you can point to yourself, inshort). You may make two selections that can have a dramatic impact on how names are resolved. The implicit assumption prior to performing theconfigurations on this tab sheet is that a WINS server exists on your network.More importantly, understand that WINS functionality is included to accom-modate the older Windows NT networks, wherein WINS assumed a largename resolution role. As mentioned several times in this book, Dynamic DNS has largely replaced WINS as the name resolution method of choice.

STEPS:To configure or reconfigure TCP/IP to use WINS

Step 1. Select the Advanced button from the Internet Protocol (TCP/IP) Properties. The Advanced TCP/IP Settings dialog box will be displayed.

Step 2. Select the WINS tab sheet (see Figure 4-19).

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 141

STEPS:To configure or reconfigure TCP/IP to use WINS (continued)

Figure 4-19: The WINS tab sheet

Step 3. Select the Add button and the TCP/IP WINS Server dialog box will appear. Enter the IP address of the WINS server and click Add(see Figure 4-20). Repeat this step as many times as necessary.

Figure 4-20: TCP/IP WINS Server dialog box


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 142

Step 4. To use the LMHOSTS file, select the Enable LMHOSTS Lookupcheckbox. This is selected by default in Windows 2000 Serverwhen the TCP/IP protocol stack is installed. By default, Windows2000 Server uses the LMHOSTS file maintained in the \WINNT\SYSTEM32\DRIVERS\ETC subdirectory. The LMHOSTS file is discussed at length in Chapter 7. Alternate LMHOSTS filelocations may be specified via the Import LMHOSTS button.

Note the Enable LMHOSTS lookup checkbox and Enable NetBIOSover TCP/IP radio button are selected by default. This causesseveral issues to surface:

• The names discovered via broadcasts are cached and can bedisplayed via the nbtstat command (discussed extensively inChapter 7).

• Entries in the LMHOSTS file can be preloaded into the nameresolution cache via the #PRE statement. This results in muchfaster name resolutions because this information is maintained inprimary storage (cached in RAM memory) instead of requiring anaccess to secondary storage (the LMHOSTS file stored on the localhard disk). The LMHOSTS file is discussed extensively in Chapter 5.

• When in doubt about any name resolution dilemma, by all means feel free to reboot the Windows 2000 server to update the cached IP to name mappings. A reboot forces a refresh.

• WINS works great in Windows NT-based environments with anabundance of Microsoft-friendly clients (machines using NetBIOSnames), but falls far short in its support for foreign clientenvironments, such as Macintosh clients on a Windows 2000 Server-based network.

• WINS will be supported in Windows 2000 Server for backward compati-bility purposes, but the future of IP-to-NetBIOS name resolution restssquarely with Dynamic DNS, one of the new features in Windows 2000Server. Dynamic DNS is discussed more in Chapter 6.

Step 5. Not surprisingly, after you have completed configuring WINS, you should reboot your Windows 2000 Server machine for thesechanges to be properly implemented. What do I mean by properlyimplemented? Do I mean the time at the local hardware storewhen my East Texas accent provoked the sales clerk to remarkthat I was the first person that day to pass through who “spokeEnglish properly”? Nope. I mean that, even though Windows 2000Server won’t require a reboot with these WINS changes, I feelbetter by performing a reboot. That’s what I call implementingsomething “properly” — Windows 2000-style!


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 143

OptionsSelecting the Options tab sheet (see Figure 4-21) allows you to implement IP security and TCP/IP filtering. IP Security (a.k.a. IPsec) is discussed inChapter 13.

Figure 4-21: Options tab sheet

Selecting TCP/IP Filtering displays the TCP/IP Filtering dialog box (see Figure4-22), which allows you to enable TCP/IP filtering for all adapters. Basically,with TCP/IP filtering, you may lock your network down further by specifyingwhich ports are allowed to pass.

Figure 4-22: Enabling TCP/IP filtering


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 144

Remember that upper-range port values (between 1,024 and 65,536) areavailable to you for private use and in creating secure sessions. The problem,similar to a CB radio conversation between two truckers on upper CB channels,is that all parties using TCP/IP security and participating on your network mustagree to the specific port values that will be allowed. Be careful here. AlthoughTCP/IP security enables you to control the type of traffic (typically Internet)that actually reaches the network adapter card of your Windows 2000 server,your network can suffer greatly if these values are set incorrectly!

Supporting roving users with TCP/IPA client showed me this problem that actually applies to the Windows 95 and Windows 98 Registry. He was faced with using real IP addresses at a half-dozen athletic clubs that he oversaw. Each athletic club had its ownsubnet. One problem was that, because of an older database, static IPaddresses (referenced in a HOSTS file) made DHCP addressing impossible.And several managers carried laptops running Windows 95 between theclubs. These static IP addresses resulted in a “No Domain Server Available”message when a user traveled to a distant club with a different subnet andattempted to log on. The solution?

My client created a *.reg file for each of the six athletic clubs and placedthese reg files on each user’s Windows 95 (now Windows 98) desktop. Thefiles had names that corresponded to club names, such as ctc.reg andjbc.reg. The contents of the ctc.reg file are:

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\_NetTrans\0001“IPAddress” = “209.34.123.156”“DefaultGateway” = “209.34.123.145”“IPMask” = “255.255.255.240”

Each user, by double-clicking the appropriate *.reg file, changes the IP addressinformation on the Windows 95 laptop and so is able to participate fully on theclub’s network. Again, the Registry entry, via the *.reg file approach, applies to Windows 95 and Windows 98. But in reality, it’s an issue that you will confrontwhen managing TCP/IP on your Windows 2000 Server network.

Installing and Configuring Simple NetworkManagement Protocol (SNMP)

One of the reasons I so enjoy my interactions with businesspeople is thatthey, in the course of our conversations, help keep me grounded in reality.Though I’m most excited about some of the advanced and powerful featuresof Windows 2000 Server, my business brethren view technology simply as atool to help them run their businesses better. If I can help them do so withmy tool set, including Windows 2000 Server, so much the better.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 145

For your part, you might view SNMP as a tool to help you run your networkbetter. In fact, you might not be concerned about the finer points of SNMP,but more interested in its management-reporting capabilities. Most likely, you just want to know when something is wrong with your network. For you, SNMP is a great place to start.

In the real world, SNMP has become the accepted standard for managingnetwork devices. HP Open View, CA-Unicenter TNG, and other managementsystem tools rely on SNMP not only to gather network device information but also to manage and configure these devices. The bottom line on SNMP in general: it is a powerful and flexible tool to monitor and control networks.This is accomplished by its distributed architecture with basically twocomponents, the management system (like the third-party productsmentioned previously) and agents.

The bottom line on SNMP with Windows 2000 Server: loser. Natively,Windows 2000 Server doesn’t use SNMP at any great level of depth. The only thing a Windows 2000 server may do running the SNMP service(without any enhancements) is to report its status to an SNMP managementsystem on a TCP/IP network.

In other words, the Windows 2000 Server SNMP service is merely an SNMPagent. SNMP agents may only initiate trap operations. You may or may notknow that a trap operation alerts management systems to events such aslogon failure due to password violations. Microsoft’s SNMP service is notnatively an SNMP management system. To be one, it would have to berunning SNMP management software, such as HP Open View.

This disappointment extends even to Microsoft System Management Server (SMS), a network management application that is included as part of Microsoft BackOffice. SMS is a popular management tool forEnterprise-level implementations of Windows 2000 Server. In fact, if you’ve taken the MCSE course on SMS, you will recall that SMS doesn’t even use SNMP to gather network information. It is the one Microsoftapplication that you would expect to do so. Nope! SMS gathers networkinformation via SMS agents that run on end-user workstations, includingMacintosh, and other servers.

The only interaction between SMS and SNMP is at the Management InformationBase (MIB) level. The configuration information from SNMP-compliant hostsrunning SNMP agents can be displayed via the “Event to Trap Translator”screen in SMS. That is, you may, in a read-only approach, view SNMP agentconfiguration information on your TCP/IP network. You may not actuallymanage the SNMP nodes from either SMS or Windows 2000 Server itself.

The only thing SNMP is really good for out of the box is to provide, as I’vementioned in passing, additional TCP/IP-related object:counters in PerformanceMonitor. Its value increases greatly when used in conjunction with third-partysolutions such as HP Open View and CA-Unicenter. But SNMP on Windows 2000Server — alone isn’t much to write home about.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 146

Architecturally speaking, the SNMP service runs at the application layer ofthe OSI model. Descending through Windows Sockets, the SNMP service uses UDP, not TCP, as its transport layer protocol. (You will recall that UDP is a connectionless, nonguaranteed connection mechanism).

If you are interested in developing for SNMP in Windows 2000 Server, you are best advised to contact the Microsoft Developer’s Resource Group [email protected].

Planning for SNMPMake sure that you’ve covered these three steps prior to installing the SNMP service:

■ Have the IP addresses or host names for all hosts that will send SNMP traps.

■ Be sure that the Windows 2000 Server name resolution methods you are using have the IP/host name mappings for all SNMP hosts on yournetwork. For example, if you were using the LMHOSTS file, you wouldmake name resolution mapping entries manually.

■ Select an SNMP management system. To properly use the MicrosoftSNMP service, you must have at least one SNMP management system(several choices, such as CA-Unicenter, were discussed earlier).

Installing SNMP serviceInstalling the Simple Network Management Protocol (SNMP) service is very simple. It is installed, as are many other services, via the WindowsComponents Wizard. To successfully install the SNMP service, you will needto be logged on as a member of the Administrators group.

STEPS:To install SNMP

Step 1. Launch the Add/Remove Programs applet from Control Panel. TheAdd/Remove Programs dialog box will appear.

Step 2. Select the Add/Remove Windows Components button in the leftpane of the Add/Remove Programs dialog box (see Figure 4-23).

Step 3. The Windows Components Wizard will be launched. Select theManagement and Monitoring Tools component (see Figure 4-24).

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 147

STEPS:To install SNMP (continued)

Figure 4-23: Add/Remove Programs dialog box

Figure 4-24: Windows Components Wizard

Step 4. The Management and Monitoring Tools dialog box will appear.Select the Simple Network Management Protocol subcomponent(see Figure 4-25).

Step 5. Click OK on the Management and Monitoring Tools dialog box.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 148

Figure 4-25: Management and Monitoring Tools

Step 6. Click Next on the Windows Component Wizard. The componentsthat you selected (for example, SNMP agent) will be configured.

Step 7. Click Finish when the Completing the Windows Components Wizardscreen appears. You have completed the SNMP agent installation.

Configuring the SNMP agentFirst, you are asked to provide user contact and physical location informationwhen presented with the default Agent tab sheet view of the Microsoft SNMPProperties dialog box. You will also elect what types of services may bereported based on the computer’s SNMP agent configuration.

Remember that as you manage your Windows 2000 Server-based network, you will have plenty of opportunities to provide user and location information.Aside from the SNMP agent configuration, you will have the chance to providesimilar information when creating a user in Microsoft Exchange and whenMicrosoft System Management Server performs a hardware inventory at aclient machine (and creates an MIF file).

The reason I share this observation is that one of the underlying principles of database management is the creation and maintenance of a single table forcertain data types. Just something to think about as you complete the SNMPagent configuration.

The SNMP configuration information identifies the following communitiesand trap destinations:

Community name. Much as the name implies, an SNMP community is agrouping of hosts running the SNMP service. Not surprisingly, communities are identified by a community name. An SNMP community is akin to a domain in Windows 2000 Server, an organization in Microsoft Exchange, or a site inMicrosoft System Management Server. And like local security in SQL Server, an SNMP community name provides basic security and context checking foragents and management systems that receive requests/initiate traps and initiaterequests/receive traps, respectively. The community name is embedded in the


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 149

SNMP packet when the trap is sent._When the SNMP service receives a requestfor information that does not contain the correct community name and doesnot match an accepted host name for the service, the SNMP service can send atrap to the trap destination(s), indicating that the request failed authentication.

Trap destinations are the names or IP addresses of hosts to which you wantthe SNMP service to send traps with the selected community name.

You might want to use SNMP for statistics but may not care about identifyingcommunities or traps. In this case, you can specify the “Public” communityname when you configure the SNMP service.

STEPS:To configure SNMP agent information

Step 1. Assuming you are logged on as an Administrator, launch aMicrosoft Management Console (by typing MMC in the Run dialog box accessed via the Start menu) and add the Servicessnap-in. Double-click the SNMP Service to display the SNMPService Properties (Local Computer) dialog box. Choose the Agent tab (see Figure 4-26).

Figure 4-26: Agent tab


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 150

Step 2. Type the computer user’s name in the Contact box and thecomputer’s physical location in the Location box. Thesecomments are treated as text and are optional.

Step 3. Set the Service options as described in Table 4-2. Check all the boxes that indicate network capabilities provided by yourWindows 2000 computer. SNMP must have this information tomanage enabled services.

If you have installed additional TCP/IP network devices, such asa switch or a router, you should consult RFC 1213 for additionalinformation, as these configurations are beyond the scope of this book.

Step 4. Proceed to the next set of steps to configure SNMP Traps andSecurity. There are several SNMP-specific services to select, as seen in Table 4-2.

Table 4-2 SNMP Services

Option Description

Physical Select this option if this Windows 2000 computer manages any physical TCP/IP device, such as a repeater.

Applications Select this option if this Windows 2000 computer includes any applications that use TCP/IP, such as e-mail. This optionshould be selected for all Windows 2000 installations.

Datalink/Subnetwork Select this option if this Windows 2000 computer manages a TCP/IP subnetwork or datalink, such as a bridge.

Internet Select this option if this Windows 2000 computer acts as an IP gateway.

End-to-end Select this option if this Windows 2000 computer acts as an IP host. This option should be selected for all Windows 2000installations.

Configuring SNMP communities and trapsTwo necessary configurations for the SNMP service are community namesand traps. Both of these configurations are set with the Traps tab sheet, asthe next several steps will show you.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 151

STEPS:To configure SNMP traps

Step 1. In the SNMP Service Properties (Local Computer) dialog box,choose the Traps tab. The Traps dialog box appears, as shown in Figure 4-27.

Figure 4-27: The Traps dialog box

Step 2. To identify each community to which you want this computer to send traps, enter the name in the Community Name box (for example, “Public”). After typing each name, choose the Add to list button.

Typically all hosts belong to Public, which is the common name of all hosts. To delete an entry in the list, select it and choose the Remove from list button.

An SNMP agent may be a member of multiple communities simultaneouslyallowing communications with SNMP managers from different communities.Note that community names are case sensitive.

Step 3. To specify hosts for each community to which you send traps,after you have added the community and while it is still high-lighted, click Add under the Trap Destinations box. The SNMPService Configuration dialog box appears (see Figure 4-28). Enter


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 152

a host name, its IP address, or its IPX address in the Host Name, IP or IPX Address fields. Then choose the Add button to move thehost name or IP address or IPX address to the Trap Destination forthe Selected Community list.

Figure 4-28: SNMP Service Configuration dialog box

Configuring SNMP securitySNMP security allows you to specify the communities and hosts from which acomputer accepts requests and to specify whether to send an authenticationtrap when an unauthorized community or host requests information.

STEPS:To configure SNMP security

Step 1. In the SNMP Services Properties (Local Computer) dialog box,choose the Security tab (see Figure 4-29).

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 153

STEPS:To configure SNMP security (continued)

Step 2. If you want to send a trap for failed authentication, select the Send Authentication Trap checkbox.

Step 3. In the Accepted Community Names box, click the Add button. The SNMP Service Configuration dialog box appears. Type the community name you want to accept requests from and the community rights (None, Notify, Read Only, Read Write, Read Create). Click Add to move the name to the AcceptedCommunity Names list.

A host must belong to a community that appears on this list for the SNMP service to accept its requests. Typically, all hostsbelong to Public, which is the standard name for the commoncommunity of all hosts. To delete an entry in the list, select it and choose the Remove button.

Figure 4-29: The Security tab

Step 4. Specify whether to accept SNMP packets from any host or fromonly specified hosts.

• If the Accept SNMP Packets from Any Host option is selected, no SNMPpackets are rejected on the basis of source host ID. The list of hostsunder Only Accept SNMP Packets from These Hosts has no effect.


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 154

• If the Only Accept SNMP Packets from These Hosts option is selected,SNMP packets are accepted only from the hosts listed. Click Add todisplay the IP Host or IPX Address dialog box. Then type the hostnames, IP addresses, or IPX addresses of the hosts from which youwant to accept requests. Next, choose the Add button to move eachhost name or IP address to the list box. To delete an entry in the list,select it and choose the Remove button.

Step 5. Choose the OK button. You are returned to the Services (Local)MMC. The SNMP service and SNMP security are ready to startwithout rebooting the computer, but don’t you believe that for amoment. When making such changes to the underlying networkservice, always reboot your Windows 2000 Server computer toensure proper binding. As mentioned earlier in the chapter, it’spart of implementing “properly.”

TCP/IP-Related ServicesThis chapter ends with a quick review of TCP/IP-related services that may be installed via Windows Component Wizard. Having read this chapter andinstalled and worked with TCP/IP, you’re now ready to add more services as needed.

Remember that you should never add more services than necessary. Notonly do unnecessary services take up precious RAM, but it has been mypersonal experience that poorly implemented additional Windows 2000Server services can lead to poor performance and even unexplained funkybehavior, including blue screens. Use only what you need!

The way to extend and take advantage of all that TCP/IP has to offer isn’tnecessarily to type IP addresses into a dialog box all day. Rather, you extendTCP/IP on your Windows 2000 Server network by considering whether theservices listed in Table 4-3 enable you to run your network better.

Table 4-3 TCP/IP-Related Services

Service Description

Microsoft Internet Microsoft Internet Information Server 5.0 is a BackOffice InformationServer application that provides Web connectivity and Web pagehosting, managing other features. This is considered a must-add,because the management of Internet and intranet Web sites is nowstandard operating procedure with Windows 2000 Server.

COM Internet This allows DCOM to travel over HTTP-based sessions (via IIS).Services Proxy

Continued


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 155

Table 4-3 (continued)

Service Description

Microsoft DHCP Automatically configures TCP/IP on clients including Windows Server 2000, Windows 95/98, Windows for Workgroups, and

Windows 3.11.

Windows Internet Used for dynamically registering and querying NetBIOSService Name (WINS) computer names on an internetwork.

Microsoft DNS Domain Name Service (DNS) registers and queries DNSdomain Server names on an internetwork.

Microsoft TCP/IP Implements the LPD printing service for accessing printersPrinting connected to UNIX-based computers. Note that this option

must be installed if you want to use the Lpdsvr service so that UNIX computers can print to Windows 2000 printers. Note that discussion of this service has appeared on MCSEcertification exams.

Internet Authentication This allows verification of requests received via the RADIUSService protocol.

QoS Admission You may set the quality of network service by subnet Control here. Service

Site Server Monitors TCP/IP stacks and keeps directories up to date withthe LDAP Services most current user information.

Simple TCP/IP Provides the client software for the Character Generator,Daytime Services Discard, Echo, and Quote of the Day services. Select this

option to allow this computer to respond to requests fromother systems that support these protocols.

SNMP Service As discussed in this chapter, this service for the SimpleNetwork Management Protocol installs SNMP agent softwareon the local Windows 2000 Server. SNMP Service also addsseveral robust TCP/IP object:counters visible under SystemPerformance Monitor.

SummaryIn this chapter, TCP/IP was installed and configured for use on a Windows 2000Server network. The following topics were covered:

� Installing TCP/IP

� Configuring TCP/IP

� Configuring additional TCP/IP services


4620-1 ch04.f.qc 10/28/99 11:59 AM Page 156

Documents

Installing and Configuring TCP/IP - Del Mar Collegeacademy.delmar.edu/Courses/ITSC1405/eBooks/Win2K-03(ServerSec… · different. For information on how to install TCP/IP during setup,