Module 11: Windows NT Network Services
Installing Network Services |
- Use Services tab in Network program in Control
Panel to perform the functions Add, Remove, Properties and Update.
- Network services included with Windows NT Server include
the following:
- DHCP = Dynamic Host Configuration Protocol
- WINS = Windows Internet Name Service
- DNS = Domain Name System
- Computer Browser Service
Dynamic Host Configuration Protocol (DHCP) |
The DHCP Server service centralizes and manages the
allocation of TCP/IP configuration information by automatically assigning
- IP addresses
- Subnet mask and
- Default Gateway
to computers that have been configured to use DHCP.
The Process in Brief
- Each time a DHCP client starts, it request TCP/IP
configuration info from DHCP server.
- The DHCP server receives request, selects an IP address
from pool of addresses defined in database and then offers it to the client for a
specified period of time.
Manual Configuring IP Addresses
Potential problems:
- Entering an invalid address, or an address currently in
use, can result in network problems.
- Entering an incorrect subnet mask can cause communication
problems with other networks.
- There is administrative overhead if computers frequently
move from one subnet to another.
Using DHCP to Configure IP Addresses
Advantages:
- Client receives valid IP address
- Configuration information is correct.
DHCP Requirements
A DHCP Server requires:
- DHCP Server service must be installed and properly
configured on Windows NT Server (PDC, BDC or member server). It doesn't have to be on the
PDC.
- DHCP Server must be configured with static IP address,
subnet mask, and default gateway (optionally).
- If IP routers don't support RFC 1542, a DHCP Server is
required on each subnet.
- DHCP scope must be created on DHCP Server.
Note: |
A Windows NT Workstation can't be a DHCP Server |
A DHCP Client is supported by following
operating systems:
ONLY Microsoft O/S's
- Windows NT Server or Workstation 3.5 or later
- Windows 95
- Windows for Workgroups 3.11
- Network Client 3.0 for MS-DOS
- LAN Manager 2.2c
The Four phase process to configure a DHCP
client |
Use ROSA as mnemonic
Phase |
What happens |
Description |
1 - R |
IP lease request |
Client initializes a limited
version of TCP/IP and broadcasts a request |
2 - O |
IP lease offers |
All DHCP servers with valid IP
addresses send an offer to client |
3 - S |
IP lease selection |
Client selects IP address from
first offer it receives and broadcasts request to lease the IP address |
4 - A |
IP lease acknowledgment |
DHCP server that made offer
responds to message and all other DHCP servers withdraw their offers. IP address is
assigned to client and then an acknowledgment is sent to client. Client finishes
initializing and binding TCP/IP protocol |
Note: |
If the computer has multiple network adapters, the DHCP process occurs separately for
each adapter. A UNIQUE IP address will be assigned to each adapter in the computer. |
Installing and Configuring the DHCP Server
Service |
- First the Microsoft DHCP Server must be installed by means
of Add in Services tab of the Network program.
- Now you can complete DHCP configuration by using DHCP
Manager located in Administrative Tools group.
Creating and Configuring a DHCP Scope |
- Scope = range of IP addresses which the DHCP server
can assign.
- Every DHCP server needs at least one scope.
- Each scope much contain UNIQUE IP addresses
- To create a DHCP scope, in DHCP Manager, on the Scope
menu click Create. Following options can be configured in Create Scope dialog
box.
Option |
Use this option to |
IP Address Pool Start Address |
Specify first IP address
that can be assigned to DHCP client. Required field. |
IP Address Pool End Address |
Specify last IP address
that can be assigned to DHCP client. Required field. |
Subnet Mask |
Specify subnet mask to be
assigned to all DHCP clients. Required field. |
Exclusion Range Start Address |
- Specify first IP address to be excluded from IP addresses
pool because of static IP addresses.
- This is important if there are static IP Addresses
configured on non-DHCP clients
- Not required field.
|
Exclusion Range End Address |
- Specify last IP address to be excluded from IP addresses
pool because of static IP addresses.
- This is important if there are static IP Addresses
configured on non-DHCP clients
- Not required field.
|
Lease Duration Unlimited |
DHCP leases assigned to
clients will never expire. |
Lease Duration Limited to |
Specify number of days hours
and minutes that a DHCP client lease is available before it must be renewed. |
Name |
Name to be assigned to DHCP
scope. Is displayed after IP address in DHCP Manager. Required field. |
Comment |
Optional comments for scope. |
Remember: |
The Scope must be activated before the DHCP server can
provide a DHCP client with a valid IP address. On Scope menu, click Activate. |
Other DHCP Network Settings |
Background:
Setting up DHCP allows clients to participate in a TCP/IP network, but you
probably want them to communicate with other computers beyond your subnet and beyond (i.e.
the internet).
You can give the client computers additional information automatically. What
information?
- Domain name
- DNS addresses
- Default Gateway address
by setting the DHCP global and scope options.
Global options apply to all the scopes managed by the DHCP server.
Scope options apply to a single scope. For example, if you had separate DNS and
WINS servers in each IP subnet, you would use scope options.
You reach Global and Scope options from the DHCP Options Menu
These are just a few of the many network settings DHCP
clients have access to, all of which can be configured through DHCP Manager.
Option |
Use this option to configure a |
003 Router |
Default gateway |
006 DNS Servers |
IP addresses for name servers
for client |
044 WINS/NBNS Servers |
IP addresses for NetBIOS name
servers |
Global Options
- Apply to all DHCP scopes defined on the selected DHCP
server and all clients that lease an address from these scopes.
- Are used when all clients on all subnets require the same
configuration information
- Global Options are always used unless scope or client
options are configured
- DHCP Options menu, click Global
Scope Options
- Apply to only the Specified scope and clients that lease an
address from that scope
- Override global options; For example, use it to
specify a unique default gateway address for each subnet
- DHCP Options menu, click Global
Possible question: Client can't see past its subnet
-->means Router Scope Option containing the IP address of the local router wasn't set.
Client Options
- Apply to a specific client that has a reserved DHCP address
lease
- Override scope or global options
- To configure client options, first create a client
reservation; then in DHCP Manager, on Scope menu, click Active Leases. In Client
Properties dialog box, click Client, click Properties and Options.
- Use this option for
- Win95 clients
- WfW 3.11 as long as its running TCP/IP
- MS-DOS 3.0 Clients can also get DHCP IP address assignment.
Background on NetBIOS Names |
NetBIOS name is used for NetBIOS processes to communicate with each other.
- Is the computer name (or host name or UNC name) assigned during
installation.
- Is stored as an entry in the registry, and can be changed through the Network Program in
Control Panel.
- Is always specified in Windows NT commands, such as net use and net view.
- Can be determined by typing nbtstat -n at command prompt.
- Can be 15 characters in length. A 16 character can added to the name to designate the
service or application that registered the name.
Name Resolution:
The process of converting a computer name to a media access control address (MAC
address, physical address or burned-in address) is known as name resolution. Name
resolution in a TCP/IP network is really a two-step process. Computer name-->IP
address-->hardware address. Microsoft TCP/IP can use the following methods to resolve
computer name to IP address.
- NetBIOS name cache: The local cache containing the locally registered computer
names and the computer names that the local computer recently resolved to IP addresses.
- NetBIOS Name Server (NBNS) such as WINS: a server implemented under RFC 1001/1002
to provide name resolution of NetBIOS computer names. WINS is MS implementation of this.
- Local broadcast: A broadcast on the local network for the IP address of the
destination NetBIOS name.
- LMHOSTS file: A local text file that maps IP addresses to NetBIOS computer names
of Windows networking computers outside the local network. The file is stored in the
\systemroot\System32\Drivers\Etc directory.
- HOSTS file: A local text file in the same format as the 4.3 Berkeley Software
Distribution (BSD) UNIX/etc/hosts file. This file maps host names to IP addresses. This
file is typically used to resolve host names for TCP/IP utilities.
- DNS: A server configured with the DNS daemon that maintains a database of IP
address/computer name (host name) mappings. A DNS is common to UNIX environments.
NetBIOS Over TCP/IP Name Resolution Modes
- B-node (broadcast): Uses broadcasts (UDP datagram) for name registration and
resolution.
- In a large internetwork, broadcasts can increase the network load.
- Routers typically do not forward broadcasts, so only computer on the local network can
respond.
- P-node (peer-to peer): Use NBNS, such as WINS to resolve NetBIOS name. P-node
does not broadcast; instead, it queries the Name Server directly.
- Computer can span routers
- NBNS is down, computers will not be able to communicate even on the local network.
- M-node (mixed): First use b-node, then p-node.
- H-node (hybrid): First use p-node, then b-node.
- Microsoft enhanced b-node: Enhanced b-node utilizes the LMHOSTS file. Entries in
the LMHOSTS file that marked with #PRE are cached when TCP/IP initializes. Before a b-node
broadcast is sent, the cache is checked for the NetBIOS name/IP address mapping. If the
mapping is not found in cache, a b-node broadcast is initiated. If the broadcast is not
successful, the LMHOSTS file is parsed in an attempt to resolve the name.
- Summary: the order of inquiry is
- Look in name Cache from #PRE entry--->
- B-node broadcast--->
- Parse LMHOSTS FILE.
General Note: |
You usually have to exclude the static IP address from the automatic workings of DHCP
or WINS services, and it is a pain to keep entering them if you have a large network, so
it is best to limit their use.
You will have to supply a static IP address for
- DHCP server
- DNS server
- Default Gateway
- WINS server
Actually, on a small network, one computer could do all of this. So then use DHCP to
dole out all the other IP addresses to all other computers. |
Windows Internet Name Service (WINS) |
WINS is used to register NetBIOS computer names (host names or UNC names) and resolve
them to IP addresses.
The WINS database is DYNAMIC
It eliminates the need for an LMHOSTS file
On a TCP/IP network a computer NEEDS an IP address to establish connections and can't
do it using a NetBIOS computer name. This is the procedure:
- In a WINS environment, each time a WINS client starts, it registers its NetBIOS name/IP
address mapping with a designated WINS server.
- When a WINS client initiates a NetBIOS command to communicate with another host, the
name query request is sent directly to WINS server instead of being broadcast on the local
network.
- If the WINS server finds a NetBIOS name/IP address mapping for the destination host in
its database, it returns the destination host's IP address to the WINS client. Because
WINS database obtains NetBIOS name/IP address mappings dynamically, it is always current.
- If the WINS server is unavailable, the client switches to b-node and sends the query as
a broadcast message on the local subnet.
WINS Server:
- WINS servers maintain a database that maps the NetBIOS
computer names of WINS clients to their IP addresses.
- When WINS client requests an IP address, a WINS server
retrieves the IP address from its database and routes it to the client.
Requires:
- Must be configured on at least one computer running Windows
NT Server within TCP/IP internetwork. Doesn't have to be a PDC or BDC
- Static IP address, subnet mask and default gateway
WINS Clients:
Registers its computer name and IP address with a WINS
server during system startup; it then queries the WINS server for computer name
resolution.
To be a WINS client you need two things:
NOTICE only Microsoft Clients can use WINS, because WINS is the Microsoft
implementation of the resolution of host names -->IP addresses
1. To be one of these operating systems:
2. The IP address of a WINS server
Note: |
- Windows based network clients can use WINS directly.
- Non WINS computers that use broadcasts can access WINS
through proxies. Proxies are WINS enabled computers that listen to name-query
broadcast messages, forward the request to the WINS server, and then respond for names
that are not on the local subnet.
|
Installing and Configuring WINS
Same procedure as with DHCP but now select Windows
Internet Name Service. WINS Manager appears in Administrative Tools group only on NT
server on which it is installed.
To give WINS a list of computers that have static IP
addresses, you select Mappings --> Static Mappings-->Add Mappings
Configuring a WINS Client
Manually: You can manually add WINS server address to the WINS tab of TCP/IP
properties dialog.
Automatically: You can configure DHCP to provide WINS
server address by add and configure 044 WINS/NTNS Server and 046
WINS/NBT Node Type.
DNS is a distributed database providing a hierarchical
naming system for identifying hosts on Internet.
Below the root of the DNS file tree there are organizational names that
classify the type of business. These are the top-level organizational names:
Name |
Brief Description |
com |
commercial organizations |
gov |
government organizations |
mil |
Military organizations |
net |
Networking and Internet Service Providers |
org |
Non-commercial or non-profit organizations |
int |
International organizations |
edu |
Educational Institutions |
The DNS database is a tree structure called the domain
name space.
- Each domain has a name and can contain subdomains, the
root of the tree is at the top, and is represented by a period (.)
- With the exception of the root, each node in DNS database
has a name (label) of up to 63 characters.
- Each subdomain must have a unique name within its parent
domain.
- DNS domain names are formed by following the path from the
bottom of the tree to the root.
- The node names are concatenated , and a period (.)
separates each part. An optional period (.) that signifies the root can appear at the end
of the name.
What's a FQDN (Fully Qualified Domain Name)?
DNS computer names consist of two parts: a host name and a domain name, which
combine to form the FQDN. With the exception of the root, each node in the DNS database
has a name (label) of up to 63 characters.
DNS Server Service
DNS Server service is a name resolution service that
resolves an FQDN to the IP address that is then used by the internetwork.
The main function of DNS is to resolve domain names to IP
addresses. This is known as name resolution.
DNS uses a client server model, in which DNS servers (name
servers) contain information about the DNS database and make this information available to
clients (resolvers)
The name resolution process is as follows finding an IP
address this FQDN: widgets.universal.com
- Resolver (client) passes a query to local name server.
- Local name server sends an iterative request to one of the
DNS root servers, requesting resolution of the FQDN. DNS root server returns referral to
name servers that are authoritative for the com DNS domain.
- Local name server sends an iterative request to one of the com
name servers, which responds with a referral to the universal name servers.
- Local name server sends an iterative request to one of the universal
name servers.
- Universal name servers are running the DNS Server
service on a computer running Windows NT Server. They are configured to use WINS to
resolve the leftmost portion (host name) of the FQDN. When the universal name
server receives the request from the local name server, it passes the widgets piece
of the DNS name to its local WINS server for resolution. WINS returns the IP address for widgets
to the universal name server, which returns the IP address of the FQDN to the local
DNS server, which then sends it back to the client resolver.
Notice this done by integrating DNS and WINS:
Integrating WINS and DNS
- Integration of WINS will allow DNS to query WINS for name resolution of the lower levels
of the DNS tree in your zones.
- This way, DNS resolves the upper layers of the domain names and passes the final
resolution to WINS for the local computer host name to IP address resolution.
- To configure DNS to use WINS to resolve the host name of a FQDN, use DNS Manager.
Right-click the zone that will consult the WINS database for name resolution, and then
click Properties. Click the WINS Lookup tab, and then select the Use WINS
Resolution check box and type the WINS server IP address that will be used for
resolution.
DNS Benefits
- Access UNIX-based systems using friendly names.
- Connect to Internet systems using Internet naming
conventions.
- Maintain an consistent hierarchical naming scheme across an
organization.
Installing and Configuring the DNS Server
Service |
To Install:
Double click on the Network Program of the Control
Panel. On Services tab click Add and then select Microsoft DNS Server.
To Configure:
Use DNS Manager (in Administrative Tools group) to configure
and manage DNS. Following table lists the objects that can be configured:
Object |
Description |
DNS Resource Record (RR) |
- Principle object in DNS.
- The component that contains actual information elements
managed by DNS
- Three properties are common to all RR types: Owner, Class
and TTL (Time to Live)
|
DNS Domain |
Node in DNS tree that holds all
resource records for that domain |
DNS Zone |
- Subtree of the DNS database that is administered as a
single entity.
- May contain single domain, or domain with subdomains
|
DNS Server |
Used to administer at least one
DNS zone |
Server List |
Contain DNS servers that can be
administered with DNS Manager |
Resource Record (RR) property set depends on the RR type.
Next three are common.
Property |
Function |
Owner |
Identifies DNS domain or host to
which the RR applies. |
Class |
Identifies defined and
standardized family of RR types. Almost all are "IN" or Internet class |
TTL
(Time to Live) |
Shows how long information in RR
will remain valid. |
Note: |
- DNS Server requires a static IP address
- Servers are searched in the order that they appear in the DNS Manager
|
DNS resolver functionality is included with
- Windows NT Server/Workstation
- Windows 95 ,and
- Windows for Workgroups 3.11 with Microsoft TCP/IP-32
installed.
- Manual Configuration
- Control Panel, Network, Protocols tab,
TCP/IP Protocol, Properties.
- In Microsoft TCP/IP Properties dialog box, click DNS tab,
and provide domain name for client, and search order for all DNS servers.
- In Conjunction with DHCP
- saves administrative overhead of individually configuring
DHCP clients to also be DNS clients.
Differences:
DNS |
WINS |
Resolves Internet names to IP
addresses |
Resolves NetBIOS names to IP
addresses |
Static database and manually
updated whenever a new host is added or when an existing host is moved to another subnet. |
Dynamically database and
dynamically updated |
- For clients running Microsoft operating systems and
- Non-Microsoft clients and hosts such as mainframes running
TCP/IP and UNIX based computers
|
For Microsoft operating systems
only |
- The Computer Browser service maintains a centralized list
of available network resources.
- This eliminates the need for all computers to maintain a
list of shared resources on the network.
- This reduces network traffic.
Browsers exist to provide networked computers with a list of the resources that are
available on the networks. The steps that the requesting computer and the network browsers
perform before and during a request are as follows:
- When each computer starts up and connects to the network, the computer announces its
existence to the master browser in the workgroup or domain. If the computer has resources
to share, it advertises them to the master browser.
- (Client to Master Browser: I'm here and this is what I have to share!)
- When the computer attempts to locate network resources for the first time, the computer
contacts the master browser and retrieves a list of backup browsers.
- (Client to Master Browser: I want something-where do I get a list of what's
available?)
- The computer contacts a backup browser and requests the network resource list.
- (Client to Backup Browser: Give me a who else in on the network)
- The backup browser responds with the list of domains and workgroups and the list of
servers and client computers participating in the domain or workgroup that the computer is
a part of.
- (Backup Browser to Client : Here's a list of who else is on the network)
- The computer contacts the server, domain controller, or workstation to request the list
of resources shard by that entity.
- (Client to Resource holder: What stuff do you have to share?)
- That computer returns a list of resources to the requesting computer. Resources may now
be selected by the client and a session established between the client and the share
provider
- (Resource holder to Client : Here's the stuff I have to share. Connect to it if
you can, depending on permissions I've set.)
Computers running Windows NT can perform any of the
Browser service roles.
Browser type |
Description |
Domain Master Browser |
- There is only one Domain Master Browser in the domain,
and it is the PDC
- collects and maintains the master list of available network
servers and names of other domains and workgroups
- distributes this list to master browser of each subnet in
domain
|
Preferred Master Browser |
- You can designate a computer on the network to be the preferred master browser. When
this computer joins the network, it announces itself as the Master Browser.
- If the network already has a Master Browser, it will force an election that reevaluates
the roles of computers as browsers in the network.
- The computer that is designated as the preferred master browser will win the election
unless another computer is the primary domain controller or more than one computer is
designated as the preferred master browser.
- To set a computer to be the Preferred Master Browser:
- Navigate in the registry to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Browser\Parameters
Set the value of 'IsDomainMaster' to
'Yes'. |
Master Browser |
- There is only one Master Browser for each workgroup or
subnet of a domain. In a domain that spans multiple subnets, each subnet has it's own Master
Browser that reports to the Domain Master Browser
- collects and maintains master list of available network
servers in workgroup or subnet
- receives info about other workgroups, domains and subnets
from domain master browser and incorporates this in the list
- distributes this list (browse list) to backup browser
- NOTE: only one Master
Browser can exist in a workgroup or domain, except in the case of a TCP/IP
internetwork. Because TCP/IP does not route broadcasts, the browsing process will not
reveal shared resources through routers. Therefore, a master browser must exist in each
TCP/IP subnetwork, with the PDC acting as a coordinating or Domain Master Browser.
|
Backup Browser |
- receives copy of browse list from master browser
- distributes list to browser clients upon request
|
Potential Browser |
- not a browser server but is capable of becoming
backup or master browser if instructed by master browser or in absence of other browser
servers
|
Non-Browser |
- configured that it will not maintain browse list
- peer-to-peer networked computers are commonly non-browsers
despite their having server services.
|
Elections happen when a master browser for the network or subnetwork can't be found.
- If client cannot locate master browser, or if backup
browser attempts to update its network resource list, but cannot locate master browser, a
new master browser must be elected.
- Network computers initiate election by broadcasting a
special message called election packet this contains the requesting computer's
criteria value.
- All browsers process the packet.
- When browser receives packet, it examines the packet and
compares criteria of requesting computer with its own election criteria.
- If own criteria are higher, the browser issues its own
election packet and enters "election-in-progress" state.
- This process continues until master browser is elected
based on highest value.
- Every domain or workgroup must have one and only one Master
Browser (except TCP/IP as noted above).
- The hierarchical order is determined according to these
criteria:
This is the hierarchy:
- Browsing Role
- Operating System
- Operating System version
- The computer that is designated the Preferred Master Browser wins the election unless
the network has a PDC. If the network doesn't have a Preferred Master Browser or a PDC,
then these criteria are used to select the Master Browser:
- Designated role of the computer in network
browsing.
- Preferred Master
- Master Browser
- Backup Browser
- Potential browser
- When computers run different operating systems but have the
same browsing role, the operating system decides the
election. This is the order of priority:
- Windows NT Server that is a PDC
- Windows NT Server that is a BDC
- Windows NT Server
- Windows NT Workstation
- Windows 95
- Windows for Workgroups)
- When the Windows NT computers have the same role and the
same operating system, the computer first in the list according to operating
system version will win:
Configuring the Browser Role |
- To configure the browser role use Registry Editor
- There are three possibilities:
- become a browser
- never be a browser
- potentially be a browser
- This is the Registry path:
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser
\Parameters\MaintainServerList:
These are the possible value in this key:
Value |
Use this value to configure the computer to |
Yes |
- Attempt to become browser server
- default for domain controllers
|
No |
- Never participate as browser server (computers which are
frequently off line such as mobile computers)
|
Auto |
- Possibly be a browser server
- This is the default for non PDC or BDC Windows NT
Server/Workstations
|
- Upon examining your TCP/IP configuration, you found that your subnet mask is 0.0.0.0,
what's wrong? Duplicate IP addresses cause subnet mask to show 0.0.0.0 (i.e. When
you make a mistake and manually assign duplicate IP address, the IP address will appear,
but the subnet mask will show you 0.0.0.0
- Upon examining your TCP/IP configuration, you found that your IP address is 0.0.0.0,
what's wrong? The DHCP address is not available or no more addresses available.
- Your network contains both NT and UNIX computers and TCP/IP is the only protocol
available on your network. You have a computer running NTW that is configured to use DNS
and WINS. You can connect to NT computer but can not even Ping UNIX host on your network.
What's wrong? The DNS server is either unavailable or does not contain a resource record
for the UNIX host. Because DNS is not dynamic, you must manually enter resource records
for your hosts. Connections to computers running NT are successful because these
connections use WINS, not DNS.
|