Windows Server 2003 Network Services Implementation and Management Basic Zhang Lan Apado Article
Windows Server 2003 (hereinafter referred to as Windows 2003) has high reliability, scalability, and manageability, which provides an efficient structural platform for enhancing the networking applications, network, and XML web services.
In Windows 2003, various network services appear in server roles, which facilitates allocation and management of network resources. The application server role is managed on the network, and all requires an active directory service, a domain name system service, a dynamic host configuration protocol service, a WIDOWS Internet naming service. This article will focus on the implementation methods and techniques of the above four services.
I. Installing and Configuring Active Directory Services (1) What is the Active Directory (Active Directory) is a directory service for Windows 2003. It stores information about various objects on the network and makes the information easy for administrators and users to find and use. Active Directory Services uses structured data storage as the basis for the logical hierarchy of directory information.
The active directory has information security, based on policy management, scalability, scalability, information replication, and DNS integration, interoperability, flexible queries, etc.
The basic concept of the activity directory, the reader can see the "Windows 2000 Active Directory Management Simple Handbook" in the Appendix of Computer 2002.
(II) DNS and Active Directory Integrates the same namespace structure with DNS (Domain Name System, Domain Name System), so that the difference between the two is very important:
1.DNS is a name resolution service
DNS client sends a DNS name query to the configured DNS server. The DNS server receives the name query and then parses the name query by a local stored file or query other DNS servers. DNS can run without an active directory.
2. Active directory is a directory service
Active directory provides information repository and services that allow users and applications to access information. Active Directory Customer uses the Lightweight Directory Access Protocol, LDAP, to send a query to the active directory server. To locate the Active Directory server, the Active Directory client will query DNS. The Active directory requires DNS to work.
That is, the active directory is used to organize resources, while DNS is used to find resources; only their work will return information for users or other requests similar information. DNS is a key component of the active directory. If there is no DNS, the active directory cannot analyze the user's request to the resource IP address, so we must have an in-depth understanding of DNS before installing and configuring an active directory.
(3) Planning Active Directory Before installing the Active Directory, we must first make a detailed planning design of the structure of the active directory, allowing users and administrators more convenient to use.
Planning DNS
If the user is ready to use an active directory, first plan a namespace. An active directory structure is required before the DNS domain namespace can be executed correctly in Windows 2003. So, from the active directory design and support it with the appropriate DNS namespace.
In Windows 2003, name the Activity Directory with a DNS name. Selecting the DNS name When the active directory domain is used to keep the registered DNS domain suffix used on the Internet (such as Microsoft.com) and combine the name and the geographic (department) name used in the unit, form an active directory. The whole name of the domain. For example, Microsoft's Sales group may be called "Sales.Microsoft.com". This naming method ensures that each active directory domain name is the only worldwide. Moreover, once this naming method is used, using the existing name as the parent name created as other subdomains and the process of further increasing the new sectors in the unit, it will become very simple.
2. Plan the domain structure of the user
The most easy management domain structure is a single field. When planning, users should start from single fields and only increase other domains only when single domain mode cannot meet the user's requirements. Single fields can span multiple geospases, and a single site can include users and computers belonging to multiple domains. In one domain, you can use the organizational unit (ORGANIZATIONAL Units) to implement this goal. You can then specify Group Policy settings and place the user, group, and computers in the organizational unit. 3. Plan the user's delegation mode
Users can send permissions to the bottom of the unit, and the method is to create an organizational unit tree in each domain, and delegate the permission of the partial organizer subtree to other users or groups. By delegating administrative privileges, users no longer need those who regularly log in to specific accounts, which have the right to the entire domain. Although users also have administrator accounts and domain administrator groups with administrative licenses with the entire domain, these accounts can still be retained to use a few administrators.
(4) Installing the Active Directory Service Run Active Directory Installation Wizard Upgrade the Windows 2003 Computer to the domain controller creates a new domain or add other domain controllers to an existing domain.
1. Preparation before installation
First of all, it is also the most important point, that is, you must have administrator privileges for installing the active directory, otherwise you will not be installed. Before installing the Active Directory, make sure the system disk is an NTFS partition. At the same time, the resolution of the DNS server is made, such as lanyi.com.
2. Installation Domain Controller
Determine the DNS service normally before installing the activity directory, let's install the domain controller of the root domain for lanyi.com.
(1) Click the Start → Settings → Control Panel menu item, double-click the Administration item in the Control Panel dialog box, and then double-click the Manage your Server Wizard option in the dialog box that appears. Configuration Wizard. Click the Add or Remove Role option, click the "Next" button.
(2) In the Configuration Options dialog, select the Custom Configuration option. Click the "Next" button.
(3) In the Server Role dialog, select the "Active Directory" option, click the "Next" button, start the active directory installation wizard. Click the "Next" button. As shown in Figure 1.
Note: You can also run the DCPROMo.exe file in the C: / Windows / System32 directory, start the active directory installation wizard.
(4) Since the user is established, the "New Domain Domain Controller" option is selected in the Domain Controller Type dialog in the Domain Controller Type dialog. Click the "Next" button.
(5) Select "The domain" option in the new forest in the "Create a New Domain" dialog box. Click the "Next" button.
(6) Enter the domain name you want to create in the "New Domain DNS Full Name" box in the New Domain Name dialog box, here is lanyi.com. Click the "Next" button.
(7) Change the NetBIOS name in the NetBIOS Name dialog. Running a non-Windows operating system client will use the NetBIOS domain name. You can keep the default settings, click the "Next" button.
(8) In the Database and Log File Folder dialog, the save location of the database, the log file will be displayed, and it is generally not modified. Click the "Next" button.
(9) In the Shared System Volume dialog, specify the folder shared as a system volume. The SYSVOL file is folded with the server copy of the public file of the field. The content of Sysvol broadcast is copied to all domain controllers in the domain, and its folder location is generally not modified. Click the "Next" button.
(10) In the Configure DNS dialog box, click the "Next" button. (If the DNS server is not configured before installing the active directory, you can configure the DNS here, and recommend this method.)
(11) Select the default permissions for users and groups in the "Permissions" dialog box, considering that most network environments still need to use Windows 2003 operating system, select "Compatible with Windows 2000 server operating system "Options, click the" Next "button.
(12) Enter the administrator password in directory recovery mode in the Administrator Password dialog box of Directory Service Recovery Mode. Click the "Next" button. At this point, the installation wizard will display the installation summary information. Click the "Next" button to start the installation, after the installation is complete, restart your computer.
3. Delete Active Directory Run the DCPRomo.exe file and delete the active directory according to the wizard.
(5) Backup and Recovery Active Directory In Windows 2003, the backup and recovery activity directory is a very important job. You cannot back up the active directory separately because Windows 2003 is backed up as part of the system status data. System status data includes registry, system launch file, class registration database, certificate service data, file replication service, cluster service, domain name service, and active directory, etc., usually only the first 3 parts. This 8 part cannot be backed up separately, and must be backed up as part of the system status data.
1. Backup Active Directory
If there is more than one domain controller in a domain, the backup activity directory is not required when reinstalling a domain controller, you only need to delete it from the domain, reinstall, And make it back to the domain, then additional domain controllers will naturally copy data to this domain controller. If there is only one domain controller in a domain, it is necessary to back up the active directory.
(1) Click Start → Programs → Accessories → System Tools → Backup menu items to start the backup or restore the wizard. Click the Advanced Mode option to open the Backup Tools dialog box, click the Backup Wizard button. Click the "Next" button.
(2) In the "To Back Up" dialog box, select "Back up the System Status Data" option. Click the "Next" button.
(3) In the Backup Type, Target and Name dialog box, enter the backup data file name, click the "Next" button to complete the backup wizard.
2. Recovery of the active directory
There are two ways to restore the active directory.
The first method is to recover data from other domain controllers of the domain, provided that there must be a domain controller in the domain, which is available when the corrupted domain controller is reinstalled and added to its original domain. Data replication is automatically performed between the controller, and the active directory will be restored.
Another method is to recover from the backup medium. Normally, there is only one domain controller throughout the network environment, so it is often encountered from the media recovery activity directory.
There are two ways to restore from backup media to be selected: Authoritative Restore and nonauthoritative restore.
3. Recovery in non-verification
Normally, Windows 2003 is recovered using non-verified mode. Active Directory is restored from the backup media, other domain controllers in the domain use new data to cover the old data during the replication process.
To achieve non-verification recovery, the directory service must be offline. At the same time, you must make the domain server in "directory service recovery mode". Restart the server, press the F8 key export system to start the advanced menu, select the "Directory Service Recovery Mode" option. When the user login window appears in Windows 2003, enter the local administrator account and password. After the login is successful, the recovery operation can be restored.
Note: This is not an administrator account and password in the active directory.
(1) Click Start → Programs → Accessories → System Tools → Backup menu items to start the backup or restore the wizard. Click the Advanced Mode option to open the Backup Tools dialog box, click the Restore Wizard button. Click the "Next" button.
(2) In the Restore Project dialog box, select the corresponding backup file, click the "Next" button, complete the data recovery, restart the machine.
Note: Normally, you cannot recover the active directory data for 60 days ago.
4. Verify that the recovery verification model will force data from the backup media to copy to all domain controllers in the domain, regardless of whether the data has changed from the backup. Verify Mode Recovery Active Directory is often used in active directories that have serious errors on a certain area controller in the domain, and this error diffuses to other domain controllers within the domain by replication. Recovery to implement verification mode, you must first realize non-verification mode, then use NTDSUTIL command line tools to authenticate recovery.
Restart the server, press the F8 key export system to start the advanced menu, select the "Directory Service Recovery Mode" option. When the user login window appears in Windows 2003, enter the local administrator account and password. After the login is successful, the recovery operation can be restored.
(1) Click the "Start → Run" menu item, enter "NTDSUTIL" in the dialog that appears, starts the command line tool.
Restore the entire Active Directory database, you can use the following command:
Authoritative Restore
RESTORE DATABASE
(2) Restore some of the active directory data, use the following command:
Authoritative Restore
Restore Subtree Ou = Works, DC = lanyi, DC = COM
The second line of commands need to be determined according to the actual situation. For example, your domain name is lanyi.com, the OU to recover is Works, which is the above formula: restore subtree ou = Works, DC = lanyi, DC = COM, analogy.
Finally, use the quit command to exit, restart the machine.
Note: The management and use of the active directory have exceeded the scope of this article, and readers can refer to relevant books.
Second, Installing and Configuring Domain Name System Services Domain Name System Services (DNS) is the TCP / IP name resolution service used on the Internet. The DNS service allows client computers on the network to register and resolve the user's DNS name. If you plan to make your resource available on the Internet, configure the server as a DNS server.
(1) DNS foundation 1. What is DNS
DNS is Domain Name System, a domain name system. It is a computer and network service naming system that organizes domain hierarchies. DNS is named for TCP / IP networks to locate computers and services through the user's name. When the user enters the DNS name in the application, the DNS service can resolve this name to additional information related to this name, such as an IP address.
Since the IP address is a 32-bit binary number, we often see the IP address called points decimal, which is like 63.211.153.105, and the domain name is the name of www.microsoft.com, but the computer system only Understanding the IP address, there must be a way to convert the domain name to an IP address, and the domain name system is to complete this conversion.
2.DNS Basic Concept
(1) DNS domain name space: DNS domain name space is a tree structure that specifies a structured class domain space for organizing names. as shown in picture 2.
The IP address worldwide is currently managed by the Internet, and the DNS structure under InterNic is divided into multiple domains. As in Figure 2, the seven top-level domains under the roots are managed by INTERNIC, and in Figure 2, the domain namespace assigned by INTERNIC to Microsoft. The top-level domain can be subdivided into a secondary domain, such as "Microsoft" as the company name, while the secondary domain can be divided into multi-level subdomains, such as Example, WWW, at the bottom layer known as Hostname (host name) Such as Host-a, general users use a complete name, such as Host-a.example.Microsoft.com.
(2) DNS domain name: DNS uses a complete name to record and describe the DNS domain name, just like the user displays a file or directory in the command line, such as c: /winnt/system32/drivers/etc/services.txt. Also includes multi-level domain names in a complete DNS domain name. Such as host-a.example.microsoft.com .. Among them, "host-a" is the most basic information (host name of a computer); "EXAMPLE" means that the host name Host-a is registered and using its host name in this subdomain; "Microsoft" is "EXAMPLE" parent domain or relative root domain (i.e., Second-Level Domain), "COM" is a Top-Level Domain for representing a business agency, and the final sentence represents the root of domain name space (root).
(3) Region (zone): The area is a database for storing a single DNS domain name. It is part of the domain namespace tree structure, and the DNS server is based on the area-based unit, and the data in the area is saved. Manage its DNS server. When subdomains in an existing domain, the subdomain can be included in an existing area or a new area or in other areas. A DNS server can manage one or more areas, while a region can be managed by multiple DNS servers.
Users can divide a domain into multiple regions, managed separately to mitigate the load of network management.
3.DNS query work mode
Each query information includes two partial information when the DNS client proposes a query request to the DNS server. That is, a specified DNS domain name requires the full name (FQDN); specify the query type, which can specify the type of resource record and specify the type of query operation.
If the specified name is a full host name "Host-a.example.Microsoft.com.", The specified query type is a name-named A (Address) resource record. It is understood that the client inquiry server "You are related to the address record of 'Hostname.example.microsoft.com.' When the client receives the server's answer information, it is obtained from it. Query the name of the IP address.
DNS query parsing can be implemented in a variety of ways. The client uses the previous query information recorded in the cache to directly answer the query request, the DNS server answers the query request using the record information in the cache, and the DNS server gets query information by querying other servers and sends it to the client. This kind of query is called recursive query.
In addition, the client passed the address provided by the DNS server directly to present query requests to other DNS servers. This kind of query is called repeated query. When the DNS client queries its name with the IP address, it is called a reverse query.
Figure 3 shows the complete process of DNS queries:
When entering a DNS domain name in the client web browser address, the client generates a query and transmits the query to the DNS client service, and the cache information of this machine is parsed. If the query information can be parsed, the query is completed. .
If the query information is not available locally, the query request is sent to the DNS server. The query request is first sent to the primary DNS server. After the DNS server is connected to the query, the first logis is selected in the record of the server management area. If the corresponding record is found, this record is used to parse. If no zone information can meet the query request, the server is found in the local cache, and if the corresponding record is found, the query process ends.
If the answer cannot be found in the primary DNS server, a comprehensive parsing of the recursive query is used, which requires other DNS server assistance in the network. By default, the server supports recursive query.
For the DNS server, you can properly recurrent queries, and prefer some information about other DNS servers in the DNS domain name space to communicate. Information Provides a list of other DNS servers in the form of root hints. A complete recursive query can be performed using the root Hints DNS server. Figure 4 shows the process of using recursive queries to query the name "Host-b.example.microsoft.com.":
First, the main DNS server parses this full name to determine which top-level domain it belongs to COM. Then it uses the way to transfer the query to the COM DNS server to obtain the address of the "Microsoft.com" server, then obtain the address of the "EXAMPLE.MICROFT.com" server from the "Microsoft.com" server in the same way, last It communicates with the DNS server named "eXample.microsoft.com." Since the host name of the user is included in the server name is included in the area of the server management, it sends an answer to the primary DNS server, the main DNS server answers this Forward to the client proposed to the query, the recursive query process ends.
(2) Installing the DNS server (1) Click the "Start → Settings → Control Panel" menu item, double-click the Add or Remove Programs in the Control Panel dialog box, and then click "in the dialog that appears." Add / Delete Windows Components option.
(2) In the Windows Components dialog box, click the Network Service option, and then click the Details button, in the Dialog box that appears, click the Select the Domain Name System (DNS) option. Click the "OK" button.
(3) Click the "Next" button to place the Windows Server 2003 installation disc into the optical drive, which is to start installing and configuring DNS components. Installation is complete, click the "Complete" button.
After the installation is over, the "DNS" menu item will be added to the Start → Program → Administrative Tools menu item.
(3) Setting and management of DNS servers 1. Add DNS area
Because the DNS data is in the region as a management unit, the user must first create a region.
(1) Click the "Start → Program → Administration Tools → DNS" menu item to open the DNS console. Select the server in the left pane, click the "Operation → New Area" menu command to launch the New Area Wizard. Click the "Next" button.
(2) In the Regional Type dialog, select the "Main Region" option. Click the "Next" button.
(3) In the Positive or Reverse Find Area dialog, select the Positive Find Area option. Click the "Next" button.
(4) In the Region Name dialog, enter the domain name of the new area. Such as lanyi.com. If you create a secondary area, you need to enter the domain name of the "primary area". Click the "Next" button.
(5) In the Regional File dialog box, "Create a new file, file name" box has automatically entered the DNS file named file name, if you create a "secondary area", select "Use this existing file "Options and enter the file name. Click the "Next" button.
(6) In the Dynamic Update dialog, select Allow Non-Secure And Security Dynamic Updates options, click the "Next" button. In the dialog that appears, click the "Finish" button.
2. Add a DNS domain
In a region, users can also divide multiple subdomains as many subdomains in a region, functionality, such as users can divide "Sale", "Accounting", "MIS", "Works" in the lanyi.com domain. . The following example will be described in the lanyi.com domain to add Works subdomains.
In the DNS console, click the Lanyi.com server, click the "Operation" menu command, enter the domain name in the dialog that appears, here is "Works". Click the "OK" button.
3. Add a reverse query area
Reverse queries allow users to query domain names with IP addresses. The specific steps to add a reverse query are as follows:
(1) In the console, click the "Reverse Query Area" option, click the "Operation → New Area" menu command to launch the New Area Wizard. Click the "Next" button. (2) In the Regional Type dialog, select the "Main Region" option. Click the "Next" button.
(3) In the Reverse Look Uns Area Name dialog box, enter the network identity of the reverse search area in the Network ID box (assuming the area of 198.168.115), the guide is automatically entered " To find the area name, such as 115.168.192.in-addr.arpa.dns. Click the "Next" button.
(4) In the "Regional Dialog" dialog box, "Create a new file, the file name" box has automatically entered the DNS file named file name, if it is created "Auxiliary Area", select "Use this existing file "Options and enter the file name. Click the "Next" button.
(5) In the Dynamic Update dialog, select Allow Non-Secure And Security Dynamic Updates options, click the "Next" button. In the dialog that appears, click the "Finish" button.
(4) Once the client's DNS settings are successfully installed, the DNS service can be enabled in the DNS client, and how to set up and enable DNS services on the client below.
1. DNS settings in Windows 98
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Save Dialog box, click the TCP / IP option, click the Properties button.
(2) Click the DNS Configuration tab, click the Enable DNS option. Then enter the host name, domain name, add the DNS server IP address, and click the Add button.
2.Windows 2000 / XP DNS settings
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Dialog box that appears, right-click the "Local Connection" icon, in the Save Dialog, click Internet Protocol (TCP / IP "Options, click" Properties "button.
(2) If the DNS information is set in the DHCP service, select "Use the DNS Server Address" option in the DHCP service and fill in the IP address of the primary DNS server and auxiliary DNS server in the preferred DNS server and the alternate DNS server.
After the DNS server and client settings are completed, the user can take advantage of ipconfig, ping, and nslookup commands to test whether the settings of the DNS server are correct. Please refer to the corresponding documentation in Windows 2003.
Third, Realizing the Dynamic Host Configuration Protocol Service Dynamic Host Configuration Protocol Service (DHCP) assumes the dynamic address configuration of the IP address and the corresponding information. DHCP provides secure, reliable and simple TCP / IP network settings, avoiding address conflicts, and helps achieve effective applications of corresponding resources by management of address assignments.
(1) Basic concept of DHCP 1. What is DHCP?
Dynamic Host Configuration Protocol, ie Dynamic Host Configuration Protocol, DHCP, is a TCP / IP standard protocol that simplifies host IP address assignment management. Users can use DHCP server to manage dynamic IP address assignments and other related environment configurations (such as DNS, WINS, GATEWAY settings).
On the network using the TCP / IP protocol, each computer has a unique computer name and IP address. When the user moves the computer from one subnet to another, it must change the IP address of the computer. If the allocation method using a static IP address will increase the burden of the network administrator, while DHCP allows users to dynamically assign the IP address in the IP address database in the DHCP server to clients in the LAN, thereby reducing network administrators. burden.
When using DHCP, the entire network has at least one server installed DHCP service, and other workstations to use DHCP functions must also be set to obtain IP addresses using DHCP.
2.DHCP foundation concept
(1) Scope: The scope is a continuous range of all assignable IP addresses in a network. It is mainly used to define the IP address range of a single physical subnet in the network. The scope is the main means of the server used to manage IP addresses allocated to network customers. (2) Super Scope: The super-scope is a set of scopes, which is used to implement multiple logical IP subnets in the same physical subnet. Only a list of member scope or sub-scope is included in the super scope.
(3) Excluding range: The exclusion range is an IP address sequence that is not used to allocate. It guarantees that IP addresses in this sequence will not be assigned to customers by the DHCP server.
(4) Lease: The lease is the length of time specified by the DHCP server, and the client can use the obtained IP address within this time range. The lease is activated when the client gets an IP address. The lease is stopped when the client needs to update the IP address before the lease expires, and the lease is stopped when the lease expires or from the server.
(5) Option type: Option type is another customer configure parameter assigned when the DHCP server is assigned to the DHCP workstation allocated service lease. Options often use include the IP address, WINS server, and DNS server of the default gateway. These options are typically activated when setting each range.
(2) DHCP operation mode 1. Automatic settings of client IP
For DHCP clients using the Windows 2003 system, you cannot communicate with the DHCP server when starting the login network. It will automatically assign an IP address and subnet mask. This feature of the client is called "IP Auto-Configuration". .
If the client is set to get an IP address from the DHCP server, the client using the Windows 2003 system uses the DHCP customer service on which it is connected to the IP address and other configuration information:
(1) The DHCP client attempts to establish communication with the DHCP server to obtain configuration information.
(2) If the client cannot find DHCP servers, it selects an IP address as its IP address from Microsoft, and picks up an IP address as its IP address. The subnet mask is 255.255.0.0. The DHCP client uses ARP broadcast to determine if the IP address you selected is used by other devices on the network. If the IP address has been used, the client will pick another IP to re-test, up to 10 IP address.
(3) If the IP address in the 169.254.0.0 network segment selected by the client is not used by other devices, it assigns this address to the NIC.
(4) The client will try to communicate with the DHCP server every 5 minutes in the background. Once connected to the server, the client discards the auto-set IP address, and uses the IP address and other configuration information allocated by the server.
If the DHCP client has received a lease from the server, the following will be made when it restarts the login network:
(1) If the lease in which the client is started is still valid, it will try to update its lease with the DHCP server.
(2) If the DHCP server cannot be found when trying to update the lease, the client attempts to connect the default gateway set in the lease. If the client is successfully connected to the default gateway, the client thinks it is still in the same network, which will continue to use the existing lease, and it continues to update the lease in the background when the rental period reaches 50%. If it is unable to connect to the default gateway, the client considers that it has been moved to a network without DHCP services. The client uses the automatic allocation of IP mentioned to assign an IP address to yourself.
2. How can the client get configuration information?
DHCP clients communicate with the server with two different methods and obtain configuration information. Let us first take a look at the initialization lease process when starting the login network.
(1) DHCP client sends DHCP Discover (DHCP discovery) information in the local subnet, which is sent in the form of broadcast because the client does not know the IP address of the DHCP server.
(2) After receiving the DHCP Discover information broadcasting the DHCP client broadcast, it sends DHCP clients to the DHCP client, which includes a rentable IP address. (3) If there is no DHCP server to respond to the client's request, the following may occur:
If the customer uses the Windows 2003 system, and the function that automatically sets the IP address is activated, the client automatically assigns an IP address to yourself.
If you use other operating systems or automatically set the IP address, the client cannot obtain the IP address, initialization failed. But the client sends 4 DHCP Discover information every 5 minutes until it receives DHCP Offer information every 5 minutes.
(4) Once the client receives the DHCP Offer information, it sends DHCP Request (DHCP request) information to the server, indicating that it will use the IP address provided by the server.
(5) After receiving the DHCP Request information, the DHCP server is transmitted to determine this lease to determine this lease, and this information also contains other DHCP option information.
(6) After the client receives the confirmation information, use the information to configure its TCP / IP attribute and join the network.
(7) When the client requests an invalid or duplicate IP address, the DHCP server sends DHCP Negative (DHCP Reject) confirmation information in step 5, and the client receives the DHCP Negative confirmation information initialization failed.
When the client restarts or rents 50%, the client needs to update the lease. Below, let's take a look at the process of updating the lease of the DHCP client:
(1) The client directly sends a request to the server that provides a lease, requiring updates and prolonging the lease of existing addresses.
(2) If the DHCP server receives the request, it sends DHCP confirmation information to the client, update the lease of the client.
(3) If the client cannot contact the server that provides the lease, the client has been waiting for 87.5%, and the client enters the status of reapplying, it broadcasts DHCP Discover to all DHCP servers on the network to update the existing existing Address lease.
(4) If there is a server responding to the client's request, the client uses the address information provided by the server to update the existing lease.
(5) If the lease expires or cannot communicate with other servers, the client will not be able to use an existing address lease.
(6) The client returns to the initial start-up state and re-acquires the IP address lease using the steps described above.
(3) Installation and configuration of DHCP servers 1. Install DHCP server
(1) Click the "Start → Settings → Control Panel" menu item, double-click the "Add or Remove Programs" item in the Control Panel dialog box, and then click Add / Remove Windows Components in the Dialog box that appears. Options.
(2) In the Windows Components dialog box, click the Network Services option, and then click the Details button, in the Dialog box that appears, click the Select "Dynamic Host Configuration Protocol (DHCP)" option. Click the "OK" button.
(3) Click the "Next" button to drive the Windows Server 2003 to install the light into the optical drive, which will begin to install and configure DNS components. Installation is complete, click the "Complete" button.
After the installation is over, the "DHCP" menu item will be added in the Start → Program → Administrative Tools menu item.
2. Add a DHCP server
After installing the DHCP service, the user must first add an authorized DHCP server and add a scope to the server, set the corresponding IP address range and option type, so that the DHCP client can obtain IP address lease and Set parameters for related options.
(1) Click the "Start → Program → Administration Tools → DHCP" menu item to open the DHCP console. Click the "Operation → Add Server" menu command to start the Add Server Wizard. Click the "Next" button. (2) In the "Specify DHCP Server" dialog box, click the "Browse" button, add an authorization to the DHCP server in the dialog that appears, click the Add button, enter the user to create DHCP in the dialog box appearing Server name or IP address of the service. Click the "Next" button.
(3) In the "Directory" dialog box, select the server added above, click Manage option. Click the "Next" button.
Finally, click the "Finish" button.
3. Add a role in the DHCP server
(1) In the DHCP console, click the server that you need to add a scope, click the "Operation → New Scheme" menu command to open the New Scheme Wizard. Click the "Next" button.
(2) In the "Scheme Domain Name" dialog, enter the domain name and description information. Click the "Next" button.
(3) In the IP Address Range dialog, determine the IP address of a group of bodies to define the scope of the field. After the input is completed, click the "Next" button.
(4) In the Add Examination dialog box, exclude the address or address range of the server. Click the "Next" button.
(5) In the Lease Term dialog, specify a client from using the IP address from this scope. Click the "Next" button.
(6) In the Configure DHCP Options dialog box, click "Yes, I want to configure these options now" option. Click the "Next" button.
(7) In the Router (Default Gateway) dialog, enter the IP address of the router used by the client. Click the "Next" button.
(8) In the Domain Name and DNS Server dialog box, enter the "parent domain" name and enter "server name" and its "IP address" information. Click the "Next" button.
(9) In the WINS Server dialog box, enter the server address using the Windows client to query the WINS before using the broadcast registration and parse the NetBIOS name. Click the "Next" button.
(10) In the "Active Scope" dialog box, click "Yes, I want to activate this" option now. Click the "Next" button.
Finally, click the "Finish" button. At this point, the newly added scope will appear in the DHCP console, and "run" in the status bar in the right pane of the DHCP console, indicating that the scope is enabled.
Note: If you use two DHCP servers on the same network segment to increase the fault tolerance, pay attention to the balanced use of the DHCP server when allocating the IP address range, generally adopted 80/20 rules, all available The IP address range is separated from 8: 2, and a DHCP server provides an 80% IP address lease and another other 20% IP address lease. The specific setting method is as follows:
Suppose IP addresses to be provided on a certain network segment is 192.168.115.1- 192.168.115.254, set allocated address ranges to 192.168.115.1 ~ 192.168.115.254, just set the exclusion range Differentiate.
Server 1: Assign 192.168.115.1 to 192.168.115.254, which was excluded from 192.168.115.254.
Server 2: Allocated 192.168.115.1 to 192.168.115.254, the 192.168.115.1- 192.168.115.200.
(4) After the DHCP client's setup DHCP server installation setting is complete, the client can start to enable DHCP functionality.
1. Enable the DHCP function of Windows 98 client
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Save Dialog box, click the TCP / IP option, click the Properties button. (2) Click the Select "Auto Get IP Address" option.
2. Enable the DHCP function of Windows 2000 / XP client
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Dialog box that appears, right-click the "Local Connection" icon, in the Save Dialog, click Internet Protocol (TCP / IP "Options, click" Properties "button.
(2) Click the Select "Auto Get IP Address" option.
4. Implementing the Windows Internet Naming Service Windows Internet Naming (WINS) service maps the IP address to the NetBIOS computer name and map the NetBIOS computer name back to the IP address. Through the WINS server in the organization, you can retrieve resources according to the computer name instead of IP address.
(1) The basic concept of WINS service is in the TCP / IP network, in order to solve the corresponding problem with the IP address, the user can use the Host file, DNS, etc., but there is a problem with these methods, that is, network administrator needs Enter the computer name (NetBIOS name) and its IP address in manual manual, once a computer name or IP address changes, the administrator needs to modify the corresponding settings. Windows Internet Naming Services (WINS) solves this problem. Using it allows clients to actively register its computer name (NetBIOS name) and IP address at startup, when communicating between WINS clients, they can obtain each other through the parsing function of the WINS server. IP address. Since the above work is automatically completed by the WINS client and the server, it greatly reduces the work burden of the administrator, and also reduces the broadcast in the network.
1. Define the computer name (NetBIOS name)
NetBIOS is an advanced language interface of an MS-DOS program that occurs with IBM PC to build a local area network.
In a network, the NetBIOS name is the only one. At the computer startup, the service is activated, when the user logs in to the network, the NetBIOS name will be dynamically registered into the database. NetBIOS can be registered in the form of an independent name or register in the form of a group name. There is a IP address to correspond to it when registering with a single-alone name. If you register with a group name, there will be multiple IP addresses.
Before Windows 2000 release, all MS-DOS and Windows-based operating systems need to use the NetBIOS name interface so that the network can work properly. With the release of Windows 2000, the computer in the network no longer needs support for NetBIOS name interfaces. However, in order to use the previous version of the network operating system, Microsoft still supports the NetBIOS name in Windows 2000/2003.
The NetBIOS name contains 16 bytes. The first 15 characters are specified by the user, with a single user or computer on the network, or a group of users or computers on the network. The 16th character is used as the suffix of the name for identifying the name and displaying the registered name. The NetBIOS name can be set to a standalone name or group name. When using an independent name, it is sent to a computer, and the group name is transmitted to multiple computers simultaneously.
2. Analysis of the name of the 2.Netbios
The analysis of the NetBIOS name is the process of successfully mapping the computer's NetBIOS name with the IP address. We explain how the NetBIOS name is parsed by the following example.
When the computer is started, the file and print sharing service use the computer name to register a separate NetBIOS name on the network. The 15-bit character in front of this NetBIOS is a computer name, and the 16th character is 0x20. If the computer name is not 15 characters, the space is used. When the user tries to establish a communication with the shared folder of this computer, it must indicate its files and print shared NetBIOS names. Before establishing a file and print sharing connection, first create a TCP connection. To create a TCP connection first, you must first resolve the NetBIOS name into an IP address. The WINS client mainly uses the broadcast, the local database file (LMHOSTS), the three ways of the WINS server to solve the problem of NetBios name resolution, divided into four NetBIOS Node mode according to the different combination, see below:
Node mode description
B-NODE (BROADCAST) B-Node user uses the broadcast NetBios name query to implement the name of the registration and resolution. After the broadcast failed, query the LMHOSTS file and find the corresponding address.
P-Node (peer-peer) uses point-to-point way to query the IP address of the corresponding NetBIOS name directly to the WINS server.
M-Node (Mixed) M-Node is combined with B-Node and P-Node. By default, use broadcast mode, if you fail, check the WINS server again
H-Node (Hybrid) H-Node is combined with B-Node and P-Node. By default, query the WINS server, if it fails, use the broadcast method. If both methods fails, query the LMHOSTS file, find the appropriate address
The computer running Windows 2003 defaults to use the B-Node mode when setting the WINS server, and then uses the H-Node mode. Windows 2003 can also use the LMHOSTS file to resolve the NetBIOS name. This file is stored in the% SystemRoot% / System32 / DRIVERS / ETC folder.
The user must set an IP address of a WINS server for Windows 2003-based Windows 2003 computers so that they can communicate with a computer that cannot use the active directory.
(2) WINS operating mode 1.Wins client and server communication purposes
When the WINS client is started, it registers data such as computer name, IP address, and DNS domain names into the database of WINS servers. When the client needs to communicate with other clients, it can get the required computer name, IP address, and DNS domain name from the WINS server.
2. Registration of the name of the Wins client
In Figure 5, the WINS client (HOST-C) sends a name registration request to the WINS server (WINS-A). We explain this example.
WINS-A can represent or refuse to accept or reject the registration request by responding to Host-C "reception / rejection". The server is an answered name that has existed this name in the database of WINS-A, or the requested name is a set name. If the name is not in the database, accept this new registration and do the following:
(1) Enter the Host-C name into the database and add a timestamp and the ID of the WINS server owner. The timestamp is used to calculate the interval of the update (default is 6 days).
(2) Sending a registered answer to Host-c, which also contains the client to use this name update time (TIME-to-Live, TTL).
If the name of Host-C already exists in the database and is the same as the requested IP address, then the case where there is a name and ownership:
(1) If the record is marked as "activity" in the database, and the server (WINS-A) is all, the server updates the timestamp of the record and send "Accept" answers to the client.
(2) If the record in the database is marked as "release, expire", or records all of the other WINS server, the current registration is updated as new registration, timestamp, owner, version ID, etc., and to customers The machine sent "Accept" answered. If the name of Host-C already exists in the database but is different from the requested IP address, the WINS server must avoid the happening of the rename. If the record in the database has been marked as expired or released, the registration request can be accepted. However, when the record is still active, the WINS server needs to register the name of the name on the network to determine if it is still on the network, the specific operation is as follows:
(1) WINS-A first sends a reply (WACK) waiting for a confirmation to the client (Host-c), and specifies the waiting time using TTL.
(2) WINS-A will then send a name query request to the client registered this name.
(3) If the client is still on the network, it will send a confirmation answer to the server WINS-A.
(4) WINS-A sends an answer to the client (Host-c) to reject the name registration to reject the client's name registration request.
(5) If the query request of the server WINS-A did not get the corresponding answer, it issued two query requests again. If the three queries have not been answered, then the query process ends, the server WINS-A to the client (Host-C ) Send a confirmation answer, accept the name request of the client, and update the record in the database.
3.Wins Client Release (Release) Name
When the WINS client (Host-c) is turned off, it will notify the server that it will no longer use its registration name, the specific operation is as follows:
(1) When the client enters "NBTSTAT -RR" when the client (Host-C) is turned off, the client will send a release request to the server (WINS-A).
(2) The server (WINS-A) is released in the database as released by the records of clients (Host-c).
(3) WINS-A sends a release confirmation message to the client (Host-c). If the name record is tagged as release, the server can update the record immediately when other clients are registered with the same name but different IP addresses.
4.Wins client update name registration
To ensure that the WINS client's registration name is "active" in the database of the WINS server, the client must regularly update its registration name.
When the client registers the name in the server for the first time, the TTL value in the confirmation information returned from the server specifies when the client update registration. If the client is not updated during the specified time, the server will delete the client's record from the database. The default update time in the WINS database is 6 days. When the update time reaches half, the client updates its registration name to the server.
(3) Installing the WINS server Note: Before installing the WINS server, first determine the IP address of the WINS server itself is a fixed IP address.
1. Install the WINS server
(1) Click the "Start → Settings → Control Panel" menu item, double-click the "Add or Remove Programs" item in the Control Panel dialog box, and then click Add / Remove Windows Components in the Dialog box that appears. Options.
(2) In the Windows Components dialog box, click the Network Services option, and then click the Details button, in the Dialog box that appears, click the Select "Windows Internet Name Access (WINS" option. Click the "OK" button.
(3) Click the "Next" button to place the Windows Server 2003 installation disc into the optical drive, which is to start installing and configuring DNS components. Installation is complete, click the "Complete" button.
After the installation is over, the "WINS" menu item will be added to the Start → Program → Administrative Tools menu item.
2. Start and stop WINS service
Right-click My Computer icon, select the Manage command, in the dialog box that appears, in the Service and Application node in the left pane, click Services option, then in the right pane Right-click the "Windows Internet Name Service (WINS" option, select "Start / Stop". Also, you can also use the following command to complete the above operation in the Command Prompt window:
Net Start Wins
NET STOP WINS
Net Pause Wins
Net Continue Wins
3. Add a WINS server in the WINS console
(1) Click Start → Programs → Administration Tools → WINS "menu item to open the WINS console.
(2) Click the "WINS" item, click the "Operation → Add Server" menu command, and fill in the server name or IP address in the dialog that appears. Click the "OK" button to add a WINS server in the WINS console. Two components of the active registration and copy partners are included in the added server.
(3) Click on a server, click the "Operation → Display Server Statistics" menu command, and the user can see the detailed statistical report about the current server in the dialog that appears.
(4) Enable the WINS feature of the client 1.Wins settings for Windows 98
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Save Dialog box, click the TCP / IP option, click the Properties button.
(2) Click the WINS Configuration tab, click Start WINS Resolution option, then add the server's IP address. Click the "OK" button.
If you are using a DHCP service, select "Use DHCP to make a WINS parsing" option.
2. WINDOWS 2000 / XP WINS settings
(1) Right-click the "Online Neighbor" icon, select the Properties command, in the Dialog box that appears, right-click the "Local Connection" icon, in the Save Dialog, click Internet Protocol (TCP / IP "Options, click" Properties "button.
(2) In the dialog that appears, click the Advanced button to click the WINS tab in the dialog that appears. Then add the WINS address and select "NetBIOS" option on TCP / IP, click the "OK" button.
