網頁

2012年5月26日 星期六

Windows Server 2008 R2 is as Router role

How to make Windows Server 2008 R2 as LAN Router device? It is very simple for everybody if we search the related information by Google or Microsoft.
Drawing1
(1).Add Server Roles --- Network Policy and Access ServicesIn Server Manager, click “Add Roles” to trigger the wizard
ScreenHunter_01 May. 22 15.22Click “Next > “ button
ScreenHunter_03 May. 22 15.23Enable “Routing and Remote Access Services” check box next to click “Next > “ button
ScreenHunter_05 May. 22 15.26Click “Next > “ button
ScreenHunter_06 May. 22 15.26Enable “Routing and Remote Access Services” check box so that Remote Access Service and Routing will be selected. To click “Next” button to continues the next step.
ScreenHunter_07 May. 22 15.27Click “Installation” button
ScreenHunter_08 May. 22 15.28If no any exception, the installation almost be succeeded.
ScreenHunter_10 May. 22 15.41Now, the system has already added a new roles “Network Policy and Access Services”.
ScreenHunter_11 May. 22 15.43

(2).Configure and Enable Routing and Remote Access
When you expand the “Network Policy and Access Services” tree, the red arrow down icon express this function never be enabled.
To right-click it and select “Configure and Enable Routing and Remote Access” in menu,the setup wizard will show up.
ScreenHunter_12 May. 22 15.44Click “Next > “ button
ScreenHunter_13 May. 22 15.45Select “Custom configuration” option next to click “Next > “ button
ScreenHunter_14 May. 22 15.46Enable “LAN routing” check box next to click “Next > “ button
ScreenHunter_15 May. 22 15.47Click “Finish” and “Start service” button
ScreenHunter_17 May. 22 15.47Now the icon become green arrow up.
ScreenHunter_19 May. 22 15.48

(3).Verify IPv4 setting
Right-click “Routing and Remote Access” next to select “Properties” in menu
ScreenHunter_20 May. 22 15.51You will see this computer pay a role as IPv4 Router now.
ScreenHunter_21 May. 22 15.51

(4).View IPv4 Routing table
To expand "IPv4” tree and right-click “Static Routes” to select “Show IP Routing Table…”
ScreenHunter_22 May. 22 15.54The current IPv4 Routing information will show up
ScreenHunter_23 May. 22 15.54
In the time, the computers in 10.10.101.x and in 10.11.101.x can communicate each other. Of course, the computer default gateway need to be set on the IP of Router interface.

2012年5月20日 星期日

Open firewall port for Computer join Domain & Account logon Domain

I want to understand which firewall port need to be opened if the computer will join and log on Domain. I use Microsoft Forefront Threat Management Gateway 2010 as firewall and assign two network segment for creating DC(VBHV-DC-01 in LAN3) and Workstation(VBHV-FS-01 in LAN4) role. And the network rules is route mode from LAN4 to LAN3.ScreenHunter_15 May. 17 19.05To create a new Access Rule from LAN4 to LAN3 and open the following protocols:
                              Microsoft CIFS/SMB: 445/TCP
                              Kerberos-Sec: 88/TCP, 88/UDP
                              DNS: 53/TCP, 53/UDP
                              LDAP: 389/TCP, 389/UDP
                              NetBIOS Datagram: 138/UDP
                              NetBIOS Name Service: 137/UDP
                              NetBIOS Session: 139/TCP
                              NTP: 123/UDP
                              RPC Endpoint Mapper(Custom): 135/TCP
                              ADLogon/DirRep(Custom): 50000/TCP
                              RPC Netlog(Custom): 50001/TCP
ScreenHunter_18 May. 17 20.20For limiting the special port for RPC to a single port(50000/TCP), we need to add a registry on each domain controller.
In “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\" registry key to new a DWORD (32-bit) Value
ScreenHunter_19 May. 17 20.32Rename the entry from “New Value #1” to “TCP/IP Port”
ScreenHunter_20 May. 17 20.34Double-Click this entry and select “Decimal” option –> enter “50000” in Value data field –> click “OK” button
ScreenHunter_21 May. 17 20.35After finish the above correct, please reboot DC so that the registry function will enable.
ScreenHunter_22 May. 17 20.35To force RPC port for client RPC traffic to a specific port, I need to do the same activity in “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
To new a DWORD (32-bit) Value type “REG_DWORD”, rename the entry from “New Value #1” to “DCTcpipPort” and name a Registry value “50001” next to reboot it
ScreenHunter_01 May. 18 16.21Now,I try to join Domain “dw.com” and the result is successful.
ScreenHunter_01 May. 17 15.11The computer can log on Domain “VBHV-DC-01”.
ScreenHunter_04 May. 18 19.50By TCPView Utility, you will see there is no any port limited now.
ScreenHunter_03 May. 18 17.58
Since 2010 Design by Davidwa
©Copyright Davidwa Inc. All rights reserved.