Chapter 13

Chapter 13:
Managing Internet and
Network Interoperability
 Learning Objectives
Chapter 13

■ Install and configure a Web server and

a Media Services server
■ Install and configure DNS and WINS
servers
■ Install and configure a DHCP server
Learning Objectives (continued)
Chapter 13

■ Install and configure a terminal server

■ Configure a Telnet server
■ Install and configure a NetWare
gateway
 Microsoft Internet
Information Services Chapter 13

■ Internet Information Services (IIS): A group of

Microsoft Windows 2000 Server components
that provide Internet Web, FTP, mail,
newsgroup, and other services
■ All of the individual services can be installed
or uninstalled separately so that only the
needed services are running.
■ After installing Windows 2000 Server, web
and SMTP services are installed by default.
FTP and NNTP services are disabled.
 Requirements for Installing
a Web Server Chapter 13

■ Windows 2000 Server installed

■ TCP/IP installed
■ Sufficient disk space for IIS-related files
■ Disk storage formatted for NTFS
(recommended)
■ Name resolution software, such as DNS
and WINS
■ Access to an Internet service provider (if
you want to provide internet access to
your web server)
 Installing IIS
Chapter 13

■ IIS is a Windows component that is

installed in one of two ways:
◆ From Control Panel, Add/Remove
Programs, Add/Remove Windows
Components, Internet Information Services
◆ From the Administrative Tools menu using
the Configure Your Server tool
 IIS Components
Chapter 13

■ Several IIS components can be installed,

such as Web server, FTP server, NNTP
service, and SMTP service
◆ Network News Transfer Protocol (NNTP): A
TCP/IP-based protocol used by NNTP
servers to transfer news and informational
messages to client subscribers who
compose “newsgroups”
◆ Newsgroups allow people to share
information by posting messages which
others can read and reply to.
 Internet Information
Services Components
IIS Component Option
Common Files
Documentation
File Transfer Protocol (FTP) Server
FrontPage 2000 Server Extensions
Internet Information Services Snap-in
Internet Services Manager (HTML)
Chapter 13
Purpose
Files needed for general IIS functions
Documentation for publishing to and
managing Web and FTP sites.
Used to set up FTP server services for
file transfers between the IIS server and
clients.
Used to enable Microsoft FrontPage to
publish web files directly to an IIS
server.
Installs the MMC used to manage IIS
related services
Installs a browser based management
tool for managing IIS related services
 Internet Information
Services Components
Chapter 13

IIS Component Option Purpose

NNTP Service Allows the IIS server to provide NNTP
services for newsgroups

SMTP Service Allows the IIS server to function as an

SMTP server to distribute email
messages on an intranet or the internet
World Wide Web Server Allows the IIS server to function as a
web server on an intranet, the Internet
or via a VPN.
 Selecting IIS Components
for Installation Chapter 13

Figure 13-1 Specifying Internet Information Services components

 Troubleshooting Tip
Chapter 13

■ After the IIS components are installed in

Windows 2000 Server, check all of the
services associated with those
components to make sure they are
started and set to start automatically
■ Services can be found under “Computer
Management
 Configuring IIS
Chapter 13

■ IIS services can be configured using two

methods:
■ Administrative Tools, Internet Services
Manager
■ Use the Configure Your Server tool (in
the Administrative Tools menu) to further
configure IIS services, such as creating a
virtual directory
 Configuring IIS
Chapter 13

■ When IIS is installed, a default web site is

created automatically.
■ The home folder for the default web site is
“C:\InetPub\wwwroot”. This can be changed
to any other folder on your server.
■ The home folder for a web site or virtual
directory holds all documents (HTML, ASP,
etc.) that relate to that web site or virtual
directory.
 Configuring IIS
Chapter 13

Figure 13-2 Configuring an IIS Web server

 Virtual Directory
Chapter 13

■ Virtual directory: A URL formatted address

that provides an Internet location (virtual
location) for an actual physical folder on a
Web server that is used to publish Web
documents
■ When you create a virtual directory on a Web
server, be sure to configure the appropriate
security and other properties of the directory
 Virtual Directory
Security Options Chapter 13

Security Option Purpose

Browse Enables users to browse the contents of the virtual directory

Execute Enables users to execute programs and scripts

Read Enables users to open files in the virtual directory

Run scripts Enables users to run command scripts

Write Enables users to add new files to the virtual directory and to modify

the contents of existing files

Table 13-2 Virtual Directory Security Options

 Virtual Directory Properties Tabs
Chapter 13
Properties Tab Purpose
Custom Errors Used to set up error messages that are displayed in a client’s browser when specific errors occur
Directory Security Used to fine-tune security including whether or not to allow anonymous access, to set IP
address restrictions and restrictions on domain names that can access the site, and to require
secure communications through certificates
Documents Used to define a default Web page and to specify a footer for Web documents
HTTP Headers Used to set an expiration date on the directory contents, to set properties of headers that are
returned to the client’s browser, to set content ratings (such as for content limited to adults), and
to specify Multipurpose Internet Mail Extensions (MIME)
Virtual Directory Used to specify general properties that include the computer on which the physical folder is
located, the local path, security, and application settings

Table 13-2 Virtual Directory Security Options

 Configuring Virtual
Directory Properties Chapter 13

Figure 13-3 A virtual directory’s properties

 Managing an IIS Web Server
Chapter 13

■ An IIS Web server is managed using

the Internet Services Manager (also
called the Internet Information Services
tool) which is started from the
Administrative Tools menu or as an
MMC snap-in
 Elements Managed through the
Internet Services Manager Chapter 13

■ The Internet Services Manager enables

you to manage these elements:
◆ Default Web site
◆ Administration Web site
◆ FTP site
◆ SMTP virtual server
◆ NNTP virtual server
Using the Internet
Services Manager Chapter 13

Figure 13-4 Managing a Web site

 Default Web Site Properties Tabs
Chapter 13
Properties Tab Purpose

Custom Errors Used to set up error messages that are displayed in a client’s browser when specific errors

occur while accessing the Web server

Directory Security Used to set up security for a Web site that includes whether or not to allow anonymous access,

authentication methods, IP address and domain restrictions, and use of certificate security

Documents Defines a default Web page for the Web site and enables you to specify a footer for Web

documents

Home Directory Specifies the location of the main folder in which Web programs and processes are stored,

which is usually \\server\inetpub\wwwroot; and enables you to set security on that folder

HTTP Headers Used to set an expiration date on the directory contents, to set properties of headers that are

returned to the client’s browser, to set content ratings (such as for content limited to adults),

and to specify Multipurpose Internet Mail Extensions (MIME)

 Default Web Site Properties
Tabs (continued) Chapter 13
Properties Tab Purpose

ISAPI Filters Used to set up Internet Server Application Programming Interface (ISAPI) filters,

which are used to provide special instructions on how to handle specific HTTP

requests

Operators Used to specify which user accounts and groups have privileges to manage the

Web server

Performance Used to optimize performance on the basis of daily hits, bandwidth, and

CPU/process utilization

Server Extensions Used to establish security and controls for publishing documents using FrontPage

Web Site Used to configure IP addressing, number of connections, connection timeout, and

activity logging
Configuring a Web Site
Chapter 13

Figure 13-5 Configuring Web site properties

 Setting Web Site Security
Chapter 13

■ In the Web site properties, click the

Directory Security tab to configure the
following authentication options:
◆ Basic authentication (password is sent in
clear text): For clients who cannot use an
encrypted password
◆ Digest authentication: For hashed security
◆ Integrated Windows authentication: For a
secret code security determined by a
cryptographic formula
 Configuring IP Security Access
for Intranets/VPNs Chapter 13

■ You can control access to a Web server

by restricting it using any combination of
the following:
◆ IPaddresses
◆ subnets
◆ domains
 Configuring IP
Address Restrictions Chapter 13

Figure 13-6 Configuring restricted IP access

 Troubleshooting IIS
Chapter 13
Problem Solution

The Web server is not responding 1. Use the Network and Dial-up Connections tool to make

sure that the server’s connection to the network or

Internet is enabled.

2. Use the Task Manager to make sure that the IIssrv.exe

program is working.

3. Right-click the Web server in the IIS management tool

and click Restart IIS to restart the IIS service.

4. Use the Computer Management tool to make sure that the

Server Service is started and set to start automatically.

Table 13-5 Troubleshooting IIS

 Troubleshooting IIS (continued)
Chapter 13

Problem Solution

No one can access the Web server, but the 1. Make sure there is a WINS server on the network

server is booted and its network and and that it is functioning.

Internet connections are enabled 2. Make sure that the DNS server(s) is (are)

connected and working on the network.

3. Use a Web browser from different computers and

locations to test the connection and determine if

the problem is due to a network segment location,

the Internet connection, or a specific client that

cannot access the server.

 Troubleshooting IIS (continued)
Chapter 13
Problem Solution

Clients can connect to the Web 1. Make sure that the authentication and encryption set at the server

server, but cannot access it’s contents matches the authentication and encryption properties that the client

computers can support.

2. Check the Web sharing permissions on Web folders to make sure

that they enable the appropriate client access, such as permission to

read files and run scripts (try using the IIS Permissions Wizard for

help or check the folders’ properties).

3. Make sure that no NTFS permissions on Web folders are set to Deny.

4. Make sure that the \Inetpub\wwwroot folder is intact and contains all

of the necessary HTML files (open the IIS management tool, right-

click Default Web Site, and click Open).

 Troubleshooting IIS (continued)
Chapter 13

Problem Solution

FTP to the Web server does not work 1. Make sure that the File Transfer Protocol (FTP)

Server service is installed as a Windows component

through the Add/Remove Programs tool.

2. Grant the appropriate permissions on folders used for

FTP, including the ability to write for those who

upload documents to the server.

3. Use the Computer Management tool to make sure

that the FTP Publishing Service is started and set to

start automatically.
 Troubleshooting IIS (continued)
Chapter 13
Problem Solution

E-mail is not going through the Web server 1. Make sure that the SMTP service is installed as a Windows

component through the Add/Remove Programs tool.

2. Use the Computer Management tool to make sure that the Simple

Mail Transfer Protocol service is started and set to start automatically.

Newsgroups are not supported on the Web 1. Make sure that the NNTP service is installed as a Windows

server component through the Add/Remove Programs tool.

2. Make sure there are virtual directories set up for newsgroups and that

the permissions are appropriately set for users to access, such as

permissions to browse and read.

3. Use the Current Sessions tool in the IIS management tool to

determine if users are connecting to the service.

 Troubleshooting IIS (continued)
Chapter 13

Problem Solution

Users cannot publish using FrontPage 1. Make sure that the FrontPage 2000

Server Extensions are installed as a

Windows component through the

Add/Remove Programs tool.

2. Encourage users to upgrade to

FrontPage 2000 for best compatibility.

 Windows Media Services
Chapter 13

■ Install Windows media services to offer voice

and video multimedia services on a
Web site, to enable the streaming mode, and
to take advantage of multicasting
◆ Streaming: Playing a multimedia audio, video, or
combined file received over a network before the
entire file is received at the client
■ Use the Windows Media Services Administrator
— accessed from the Administrative Tools
menu — to configure Windows Media Services
Using the Windows Media
Server Administrator Chapter 13

Figure 13-7 Windows Media Server Administrator

 Microsoft DNS Server
Chapter 13

■ DNS server: A Microsoft service that resolves

computer names to IP addresses, such as
resolving the computer name MBrown to IP
address 129.77.1.10
■ DNS also performs reverse lookups which
resolve IP addresses to computer names
■ DNS is an integral part of a Windows 2000
network and is necessary for internet browsing
 Design Note
Chapter 13

■ When you install Active Directory, you

must have at least one DNS server
■ A DNS server is also needed for an IIS
server
 Installing DNS Server
Chapter 13

■ Install DNS as a Windows component

from the Control Panel Add/Remove
Programs icon
■ Double-click Networking Services in the
Windows Components dialog box and
select Domain Name System (DNS)
 Selecting DNS
Chapter 13

Figure 13-8 Installing Microsoft DNS

 Design Tip
Chapter 13

■ Always assign a static IP address to

DNS servers
■ On medium and large sized networks,
configure at least two DNS servers on
the same or different networks in case
one fails
 Configuring DNS
Chapter 13
■ Configure a forward and reverse lookup
zone in the DNS server:
◆ Forward lookup zone: A DNS server zone or
table that maps computer names to IP
addresses
◆ Reverse lookup zone: A DNS server zone or
table that maps IP addresses to computer
names
■ Zones are created and managed by using
the DNS tool in the Administrative Tools
menu
Viewing a Forward
Lookup Zone Chapter 13

Figure 13-9 DNS Forward lookup zone

Creating a Reverse Lookup Zone
Chapter 13

Figure 13-10 Creating a reverse lookup zone

 Subnets
Chapter 13

■ Folders can be created in a reverse lookup

zone to reflect subnets
 Reverse Lookup Zone
Subnet Folders Chapter 13

Figure 13-11 Reverse lookup zone subfolders for subnets

 Forward Lookup Zone Records
Chapter 13

■ A forward lookup zone typically contains a

host address (A) resource record:
◆ Hostaddress (A) resource record: A record in
a DNS forward lookup zone that consists of a
computer name correlated to an IP address
Configuring a Host Address (A)
Resource Record Chapter 13

Figure 13-12 Creating a host address (A) resource record

 Reverse Lookup Zone Records
Chapter 13

■ A reverse lookup zone typically contains a

pointer (PTR) resource record:
◆ Pointer(PTR) resource record: A record in a
DNS reverse lookup zone that consists of an
IP address correlated to a computer name
Creating a PTR record
Chapter 13

Figure 13-13 Creating a PTR record

 Using Microsoft WINS
Chapter 13
■ Install and use Microsoft WINS to resolve
NetBIOS names to IP addresses
■ WINS is installed as a Windows component
via the Control Panel Add/Remove
Programs tool
◆ WINS is a subcomponent of the Networking
Services Windows component
■ WINS is not required on a Windows 2000
network, but must be installed to support
name resolution for Windows NT or 9x
clients.
 DHCP
Chapter 13

■ Install Microsoft DHCP to implement

dynamic IP addressing on a network
■ DHCP is installed as a Windows
component from the Control Panel
Add/Remove Programs icon
◆ Double-clickNetworking Services in the
Windows Components dialog box and
select Dynamic Host Configuration Protocol
(DHCP)
 Scope
Chapter 13

■ Configure one or more scopes after

DHCP is installed:
◆ Scope:A range of IP addresses that a
DHCP server can assign to clients
■ Create scopes and manage DHCP by
using the DHCP management tool from
the Administrative Tools menu or as an
MMC snap-in
Specifying a Scope
Chapter 13

Figure 13-14 Creating a scope

 Authorizing a DHCP Server
Chapter 13

■ Windows 2000 DHCP servers must be

authorized in the Active Directory before
they are can distribute IP addresses
■ Authorize a DHCP Server in the Active
Directory via the DHCP management tool:
◆ Right-clickthe server in the tree
◆ Click Authorize
 Configure the DHCP Server to
Update DNS Records Chapter 13

■ Configure the DHCP server so that it

automatically registers new IP address in
the DNS server (so you don’t have to)
■ To configure automatic DNS registration:
◆ Open the DHCP management tool
◆ Right-click the DHCP server and click
Properties
◆ Click the DNS tab
 Configuring DNS Updating
Chapter 13

Figure 13-15 Configuring automatic DNS registration

Troubleshooting a DHCP Server
Chapter 13
Problem Solution

The DHCP server will not start 1. Use the Computer Management tool to make sure that

the DHCP Client and DHCP Server services are

started and set to start automatically. If the DHCP

Server service will not start, make sure that the

Remote Procedure Call (RPC) and the Security

Accounts Manager services are already started,

because the DHCP Server service depends on both.

2. Make sure that the DHCP server is authorized.

The DHCP server creates extra or Increase the lease period in each scope, so there is less

excessive network traffic traffic due to allocating new leases when the old ones

expire.
 Troubleshooting a DHCP
Server (continued) Chapter 13
Problem Solution

The DNS lookup zone records are not 1. Make sure that DNS servers and IP addresses are set

automatically updated up in each DHCP scope.

2. Make sure that the DHCP server’s properties are set

up to automatically update the DNS server. Also,

have the DHCP server do the updating instead of

clients, when there are pre-Windows 2000 server

clients. Last enable DNS updating for clients that do

not dynamically support it.

One of the leased IP addresses is Exclude that IP address from the scope.

conflicting with a permanent IP address

assigned to a computer, such as a server

 Troubleshooting a DHCP
Server (continued) Chapter 13
Problem Solution

Your network has a large number of Reduce the lease duration so that leases expire sooner and can be

portable and laptop computers and is in reassigned.

short supply of IP addresses

The System log is reporting Jet database The DHCP database is corrupted. Have users log off from the

error messages DHCP server and disable the server’s connection (use the

Network and Dial-up Connection tool). Use the DHCP

management tool to reconcile the scopes (right-click the server

and click Reconcile All Scopes). Another option is to open the

Command Prompt window and use the Jetpack.exe program to

repair the database. A third option is to use the Nesh.exe

command to dump the database and then reinitialize it.

 Troubleshooting a DHCP
Server (continued) Chapter 13

Problem Solution

The DHCP server is not responding Use the Network and Dial-up connections

tool to make sure that the server is

connected to the network

 Terminal Server Defined
Chapter 13

■ Terminal server: A server configured to

offer terminal services so that clients
can run applications on the server,
similar to having clients respond as
terminals
 Reasons for Using
a Terminal Server Chapter 13

■ To support thin clients such as Citrix

Metaframe
■ To centralize program access
■ To remotely administer Windows 2000
Server
 Thin Client Defined
Chapter 13

■ Thin client: A specialized personal

computer or terminal device that has a
minimal Windows-based operating
system.
■ Designed to connect to a host computer
that does most or all of the processing.
The thin client is mainly responsible for
providing a graphical user interface and
network connectivity.
 Other Terminal Services Clients
Chapter 13

■ Windows 2000 terminal services

supports operating systems other than
thin clients such as:
◆ MS-DOS
◆ Windows 3.x
◆ Windows 95/98
◆ Windows NT and Windows 2000/XP
◆ UNIX and X-terminals
◆ Macintosh
 Installing Terminal Services
Chapter 13

■ Terminal Services is a Windows

component that is installed using the
Control Panel Add/Remove Programs
tool
■ If you plan to use terminal services in
application mode, install both Terminal
Services and Terminal Services
Licensing components. Remote
administration mode does not require
licensing components.
 Terminal Services Modes
Chapter 13
■ When you install terminal services,
select either the Remote administration
mode (to remotely administer a server)
or the Application server mode (for
clients to run software on the server)
 Selecting the Mode
Chapter 13

Figure 13-16 Selecting the function of a terminal server

 Terminal Services Components
Chapter 13

■ Configure the Terminal Services

properties such as permission security,
client connection settings, session
timeout settings, and others
 Terminal Services
Encryption Options Chapter 13
■ The terminal services encryption options are:
◆ Low: Data sent from the client to the server is
encrypted
◆ Medium: Data sent from the client to the server
and from the server to the client is encrypted
using the default server encryption
◆ High: Data sent from the client to the server and
from the server to the client is encrypted using
the highest encryption level at the server
 Installing Applications for
Terminal Services Chapter 13

■ After installing and configuring Terminal

Services, use the Control Panel
Add/Remove Programs tool to install
software applications that clients will
access (and reinstall applications that
were installed before Terminal Services)
 Planning Tip
Chapter 13

■ Avoid running 16-bit programs through

Terminal Services, because these
create extra server overhead —
reducing the number of connections by
60 percent and increasing demands on
RAM by 50 percent
 Monitoring Terminal Services
Chapter 13

■ Use the Terminal Services Manager (on

the Administrative Tools menu) to
monitor connection sessions, including:
◆ Viewing a session’s status
◆ Connecting to view a session
◆ Logging off a user or resetting a session
◆ Sending a message
◆ Ending a process
◆ Controlling a session remotely
 Telnet Server
Chapter 13

■ Another way for clients to access the

resources on a Windows 2000 server is
to configure it as a Telnet server
■ Telnet is TCP/IP-based and enables a
computer to be set up as a network host
to clients
 Configuring Telnet Server
Chapter 13

■ To configure a Telnet server:

◆ Use the Computer Management or
Services tool to start the Telnet Server
service
◆ An alternative method is to open the
Command Prompt window and enter net
start tlntsvr
 Gateway Service for NetWare
Chapter 13

■ Gateway Service for NetWare (GSNW):

A service included with Windows NT
and Windows 2000 Server that provides
connectivity to NetWare resources for
Windows NT and Windows 2000
servers and their clients with the
Windows NT/2000 server acting as a
gateway
 Installing and Configuring
Gateway Service for NetWare Chapter 13

■ Install the Gateway Service for NetWare

using the Network and Dial-up
Connections tool
■ Use the GSNW icon on the Control Panel
to configure Gateway Service for
NetWare
■ Use the Add Printers tool to connect to
NetWare print queues through the
gateway
 Chapter Summary
Chapter 13

■ A Windows 2000 Server can become a

Web server by installing IIS
■ Install DNS and WINS to resolve
computer names and IP addresses
■ Install DHCP to enable a Windows 2000
server to automatically assign IP
addresses to clients
 Chapter Summary
Chapter 13

■ Terminal services enable thin clients

and other client operating systems to
access Windows 2000 Server and run
applications on the server
■ Terminal services are also used to
enable an administrator to remotely
manage a server
 Chapter Summary
Chapter 13

■ Use Telnet server for basic TCP/IP

client access
■ Gateway Services for NetWare enables
Windows 2000 Server clients to access
NetWare servers