6: Planning, Configuring, and Troubleshooting WINS
Download
Report
Transcript 6: Planning, Configuring, and Troubleshooting WINS
70-293: MCSE Guide to
Planning a Microsoft Windows
Server 2003 Network, Enhanced
Chapter 6:
Planning, Configuring, And
Troubleshooting WINS
Objectives
•
•
•
•
•
•
•
•
Describe the NetBIOS name resolution process
Choose a NetBIOS name resolution method
Describe the tasks performed by WINS
Install WINS
Choose WINS fault-tolerance options
Configure WINS replication
Manage WINS
Describe NetBIOS security issues
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
2
NetBIOS Name Resolution
• WINS (Windows Internet Naming Service) is required
to support NetBIOS name resolution for pre-Windows
2000 clients
• Windows-based applications use WinSock and
NetBIOS to access network resources
• With NetBIOS, the name of the remote resource is
resolved to an IP address
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
3
NetBIOS Name Resolution
(continued)
• Microsoft clients use the following four methods to
resolve NetBIOS names
•
•
•
•
NetBIOS name cache
Windows Internet Naming Service (WINS)
Broadcast
LMHOSTS
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
4
NetBIOS Name Resolution
(continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
5
NetBIOS Name Cache
• Client computers use the NetBIOS name cache to
speed up the name resolution process
• A reduction in network traffic occurs because if the
current NetBIOS name being resolved has a record in
the cache, its IP address in the cache is used and no
further resolution is performed
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
6
WINS
• A WINS server is used to resolve NetBIOS names
• A WINS server is a central repository of NetBIOS
name information on the network
• The advantages of WINS over other NetBIOS name
resolution methods are:
•
•
•
•
•
It functions across routers
It can be dynamically updated
It can be automated
It offers client configuration through DHCP
It offers integration with DNS
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
7
Broadcast
• If WINS has not been installed on the network or the
client has been incorrectly configured, WINS cannot
resolve the NetBIOS name In such a case, a
broadcast is sent on the network
• The computer using the NetBIOS name being
resolved receives the request and then responds with
its IP address
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
8
LMHOSTS
• The LMHOSTS file is a static text file located on the
workstation
• The file contains a list of NetBIOS names and their
associated IP addresses
• If no other method is successful, Windows clients
parse an LMHOSTS file to find the NetBIOS name
• The most common use of LMHOSTS files is to test
NetBIOS name resolution
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
9
Activity 6-1: Creating an
LMHOSTS File
• The purpose of this activity is to create an
LMHOSTS file for NetBIOS name resolution
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
10
Choosing NetBIOS Name
Resolution Methods
• Methods to implement NetBIOS name resolution can
vary depending on the size and capacity of the
network
• Certain resolution methods are better suited to small
networks, whereas others are suited to large networks
• Some non-Windows clients are not capable of using
WINS
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
11
Single Subnet Networks
• A network with only a single subnet can use
broadcast name resolution
• The potential drawback to broadcast name resolution
on a single subnet is the number of broadcast packets
that will be sent on the network
• On a network with many computers or limited
bandwidth, this can affect network performance
• If a reduction in broadcast traffic is desired, WINS
should be implemented
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
12
Large Multisubnet Networks
• Name resolution methods for large networks with
multiple subnets are:
• LMHOSTS
• WINS
• LMHOSTS files are not practical for large networks
• it is too difficult to maintain the file on each computer
• On large networks, WINS is used for name resolution
• All the clients can be configured dynamically by using
DHCP, making implementation and maintenance very easy
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
13
Small Multisubnet Networks
• Most small networks with multiple subnets use a
WINS server for NetBIOS name resolution
• Clients are easily be configured using DHCP
• It is reasonable to use an LMHOSTS file on smaller
multisubnet networks because there are a limited
number of client computers to configure
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
14
Non-WINS Clients
• You can use a WINS proxy for computers that need to
participate in NetBIOS name resolution but that
cannot be configured to use WINS
• These computers are often UNIX or Linux clients that
need to access NetBIOS resources
• Using a WINS proxy allows these clients to resolve
NetBIOS names to IP addresses using records in a
WINS database
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
15
Non-WINS Clients (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
16
WINS Functions
• WINS can perform four common tasks:
•
•
•
•
Name registration
Name renewal
Name release
Name query
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
17
Name Registration
• When a WINS client boots up, it performs a name
registration
• The name registration places NetBIOS information
about the client into the WINS database
• This makes the information available to other clients
performing name queries
• Name registration is a two packet process
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
18
Name Registration (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
19
Name Renewal
• Each NetBIOS name registration is assigned a TTL
• When the TTL is one-half completed, the WINS
client attempts to refresh the registration
• The default TTL is six days
• Name renewal is a two-packet process
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
20
Name Renewal (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
21
Name Release
• When a computer is properly shut down, it contacts
the WINS server and releases its Net-BIOS name
• The first packet is a name release request sent from
the WINS client to the WINS server
• This request includes the NetBIOS name being
released and the IP address of the WINS client
• The WINS server sends a name release response to
the WINS client
• The name release response contains the NetBIOS
name being released and a TTL of zero
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
22
Name Release (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
23
Name Query
• A name query is used to resolve a NetBIOS name to
an IP address
• This is done by a client computer that is accessing
resources on a server
• A WINS client queries a WINS server if the NetBIOS
name being resolved has not been recently resolved
and stored in the NetBIOS name cache
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
24
Name Query (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
25
Installing WINS
• Windows Server 2003 has the ability to act as a
WINS server
• WINS is the Microsoft implementation of a NetBIOS
name server
• A NetBIOS name server is responsible for accepting
NetBIOS name registrations and queries
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
26
Activity 6-2: Installing WINS
• The purpose of this activity is to install WINS on
your server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
27
Activity 6-3: Configuring a
WINS Client
• The purpose of this activity is to configure your
server to be a WINS client
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
28
WINS Fault Tolerance
• Options for fault tolerance are:
• Clustering
• Clustering is the best mechanism to provide WINS fault tolerance
because it provides almost instant failover
• Using multiple WINS servers
• Much easier to implement, particularly if you have already
configured multiple WINS servers on your network to reduce WAN
traffic
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
29
WINS Replication
• When more than one WINS server is implemented,
you must configure the WINS servers as replication
partners
• Replication partners synchronize information
between each other
• Replication can be configured in three ways:
• Push
• Pull
• Push/Pull
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
30
WINS Replication (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
31
Activity 6-4: Configuring
Replication Partners
• The purpose of this activity is to configure your
server to replicate WINS information with a partner
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
32
Managing WINS
• The General tab of the WINS server Properties dialog
box allows you to configure:
• How often statistics are updated for the server
• The path for backing up the WINS database
• Whether the WINS database should be backed up each time
the server is shut down
• The Intervals tab allows you to configure how names
are expired and deleted from the WINS database
• The renewal interval refers to the TTL that is given to
WINS clients when a name is registered with the
WINS server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
33
Viewing Database Records
• To view the records that exist in the WINS database,
right-click Active Registrations, and click Display
Records
• You can search for records based on:
•
•
•
•
Name
IP address
Owner
Record type
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
34
Activity 6-5: Viewing WINS
Records
• The purpose of this activity is to view WINS records
on your server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
35
Adding Static Records
• If non-Microsoft servers provide NetBIOS resources
on the network, they may not be able to use a WINS
server
• If the non-Microsoft server cannot use WINS, then
WINS clients cannot resolve their NetBIOS names
• To eliminate this problem, you can create a static
record in WINS
• For each static mapping, you enter the computer
name, record type, and IP address
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
36
Activity 6-6: Creating a Static
Mapping
• The purpose of this activity is to Add a static mapping
to the WINS database
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
37
Backing Up and Restoring the
Database
• You can easily fix a corrupt WINS database if you
have a backup of the WINS database:
• Simply stop the WINS service and restore the database
• After the database has been restored, the WINS server
receives changes that occurred since the backup from
replication partners
• The WINS servers determine the changes to replicated
partners based on the version ID of the database records
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
38
Activity 6-7: Backing Up and
Restoring the WINS Database
• The purpose of this activity is to back up and restore
the WINS database on your server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
39
Migrating the WINS to a New
Server
• The overall process for client configuration is as
follows:
• Configure clients with the new WINS server as a secondary
WINS server
• Install the new WINS server
• Configure clients to use the new WINS server as the
primary WINS server
• Remove the old WINS server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
40
Migrating the WINS to a New
Server (continued)
• If the WINS database is very large, or migration
needs to be very fast, you can copy the WINS
database directly from the old server to the new
server
• The steps are as follows:
• Install WINS on the new WINS server
• Stop the WINS service on the old and new WINS server
• Copy the WINS files in
%SYSTEMROOT%\system32\wins from the old WINS
server to the new WINS server
• Start the WINS service on the new WINS server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
41
Compacting the WINS Database
• Windows Server 2003 performs dynamic compaction
of the database during idle times
• Dynamic compaction occurs while the database is in
use
• Dynamic compaction is not as good as manual compaction.
• Manual compaction of the WINS database is
performed when the WINS service is stopped
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
42
NetBIOS Security
• NetBIOS over TCP/IP must be enabled for Windows
Server 2003 to perform file and print sharing with
pre-Windows 2000 clients
• It is also required by all Windows operating systems
to browse Windows networks and available shares in
My Network Places
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
43
NetBIOS Security (continued)
• A null session is an anonymous NetBIOS session in
which no authentication credentials have been given
to the server
• Many security risks are associated with using
NetBIOS over TCP/IP when null sessions are
allowed:
• Null sessions allow unauthenticated users to scan the
network for available resources
• Null sessions allow unauthenticated users to query domain
controllers for a list of users and groups, including their
Security Identifiers (SIDs) and description
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
44
NetBIOS Security (continued)
• A user connected with a null session is also part of
the Everyone group
• If any resources are available to the Everyone group,
they are available via a null session
• Windows Server 2003 removes much of this risk by
using the Authenticates Users group instead of the
Everyone group for most tasks
• This restricts unauthenticated users from browsing
available shares, querying lists of users and groups,
and accessing resources available to the Everyone
group
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
45
NetBIOS Security (continued)
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
46
Activity 6-8: Removing WINS
• The purpose of this activity is to remove WINS from
your server
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
47
Summary
• WINS (Windows Internet Naming Service) is
required to support NetBIOS name resolution for preWindows 2000 clients
• A NetBIOS name can be resolved using four different
methods:
•
•
•
•
NetBIOS name cache
WINS
Broadcast
LMHOSTS file
• A WINS server is a central repository for resolving
NetBIOS names and has many benefits over other
NetBIOS name resolution methods
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
48
Summary (continued)
• A WINS server performs four common tasks:
•
•
•
•
name registration
name renewal
name release
name query
• To configure WINS for fault tolerance, you must use
clustering or implement multiple WINS servers
• When two or more WINS servers exist on a network,
replication must be configured between them to
synchronize their contents
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
49
Summary (continued)
• You can configure a static mapping for resources that
are unable to register themselves with WINS
• You can view and delete the records in a WINS
database
• You should back up the WINS database just like any
other critical resource on a network
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network
50