[DHCP] Configure DNS Dynamic Updates on Windows 2008
May 29th, 2009
I followed this procedure from TechNET to configure dynamic updating: http://technet.microsoft.com/en-us/library/dd145315(WS.10).aspx. I want to share my results as it went quite straightforward.
The DHCP server might be configured in one of the following ways, we choose the second to increase our control over the workstations:
- The DHCP server registers and updates client information with the authoritative DNS server of the zone in which the DHCP server is located according to the DHCP client request.
This is the default configuration for DHCP servers running Windows Server 2008. In this mode, the DHCP client can request the way in which the DHCP server performs updates of its host (A) and pointer (PTR) resource records. If possible, the DHCP server accommodates the client request for handling updates to its name and IP address information in DNS.
To modify this setting, select the Dynamically update DNS A and PTR records only if requested by the DHCP clients check box, which is located in Properties on the DNS tab on the applicable DHCP server or on one of its scopes. - The DHCP server always registers and updates client information in DNS.
This is a modified configuration supported for DHCP servers running Windows Server 2008 and DHCP clients. In this mode, the DHCP server always performs updates of the client’s FQDN, leased IP address information, and both its host (A) and pointer (PTR) resource records, regardless of whether the client has requested to perform its own updates.
To modify this setting, select the Enable DNS dynamic updates according to the settings below check box and click Always dynamically update DNS A and PTR records, which is located in Properties on the DNS tab on the applicable DHCP server or on one of its scopes. - The DHCP server never registers and updates client information in DNS.
To set this behavior, the DHCP server must be configured to disable performance of DHCP/DNS proxied updates. By disabling this feature, no client host (A) or pointer (PTR) resource records are updated in DNS for DHCP clients.
If necessary, this change in setting can be made at DHCP servers running Windows Server 2008 by clearing the Enable DNS dynamic updates according to the settings below check box, which is located in Properties on the DNS tab on the applicable DHCP server or one of its scopes. By default, updates are always performed for newly installed DHCP servers running Windows Server 2008 and any new scopes created for them.
Procedure
This implied the following configuration:
- [DNS] Configure DNS Zone as Secure Only
- [DHCP] Configure DHCP Server to Always dynamically update DNS A and PTR records
- [AD] Make the DHCP server computer account part of the DNSUpdateProxy Security Group
- [AD] Created a service account “DOMAIN\DNSUpdate”
- TEST: Run ipconfig /release; ipconfig /renew from my workstation and checked the created record on the DNS record, for my surprise when I tried to check the security of the DNS record I got a permission denied error. What happened here is that the owner of the record is now the “DOMAIN\DNSUpdate” and not mine, regardless I am a Domain Admin.
Source
[HyperV] HowTo Manage Hyper-V Server from Windows 7 RC
May 29th, 2009
John Howard developed a script (http://code.msdn.microsoft.com/HVRemote) to facilitate client and server configuration to be managed by HyperV, I found this script very useful and I this article is about configuring the client side. Below is a summary and how it worked for me.
Summary
- Download the HVRemote.wsf script from: http://code.msdn.microsoft.com/HVRemote
- Allow DCOM access by running (Elevated): cscript HVRemote.wsf /mode:client /AnonDCOM:grant
- Allow firewall exceptions for WMI
- Open Windows Firewall management: Control Panel\System and Security\Windows Firewall
- Allow programs to communicate though Windows Firewall
- Select “Windows Management Instrumentation (WMI)” for the Domain network. Click OK.
Troubleshooting: DNS. This is the number one reason why remote management fails. It is vitally important that the client can locate the server by name, and that the server can locate the client by name. Try doing an “nsLookup <othermachinename>” on each machine or “ping <othermachinename> -t”. It should return the IP Address of the other machine as seen when running “ipconfig”. If it doesn’t find the correct IP address, or doesn’t find the other machine at all, fix DNS, or consider editing /windows/system32/drivers/etc/hosts to hard-code an entry for the other machine as needed. But if editing the hosts file, be wary of possible changes should you also be using DHCP in your environment.
Details
D:>cscript HVRemote.wsf /mode:client /AnonDCOM:grant
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.Hyper-V Remote Management Configuration & Checkup Utility
John Howard, Microsoft Corporation.
http://blogs.technet.com/jhoward
Version 0.6 2nd Mar 2009INFO: Computername is ######
INFO: Computer is in domain ######
INFO: Current user is ######
INFO: Detected Windows 7/Windows Server 2008 R2 OSINFO: Obtaining current Machine Access Restriction…
INFO: Examining security descriptor
INFO Granted Remote DCOM Access to Anonymous Logon
WARN: See documentation for security implications
INFO: Are running the latest version
The following script did not worked for me, but John Howards seems to use this successfully, this is why I had to manually allow the WMI exception on my Windows Firewall.
D:\>cscript HVRemote.wsf /mode:client /FirewallHyperVClient:Enable
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.Hyper-V Remote Management Configuration & Checkup Utility
John Howard, Microsoft Corporation.
http://blogs.technet.com/jhoward
Version 0.6 2nd Mar 2009INFO: Computername is ######
INFO: Computer is in domain ######
INFO: Current user is######
INFO: Detected Windows 7/Windows Server 2008 R2 OS
WARN: Hyper-V Management Clients - WMI (Async-In) firewall not updated
WARN: Hyper-V Management Clients - WMI (TCP-Out) firewall not updated
WARN: Hyper-V Management Clients - WMI (TCP-In) firewall not updated
WARN: Hyper-V Management Clients - WMI (DCOM-In) firewall not updated
INFO: Are running the latest version——————————————————————————-
4 warning(s) or error(s) were found in the configuration. Review the
detailed output above to determine whether you need to take further action.
Summary is below.1: FW Rule Hyper-V Management Clients - WMI (Async-In) was not updated
2: FW Rule Hyper-V Management Clients - WMI (TCP-Out) was not updated
3: FW Rule Hyper-V Management Clients - WMI (TCP-In) was not updated
4: FW Rule Hyper-V Management Clients - WMI (DCOM-In) was not updated——————————————————————————-
System Center videos on http://edge.technet.com
May 16th, 2009
It is great to see how this community is growing, I like the video-way of being on top of industry related news, go deep and spend 20 minutes a day watching this 5-10 minutes videos and you will find yourself on-top of most of the MS management technologies 
http://edge.technet.com/Tags/System+Center/
The last toy of Ops Mgr R2:
Visio Integration with Operations Manager R2
Today we will talk about Windows Server Foundation 2008 on a TechNET webcast. Windows Server Foundation 2008 is aimed to starters with less that 15 workstation on their premises, it became a very cost-effective alternative and a better entry point to the Windows Server platform than Windows Server Small Business 2008.
You can go further reading the official press presentation here:
“Microsoft is filling a crucial hole at the low end of its Windows Server portfolio by delivering a simple, low-cost solution geared for small businesses and first-time server users,” said Al Gillen, program vice president, IDC. “Windows Server 2008 Foundation really rounds out Microsoft’s server platform and provides a solution for a key market segment.”
This will be a quick webcast to go though the technical details, strengths and limitations of this platform, you can register here: http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032414726&EventCategory=4&culture=es-AR&CountryCode=AR
You can download the presentation here on this Link.
See you!
