IT Administrators
what you need as IT administrator
Saturday, May 14, 2011
Installing RSAT: Remote Server Administration Tools for Windows Vista
Remote Server Administration Tools was released by Microsoft for Windows Vista SP1 users to be able to manage both Windows 2003 and Windows 2008 Servers.
If you had upgraded to Vista in the past and wanted to manage Windows servers with your Vista client, you were able to with some hacks. But all in all it was a very painful process and a lot of administrators had to run a Windows XP machine virtually or have a second box to do server administrative tasks.
Now that the RSAT is released for general consumption what can it do?
Remote Server Administration Tools for Roles
Active Directory Certificate Services Tools – includes the Certification Authority snap-in, the Certificate Templates snap-in, the Enterprise PKI snap-in, and the Online Responder Management snap-in.
- Active Directory Certification Authority Tools includes the Certification Authority, Certificate Templates, and Enterprise PKI snap-ins.
- Online Responder Tools includes the Online Responder Management snap-in.
Active Directory Domain Services (AD DS) Tools – includes snap-ins and command-line tools for remotely managing Active Directory Domain Services.
- Active Directory Domain Controller Tools includes Active Directory Users and Computers, Active Directory Domains and Trusts, Active Directory Sites and Services, and other snap-ins and command-line tools for remotely managing AD DS.
- Server for Network Information Service (NIS) Tools includes an extension to the Active Directory Users and Computers snap-in, and the ypclear.exe command-line tool.
Active Directory Lightweight Directory Services (AD LDS) Tools – includes Active Directory Sites and Services, Active Directory Service Interfaces (ADSI) Edit, Schema Manager, and other snap-ins and command-line tools for managing AD LDS.
DHCP Server Tools – includes the DHCP snap-in.
DNS Server Tools – includes the DNS Manager snap-in and dnscmd.exe command-line tool.
File Services Tools – includes the following, along with the storagemgmt.msc snap-in:
- Distributed File System Tools includes the DFS Management snap-in, and the dfsradmin.exe, dfscmd.exe, dfsdiag.exe, and dfsutil.exe command-line tools.
- File Server Resource Manager Tools includes the File Server Resource Manager snap-in, and the filescrn.exe and storrept.exe command-line tools.
- Share and Storage Management Tools includes the Share and Storage Management snap-in.
Terminal Services Tools – includes the Remote Desktops and Terminal Services Manager snap-ins.
Universal Description, Discovery, and Integration (UDDI) Services Tools - includes the UDDI Services snap-in.
Microsoft Remote Server Administration Tools for Features
BitLocker Drive Encryption Tools – includes the manage-bde.wsf script.
Failover Clustering Tools – includes the Failover Cluster Manager snap-in and the cluster.exe command-line tool.
Group Policy Management Tools – includes Group Policy Management Console, Group Policy Management Editor, and Group Policy Starter GPO Editor.
Network Load Balancing Tools – includes the Network Load Balancing Manager snap-in, the nlb.exe and wlbs.exe command-line tools, and wlbsctrl.dll.
SMTP Server Tools – includes the Simple Mail Transfer Protocol (SMTP) snap-in.
Storage Manager for SANs Tools – Tools includes the Storage Manager for SANs snap-in, and the provisionstorage.exe command-line tool.
Windows System Resource Manager Tools – includes the Windows System Resource Manager snap-in and the wsrmc.exe command-line tool.
How to Install Remote Server Administration Tools for Vista
There are two versions of the RSAT tool, one for 32-bit machines and one for 64-bit machines. You can download the version you need at their respective download locations:
- Download: Remote Server Administration Tools (x86)
- Download: Remote Server Administration Tools (x64)
Once you download the file go ahead and give it a left click … c’mon … you know you want to! After clicking the file you will see it preparing the installation and doing a search to make sure your copy of Vista is prepared for the remote server admin tools.
After a bit you will get a prompt to install Update for Windows (KB941314)
After clicking Ok, you will now get prompted to read the license terms, in this case it is a simple paragraph that I actually read, that said if you are using an illegal copy you can’t use this software.
Since I am lucky enough to be using a legal copy I let off a sigh of relief and plunged ahead by clicking I Accept
Now it will begin Initializing installation and applying updates
After it is done installing you will see the Installation Complete screen:
Now when you go to Start->Administrative Tools you will see the following help file: Remote Server Administration Tool
When you click on it you will be able to read all about using Remote Server Administration Tool goodness. But instead of wasting your time reading that, I went through some of it above and will show some examples below here so you don’t have to!
The one thing you don’t see is any of the additional tools for administrating your Windows Servers, but that’s because you still have to enable them.
Now let’s go in and enable Remote Server Administration Tools in the control panel so you can use them: Start->Control Panel
Next you will see the control panel, go ahead and click on Programs
Click on Program & Features
On the left pane click on Turn Windows features on or off
Note: If you are prompted by UAC go ahead and click Ok
In the Windows Features window you can scroll down until you see Remote Server Administration Tool.
At this point you can install all the features, by checking the box, or you can expand out both the Feature Administration Tools & Role Administration Tools and only install the tools you wish to use. For our example I am going install them all!
Once you hit OK, you will see a window that shows it is configuring Vista with the features selected.
Now that it is enabled lets go back in to the Administrative Tools to see if anything is different?
Seems like everything was loaded correctly! Let’s take this baby for a test drive …
RSAT Terminal Services Manager in Vista
This section of the article will walk you through starting Terminal Services Manager and connecting to a remote Windows 2008 Server.
Go to your Administrative tools and go Terminal Services->Terminal Services Manager
You will see the following MMC open.
Note: You may be prompted by UAC, go ahead and click Ok
When you run Terminal Services Manager the first time (and every time if you don’t disable it) you get prompted by a warning that certain features are disabled when run from the console session.
If you wish to disable this, go ahead and check In the future, do not show this message and click Ok
As you can see this MMC is in the new Server 2008 layout. Let’s go ahead and click Connect to Computer in the right Actions pane
In the next window you can either connect to the local computer, or another computer. In this case I am going to enter an IP address to the test Windows Server 2008 I am running and click Ok
It connects successfully as you can see and I can tell that I already have a session on the test server through RDP.
There is a lot more to see in the MMC but I just wanted to demonstrate the functionality of administrating from Vista, and will have to cover actual usage in a future article.
As you can see RSAT brings a much overdue set of tools for System Administrators that will cut down on having to keep separate machines running just to do simple administrator tasks.
Tuesday, April 19, 2011
Configuring DNS on Cisco IOS routers
Configuration
Client R1#
----------
ip name-server 2.2.2.2
! ip domain-lookup is enabled by default
ip domain-lookup
Server R2#
----------
ip dns server
! ip domain-lookup is enabled by default
ip domain-lookup
ip host R2 2.2.2.2
ip host R1 1.1.1.1
! We can point to another DNS server
ip name-server 61.8.8.8
! but DO NOT point name-server to itself
! NO ip name-server 2.2.2.2
Verification
R1#ping R2
Translating “R2″…domain server (2.2.2.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
R1#
*Apr 7 11:35:07.163: Domain: query for R2 type 1 to 2.2.2.2
*Apr 7 11:35:07.195: DOM: dom2cache: hostname is R2, RR type=1, class=1, ttl=1, n=4Reply received ok
R2#debug domain
Domain Name System debugging is on
R2#
*Apr 7 02:18:27.683: DNS: Incoming UDP query (id#2)
*Apr 7 02:18:27.683: DNS: Type 1 DNS query (id#2) for host ‘R2′ from 12.0.0.1(58198)
*Apr 7 02:18:27.683: DNS: Query for my own hostname: R2
*Apr 7 02:18:27.683: DNS: Spoofing reply to query (id#2)
*Apr 7 02:18:27.683: DNS: Finished processing query (id#2) in 0.004 secs
REPRODUCE ROUTER CRASH
Router may crash if we configure it as a DNS server, and also point “ip name-server” to itself.
R2#c
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip name-server 2.2.2.2
R2(config)#
R2#
R2#
R2#
!
! The R2 successfully serves the DNS queuries
! for valid hostnames (When “ping R2″ is issued on R1 router)
R1#ping R2
Translating “R2″…domain server (2.2.2.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/58/60 ms
*Apr 7 11:35:58.539: Domain: query for R2 type 1 to 2.2.2.2
*Apr 7 11:35:58.571: DOM: dom2cache: hostname is R2, RR type=1, class=1, ttl=1, n=4Reply received ok
R2#
*Apr 7 02:19:19.059: DNS: Incoming UDP query (id#3)
*Apr 7 02:19:19.059: DNS: Type 1 DNS query (id#3) for host ‘R2′ from 12.0.0.1(54174)
*Apr 7 02:19:19.059: DNS: Query for my own hostname: R2
*Apr 7 02:19:19.059: DNS: Spoofing reply to query (id#3)
*Apr 7 02:19:19.059: DNS: Finished processing query (id#3) in 0.000 secs
R2#
R2#
! The R2 crashes when “ping R3″ is issued on R1 router
R1#ping R3
Translating “R3″…domain server (2.2.2.2)
*Apr 7 11:36:22.991: Domain: query for R3 type 1 to 2.2.2.2
% Unrecognized host or address, or protocol not running.
timed out
*Apr 7 11:36:55.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
*Apr 7 11:36:55.459: %OSPF-5-ADJCHG: Process 1, Nbr 12.0.0.2 on Serial0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
! As R2 cannot resolve IP for hostname R3, it tries to forward the queury to
! the next DNS server with IP address of itself. And the request keeps
! looping within R2.
!
!
R2#
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
DNS: Type 1 DNS query (id#4) for host ‘R3′ from 2.2.2.2(53)
DNS: Re-sending DNS query (type 1, id#4) to 2.2.2.2
DNS: Incoming UDP query (id#4)
Doc CD Navigation
Monday, April 18, 2011
How to configure 802.1Q trunking between Cisco Catalyst switches
How to configure 802.1Q trunking between Cisco Catalyst 4000 - 4500 - 5000 - 5500 - 6000 - 6500 Switches that run CatOS and Cisco IOS System Software.
In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
The native VLAN packets are sent untagged on the trunk link.
Therefore, the native VLAN must be the same on both switches configured for trunking.
This makes it easy to deduce to which VLAN a frame belongs when a frame is received with no tag.
By default, VLAN 1 is the native VLAN on all switches.
In Catalyst OS (CatOS), the native VLAN can be changed when the set vlan vlan-id mod/port command is issued, where mod/port is the trunk port.
In Cisco IOS Software, the native VLAN can be changed when the switchport trunk native vlan vlan-id interface command is issued, which is configured on the trunk port.
To enable the 802.1Q trunking on a CatOS and integrated Cisco IOS Software (native mode) switch, issue these commands:
In the CatOS switch: |
cat6000>set trunk mod/port [on , desirable , auto , nonegotiate] dot1q
In the integrated Cisco IOS (native mode) switch:
cat6500(config-if)#switchport trunk {encapsulation dot1q}
For more information visit:
802.1Q Trunking Between Catalyst Switches Running CatOS and Cisco IOS System Software
Benefits of Obtaining a CCIE Routing and Switching (RS) Certification from Cisco
Quick Overview
Product Description
When you are preparing to sign up for one of the Cisco CCIE certification courses you will notice that there are no formal prerequisites required. Most of the other professional certifications are no longer required by the Cisco training course administrators. The students selected are expected to have an understanding of the various subtleties and the challenges that the networking systems would involve. It is strongly recommended that you have at least three to five productive years on the job in that field prior to attempting to become certified. In order to obtain your CCIE Routing and switching certification you will be required to pass a written qualification exam as well as hands on lab evaluation. This assures that you are qualified and capable of performing the job at hand.
To those who may not be completely knowledgeable of what CCIE stands for. It successfully identifies those verified experts who have the necessary skills and the experience to enable them to handle just about any assignment in the networking field. The CCIE exams receive constant evaluations and are continually updated in order to assure top quality graduates who are favored within the industry. During these revisions the exams are centered upon the most current technology in the industry making Cisco graduates some of the more popular and most desired on the market today.
CCIE is recognized as the most high-level certification one can obtain in the industry today. When applying for a position dealing with networking most industry leaders look favorably upon CCIE Routing and switching certification. Value to the company generally translates of increasing salary in ones paycheck as well. What this boils down to is a great way to increase job security for you and your family’s future.
Often times when it comes down to a selection of possible candidates for a position the difference remains with the Cisco graduates. Various corporations and business tie up a considerable amount of money in their computer network systems and as such they want to ensure that anyone who may be handling this equipment is highly qualified to maintain it. Maintenance of the company’s networks is basic towards protecting their assets and ensuring continual operations. As the various computer environments become more and more complex the need for these qualified professionals is quickly becoming greater than ever before. Certified CCIEs are in high demand in the industry today.
Passing a CCIE exam is not as easy as one may think. Earning the honored CCIE certification requires passing the lab test successfully and there is only one way to prepare for this exam and that is by hands on experience.
Cost wise you will find that the average CCIE student has spent thousands of dollars and a minimum of eighteen months in their efforts to obtain their certification. In fact obtaining this certification is so difficult that the candidates are likely to attempt the lab more than once before they finally achieve their certification but it can be done and the rewards are well worth it.
Additional Information
Certification Level | Expert |
---|---|
Certification Track | CCIE Routing & Switching |
GNS3-Topology: CCNA & CCNP Full Mesh Topology Template
Chris sent me a lab which he says has helped him to work on about 95% of his CCNA and CCNP lab requirements. I think this is a clear sign that using Dynamips or GNS3 can be effective in a big way with exam preperation. That 5% left over can be achieved in a few ways - rack space, friends with labs or purchasing switches on ebay and link them into the virtual topology using real interfaces. Nevertheless Its great to see how much we can do without cash, space or budget (electricity bill) to prepare ourselves for these exams.
This lab is just a template lab and has no configs, routing protocols or scenarios to it. I’ll let Chris explain
I created one simple topology that seems to handle 95% of my CCNA & CCNP lab requirements. It isn’t fancy, but it should save people an hour+ of labor (that is how long it took me to create this topology).
I was getting tired of making one lab per exercise in the Cisco Lab Portfolios and the Certification Zone lab exercises. So I whipped up a 6 router setup that could handle the majority of the router scenarios I am using for practice.
It consists of 6 7206 routers in a full mesh topology. Each router has 2 ethernet connections to a dynamips ’switch’, one each in VLAN1 and VLAN2.
Each router has at least 4 frame connections to the other routers in the topology.
Each router also has 1 frame connection to a frame relay switch, with full mesh DLCI between all routers.
I use dynagen, not GNS3. I created a diagram of the topology using the freeware tool called Network Notepad (http://www.networknotepad.com/) so I can keep track of all the different connections.
Some of the CCNA & CCNP stuff calls for using the Cisco SDM. I created one generic_startup.txt config file. It sets the password to cisco for the router, and enables the http server. It also sets the exec-timeout on con0 to infinite, and disables domain lookup (your pings will work quickly now). All you have to do is bridge GNS3 or Dynagen to your physical network card, and you can use the Cisco SDM to interface with the routers. Or SecureACS, the VPN client, VMWare images, etc….
Warning: this topo uses a lot of RAM. When I have all 6 routers running, my memory utilization jumps from 900mb to 3.5GB. When all 6 routers are idle, I am seeing 10-15% CPU utilization - I have an Intel Core2 Quad processor.
Routers Used: 7206
IOS: c7200-advipservicesk9-mz.124-2.T
Feature of Topology: Full Mesh Ethernet, Frame Relay
Download: GNS3-Labs:: CCNA-CCNP-Full.Mesh.Topology
Sunday, April 17, 2011
Useful iPhone Apps
OpenTable
http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=296581815&mt=8
ShopShop
http://itunes.apple.com/us/app/shopshop-shopping-list/id288350249?mt=8
Pandora
http://www.pandora.com/on-the-iphone
Traffic!
http://www.inrixtraffic.com/
WebEx
http://www.webex.com/iphone/
Koredoko
http://itunes.apple.com/us/app/koredoko/id286765236?mt=8
Zenbe Lists
http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=284448147&mt=8