| 08 - Using TCP/IP with Windows NT Server
by Don Benage
- The importance of TCP/IP - Find out why organizations building large intranets and connecting to the Internet are implementing TCP/IP. Learn about how it works, its advantages, its potential problems, and some solutions to those problems.
- How to install and configure TCP/IP - Learn how to install and configure TCP/IP and related components such as the SNMP Service and the FTP Server Service. Find out how to configure Windows NT Server to use a Hosts file, a DNS, or both.
- How to use Dynamic Host Configuration Protocol (DHCP) - Learn how to configure the DHCP Server service using the DHCP Manager administrative utility program. Learn how DHCP automatically "leases" IP addresses from a pool of available addresses to workstations that connect to the network. Learn how to create static addresses for servers and other key network components and how to manage the IP address pool.
- How to use the Windows Internet Name Service (WINS) - Learn how to configure the WINS Server service using the WINS Manager. Discover how WINS resolves NetBIOS names with dynamically assigned IP addresses.

This chapter describes TCP/IP (Transmission Control Protocol/Internet Protocol), a network protocol and related applications that have gained wide acceptance and use over the last decade. TCP/IP is the network protocol used on the Internet, which by itself makes the topic worthy of study. It is also very useful in private networks, especially as they grow in size.
The chapter begins with a brief tutorial on TCP/IP. Those familiar with the subject from a background in UNIX networking can skip this section, or at least just skim it. No claims are made of academic rigor - it is intended to be a practical and accessible overview for those interested in a little background material. Nothing presented in the tutorial is essential for installing and using TCP/IP, although it may help you to understand some of the terminology used by TCP/IP aficionados and why things are done the way they are.
TCP/IP is a suite of network protocols that describe precisely how information can be transmitted from one computer to one or more additional computers. It is designed to operate in environments where the conditions are not particularly suitable for this task, and therefore has a strong error detection and correction capability. Most often when the term TCP/IP is used, it is meant to denote not only the protocol suite itself, but also a group of compatible applications and utilities that have been created and used to implement and test the protocols.
TCP/IP has been developed cooperatively by members of the Internet community using a proposal and peer-review process involving documents called Request for Comments (RFCs). A person or group will propose a design and publish an RFC describing that design. It will be reviewed by other members of the community, some of whom may refine the proposal with additions of their own, again put forth in an RFC. Some of these designs are implemented, tested, and refined even further. Eventually an RFC that describes a set of standards will be developed, and manufacturers will design products that conform to one or more of these RFCs.
This process turns out to be quite effective, over time, at discovering and eliminating problems. The RFC process is ongoing, and existing RFCs are available for public review. You can find them and download them without charge from various locations on the Internet, although average computer users have little use for them. They are primarily intended for individuals and organizations who are designing products and services to be used on the Internet. Some of them include useful information for Internet users, and do not describe standards at all. RFC 1118, The Hitchhikers Guide to the Internet, is an example of this type of RFC.

You can find RFCs on the Internet by using any of the large search engines on the World Wide Web. For example, use your Internet browser to connect to http://www.yahoo.com and search for "RFC."

Some of the terminology used in association with TCP/IP may be confusing at first. The term host is used to describe a component on a network, such as a computer or router. In some circles, the term host has the connotation of a large computer system, such as an IBM mainframe computer. In the context of TCP/IP discussions, a host can be a desktop personal computer or laptop, or a multiprocessor supercomputer.
The term gateway is used to describe a piece of equipment commonly referred to as a router, which is used to create wide area network (WAN) connections to remote locations. It should not be confused with its other connotation, that of a connection to a computer system using a different operating system or communications protocol. For the purposes of TCP/IP, your default gateway is nothing more than the router that connects your local area network (LAN) to the rest of your WAN.
Finally, the term Internet itself can be confusing. Internet, with a capital "I," is generally used to describe the worldwide collection of public and private networks that link educational institutions, research facilities, commercial organizations, government agencies, and military sites. The term internet, with a lowercase "i," refers to any collection of TCP/IP networks linked together with routers. Private internets, or internetworks, are increasingly referred to with the term intranet. For more extensive coverage of the Internet, see Chapter 9, "Understanding the Internet."
There are many reasons why the use of TCP/IP is growing. During the last decade, many organizations implemented LANs in offices and sites throughout their facilities. Eventually, they desired to connect these LANs together into WANs. In addition, a growing number of organizations have started to view the WAN as a strategic resource, critical to the success of their efforts. To implement these views, they need a protocol capable of managing large numbers of systems in a routed, WAN environment. This is precisely what TCP/IP was designed to deliver.
TCP/IP is also the protocol used on the Internet and is therefore useful for those individuals and organizations who want to attach directly to the Internet, or access it through a service provider. Furthermore, it allows a high degree of interoperability between dissimilar systems, such as computers running Windows NT and UNIX operating systems. It also provides an environment that supports the development of powerful applications using feature-rich programmatic interfaces. For all these reasons, TCP/IP is a technology whose time has come.
The central capability provided by TCP/IP, as already mentioned, is a transmission facility - moving information from point A to point B. The transmission of information must be done in a manner that takes into account the involvement of both computers and humans. The computers must be able to send and receive information accurately and quickly, and their human operators must easily be able to specify what actions they desire and understand the results.
The fact that computers and humans require different naming schemes for the elements of a network is the source of much of the difficulty surrounding its operation. Computers need to have a unique address for each component on the network to accurately send information to just those components for which it was intended. Humans also need to be able to specify the computer they want to communicate with, and to name their own computer system so that they can describe it to other humans, especially if they are sharing information on the network. But the kind of name appropriate for computer use is much different from that suitable for humans.
This leads to one of the central problems that TCP/IP must solve - name and address resolution. Three types of names are designed for humans, and two addresses are designed primarily for computers and their operating systems and applications. Matching a name with its corresponding address is more difficult than it might at first appear. The types of names involved in a Windows NT network using TCP/IP are the following:
- Machine address. Also called hardware address, a guaranteed unique address that is "hard wired" or manufactured into a computer network product such as a network adapter for a personal computer. These addresses include a portion that is specific to a particular manufacturer so that two different manufacturers will never create the same address. Within their private address space, each manufacturer must be sure that they never create two devices with the same address. This is usually done by including a ROM chip or similar element with a unique identifier that becomes part of the address. Machine addresses are expressed as 12 hexadecimal digits (for example, 00 04 AC 26 5E 8E) often written with a space between each two digits for human readability.
- IP address. An address used by operating systems and networking software on TCP/IP networks. If you create a private network, you must make sure that no two devices have the same IP address. If you want to attach to the Internet, you must request part of the address space from InterNIC (Network Information Center) for use by your organization, and then manage that portion so that no two components use the same address.

You can contact InterNIC via e-mail at info@internic.net or by phone. In the USA call 1-800-444-4345. In Canada or elsewhere call 1-619-455-4600. From overseas, you may need to use a country code to access the USA when dialing.

IP addresses are written in a form known as dotted decimal notation. For example, 123.45.67.89 is a valid IP address. Each of the four parts is called an octet and can range from 1 to 254 (0 and 255 are generally reserved for special purposes). This address must be unique for each device on a given network. It is composed of two parts, the network ID and the host ID. The network ID, the first two octets, must be the same for all devices on a particular network segment or subnetwork, and different from all other subnetworks. The host ID, the last two octets, must be unique within a particular network ID.
- Host name. The "human compatible" name for a computer or device on a TCP/IP network. Also called an FQDN (Fully Qualified Domain Name) or simply a domain name when specified in full. A host name for a server might be dataserver, and its FQDN might be dataserver.company.com. Applications using host names are generally case sensitive. This name can be used instead of the IP address when entering many commands using TCP/IP-specific applications and utilities. It is not used when entering Windows-based Microsoft networking commands such as NET USE or NET VIEW, which require the use of a NetBIOS name, explained later in this list.

You can use the same name for your host name and NetBIOS name, which can eliminate confusion when entering commands. Each name still retains its own role, however, and the applications that use these names are each designed for a particular type of name (either NetBIOS or host name, but rarely both).

- Domain name. Another name for the host name. The last part of this hierarchical name (company.com for example), is referred to as a first-level (or top-level) name and is used to uniquely identify your organization to the Internet community. Often a request for a domain name in an application or operating system utility is referring only to the first-level name, not the FQDN.
- NetBIOS name. A name used for Microsoft networking commands, such as NET USE, and automatically used on your behalf when performing networking functions with Windows-based graphical utilities such as the File Manager or Windows 95's Network Neighborhood. A NetBIOS name can be 15 characters in length (for example, DATASERVER). Applications using NetBIOS names are not generally case sensitive.
During the execution of a network command, the application or operating system must eventually discover the machine address of the device(s) involved. Because the machine address is almost never entered into an application by users, some means of resolving the host name, NetBIOS name, or IP address to machine address must be used. A variety of mechanisms for this purpose have been developed, and they are discussed in this section.
Separate mechanisms exist for each type of name and sometimes more than one process may occur. For example, an application that knows the host name may first resolve this to an IP address and then to a machine address. The mechanisms for resolving each type are presented in the following list and discussed in more detail in the next section. Some of these mechanisms are based upon standards as defined in RFCs or other standards documents, and others are Microsoft-specific methods.
IP addresses are resolved to machine addresses using:
- Address Resolution Protocol (ARP), defined in RFC 826
- A search of the corresponding ARP cache in the computer's memory

There are other approaches to IP address resolution, but they are not implemented by Windows NT. The use of ARP is the most common method of IP address resolution.

Host names are resolved to IP addresses using the methods in the following list. If the computer is configured to use all methods, they will be tried in the order listed:
- HOSTS file
- Domain Name Server (DNS)
- Windows Internet Name Service (WINS)
- A local broadcast
- LMHOSTS file
NetBIOS names are resolved to IP addresses using the methods presented in the following list. If the computer is configured to use all methods, they will be tried in the order listed:
- A NetBIOS name cache in the computer's memory
- Windows Internet Name Service (WINS)
- A local broadcast
- LMHOSTS file
- HOSTS file
- Domain Name Server (DNS)
Name resolution mechanisms for host names and NetBIOS names are similar, but they are carried out in a different order. The mechanisms used can vary depending on how the computer is configured.
This section provides an overview of how the various name and address resolution mechanisms function. Some of these mechanisms include many options and implementation details. This overview presents only the most salient points to assist in a general understanding of the processes involved. Additional information is provided in volume 2 of the Windows NT Resource Kit, Windows NT Networking Guide.
The Address Resolution Protocol is part of the TCP/IP protocol suite. The exact details vary depending on whether the IP address is for a host on the local network or a remote host (on the other side of a router). Only the local case is described here. To resolve an IP address for a host on the same local network, the following steps are taken:
- The computer checks its own ARP cache, a list of IP addresses and corresponding hardware addresses that it dynamically manages in memory as it operates.
- If the address is not found in the ARP cache, an ARP request is broadcast on the local network (broadcasts are not generally forwarded through routers). This request includes its own hardware address and IP address, and the IP address that needs to be resolved.
- Each computer, or host, on the local network receives the ARP request. If the IP address does not match its own address, the request is discarded and ignored. If it does match, the host responds with an ARP reply directly (not broadcast) to the original host with its own hardware address. It also updates its own ARP cache with the hardware address of the original host.
- The original host receives the reply and updates its own ARP cache for future use. A communications link can now be established.
The Microsoft implementation of TCP/IP uses an enhanced version of the b-node (broadcast method) of NetBIOS name resolution described in RFC 1001/1002. Broadcasts are used only after first checking the NetBIOS name cache and attempting to contact a WINS server (see "Windows Internet Name Service (WINS)," later in the chapter) if configured for WINS. Broadcasts use an address that all computers on the local network segment will accept and evaluate. Three broadcasts are sent before the next mechanism is attempted.

The contents of the NetBIOS cache on a computer can be listed by typing the command:
nbtstat -c
Other uses for the nbtstat command are available by typing:
nbtstat -?

The LMHOSTS file is a text file that lists IP addresses and the corresponding NetBIOS name for remote hosts only (because active local hosts will be discovered by WINS or broadcast first). It is closely related to the HOSTS file described in the following section. The LMHOSTS file is located by default in the \systemroot\SYSTEM32\DRIVERS\ETC directory. It is specifically designed to resolve NetBIOS names and is consulted by traditional TCP/IP utilities (if they accept NetBIOS names) only after trying the NetBIOS name cache, WINS, and b-node broadcasts. The file is searched sequentially from top to bottom so that frequently used names (such as servers) should generally be listed near the top. By using the #INCLUDE directive in the file, you can load entries from a centralized copy of the LMHOSTS file from a server. A sample LMHOSTS file included with Windows NT Server provides examples of this, and other, directives and describes their usage. Additional information is provided in volume 2 of the Windows NT Resource Kit, Windows NT Networking Guide.

You can create entries with the #PRE directive in the LMHOSTS file and use the following command to manually preload these entries into your NetBIOS name cache, thereby avoiding the need to perform broadcasts (even without WINS):
nbtstat -R
Be sure that you have enabled LMHOSTS lookup in the TCP/IP configuration dialog box if you want to use this technique. See "Installing and Configuring TCP/IP for Windows NT Server" later in this chapter for more information.

The HOSTS file (see also "LMHOSTS File" in this section) is a text file that lists IP addresses and the corresponding host name. This file is located by default in the \systemroot\SYSTEM32\DRIVERS\ETC directory. It is designed to resolve TCP/IP host names and FQDNs and is the first mechanism consulted by traditional TCP/IP utilities. It is consulted by NetBIOS-based utilities only after trying the NetBIOS name cache, WINS, b-node broadcasts, and the LMHOSTS file. The HOSTS file is search sequentially from top to bottom so that frequently used names (such as servers) should generally be listed near the top. The HOSTS file must be located on the local computer.
Domain Name Service is an IP address resolution method frequently used on UNIX systems. One or more DNS servers are implemented and can then be consulted to resolve names not listed in the local HOSTS (or LMHOSTS) file. Windows NT can be configured to use DNS. Microsoft may include a DNS in a future release of Windows NT Server. Configuring Windows NT to use DNS for name resolution is described in the section "Installing and Configuring TCP/IP for Windows NT Server" later in this chapter.
DHCP is a protocol that allows IP addresses to be automatically assigned from a pool of available IP addresses centrally stored and managed on one or more servers. In addition, other TCP/IP related information such as the subnet mask and default gateway can also be retrieved. DHCP servers do not share information with other DHCP servers or with DNS servers. The IP address pool managed by a DHCP server must be entirely owned by that server. No other server or individual should be able to assign an address from that pool.
DHCP is defined in RFCs 1533, 1534, 1541, and 1542. It is an extension to, and builds upon, the BOOTP protocol defined in RFC 951, which automatically assigns IP addresses to diskless workstations. Microsoft has designed a server-based service, an administration utility, and client software that implement the DHCP protocol. The installation and configuration of DHCP on Windows NT Server is covered in detail later in this chapter in the section "Implementing Dynamic Host Configuration Protocol (DHCP)."
WINS is a NetBIOS Name Server (NBNS) implemented as a Windows NT service. Also included with Windows NT Server are an administration utility and client software. It can be used with or without DHCP to register NetBIOS names and resolve them to IP addresses without using b-node broadcasts, which can be problematic in large networks. Name resolution requests are resolved using directed datagrams (network packets) that are routable.
WINS is a dynamic name service that tracks network names as users start and stop client workstations. Multiple WINS servers can be configured to provide redundancy and to improve name resolution performance. Changes to the names database on one WINS server are replicated to other WINS servers set up as Push or Pull partners. The installation and configuration of WINS on Windows NT Server is covered in detail later in this chapter in the section "Implementing Windows Internet Name Service (WINS)."
Now that you have had a brief overview of TCP/IP and some of its elements, you are ready to learn how to install TCP/IP on Windows NT Server.
This section teaches you how to install TCP/IP on a Windows NT Server computer. You learn how to install the protocol suite and all the options offered by Microsoft. A variety of client-based utilities for the TCP/IP suite are included in Microsoft's implementation, including connectivity utilities like finger, lpr, rcp, rexec, rsh, telnet, and tftp.
Both client and server support is provided for ftp (file transfer protocol). These utilities allow a Windows NT server or Windows NT workstation to interact with UNIX workstations and other platforms supporting TCP/IP. Notably missing from the connectivity utilities is support for nfs, the network file system, but this is available from at least three third-party software companies for the Windows NT platform. Microsoft has suggested it may include nfs in a future release of Windows NT Server. A number of diagnostic utilities are also offered including arp, hostname, ipconfig, lpq, nbtstat, netstat, ping, route, and tracert. An SNMP agent, implemented as a Windows NT service, allows a remote network management console such as Sun Net Manager or HP Open View.
TCP/IP can be installed during the original setup of Windows NT Server, or it can be added at a later time using the Network icon in the Control Panel. In this section, you learn how to add TCP/IP to an existing Windows NT Server installation. Adding it during the initial setup is an almost identical process, so the following steps should still be helpful. You simply follow these instructions when you get to the network portion of SETUP.
To install TCP/IP and related services, follow these steps:
- Double-click the Network icon in the Control Panel.
- Click the Add Software button to display the Add Network Software dialog box. Select TCP/IP Protocol and related components in the Network Software drop-down list box. Click Continue. The Windows NT TCP/IP Installation Options dialog box appears (see fig. 8.1).
Fig. 8.1 - This dialog box is used to select the options you want to install with TCP/IP on your Windows NT Server. Previously installed options appear dimmed.
- Previously installed options appear dimmed, indicating that they cannot be installed again. Check the options you want to install. Consult the hint bar at the bottom of the dialog box for more information about the currently selected option. Click Help for information describing all options in more detail. Click Continue when you are satisfied with your selections.
- A dialog box requesting the full path to the distribution files appears. Enter the location using a drive letter or Universal Naming Convention (UNC) name of a shared network resource (such as a CD drive), and click Continue. Clearly the UNC name option is only feasible if you have another network transport protocol already installed and operational.
- If you selected SNMP Service or FTP Server Service, you will be prompted to configure them. These services are not covered in this book, but on-line Help is available for both of them. If you are using the FTP Server service, a warning about its dependence on passing cleartext (unencrypted) passwords over the network appears. This undesirable trait can be mitigated by accepting only anonymous connections (see the following Note). When you return to the Network Settings dialog box, choose OK. Windows NT analyzes the protocols you have selected and presents configuration dialog boxes for them. The TCP/IP Configuration dialog box appears (see fig. 8.2).

Using anonymous connections to FTP servers is a better alternative than sending cleartext passwords over unsecured lines. By convention, a user logs on with the user ID "anonymous" and uses his or her actual e-mail alias (for example, johndoe@company.com) as the password. This avoids sending sensitive information over the network and offers the administrator of the FTP server the opportunity to log who is connecting as an aid to problem solving and control.

Fig. 8.2 - The TCP/IP Configuration dialog box is used to enter your IP address, subnet mask, default gateway, and WINS server address(es). You can also click buttons to configure the use of DNS and Advanced TCP/IP parameters.
- Enter your TCP/IP address. If this is a server, you should manually configure the IP address and enter a static mapping for this computer into the WINS database, as described later in the chapter in "Implementing Windows Internet Name Service (WINS)." If it is a workstation, you can select the option to Enable Automatic DHCP Configuration after you have implemented your DHCP server. The appropriate subnet mask for your IP address will be automatically calculated unless you are using custom subnet masks to implement subnetting.

If you are unsure what IP address to use, check with the person in your organization who is responsible for managing IP addresses before finishing this process. If you are the person responsible and you are still unsure, review the earlier section titled "IP Addresses, Host Names, Domain Names, and NetBIOS Names" for guidance and spend some time planning your IP addressing scheme. It is very important that two computers do not both have the same IP address!


Subnetting is a technique used in very large networks to limit the scope of broadcasts and improve network throughput. Setting up subnets is beyond the scope of this book and is not covered in the Windows NT Server manuals. Consult a local expert or a TCP/IP reference book for more information on this topic.

- The default gateway is the IP address of the router that connects your LAN segment to the rest of your organization's LAN or to an Internet service provider. If you have implemented a WINS server, enter its address in the Primary WINS Server box.
- Enter the address of your Secondary WINS Server if you have one. Click the DNS button. The DNS Configuration dialog box appears (see fig. 8.3).
Fig. 8.3 - This dialog box is used to configure the use of one or more DNS servers to resolve host names (and NetBIOS names) to IP addresses. The use of DNS is optional on Windows NT and is usually implemented on UNIX computers.
- If your organization has one or more DNS servers, or if it uses DNS provided by your Internet service provider, enter the IP addresses of the DNS servers in this dialog box. Use the arrow buttons to reorder the addresses if necessary. The servers will be searched in the order listed from the top down.
- Click OK to return to the TCP/IP Configuration dialog box. Click Advanced, and the Advanced Microsoft TCP/IP Configuration dialog box appears (see fig. 8.4).
Fig. 8.4 - This dialog box summarizes the entries you have already made and allows you to make additional configuration entries. If this computer will be "multihomed," you can enter one or more additional IP addresses in this dialog box. You can also enable the use of DNS and LMHOSTS.
- The address entries you have already made are reflected in this dialog box. You can use check boxes to enable DNS and LMHOSTS file usage. You can also create a multihomed computer if your system has multiple network adapters on separate physical networks. You should assign a separate IP address to each adapter. Click OK to return to the TCP/IP Configuration dialog box.
- Click OK again to record your entries and complete the process. You are prompted to restart your computer. Click Restart.
- When your computer finishes rebooting, you will be ready to use TCP/IP applications and diagnostic utilities and to configure advanced TCP/IP services such as DHCP and WINS. Open a command prompt and enter ipconfig /all to verify your status. See "Testing DHCP Clients" later in this chapter for more information.
Now that you have learned some of the background information about TCP/IP and how to install and configure it on your computer, you are ready to learn about two additional services that can facilitate the management of IP addresses (DHCP) and NetBIOS name resolution (WINS).
In this section, you learn how to configure a DHCP Server. You learn the process of defining a scope, configuring client reservations, configuring DHCP clients, testing clients, viewing and managing DHCP client leases, and maintaining your DHCP database. A DHCP scope is a pool of available IP addresses and (optionally) additional addressing information for various shared devices or services. As a DHCP client computer connects to the network, a unique IP address will be assigned and, with the addresses of other shared resources (for example, servers), can be transmitted to the client computer.
The IP address is said to be "leased" to the client computer because it may be returned to the pool of available addresses and used by another client at a later time. You can define global options that will apply to all scopes defined on a DHCP server. You can also define options that apply to only one scope.
You need several pieces of information before you can complete the configuration of DHCP. They are listed here for your convenience. If you are unsure of the answers to some of the questions, read this entire section for additional background on the operation of DHCP and how it is configured. If you are still not clear, remember that you can update the DHCP scope at a later time and force clients to renew their leases, which automatically updates them with new information. These are the questions you must answer before configuring DHCP:
- Will all the computers on your network be DHCP clients? If not, you must be sure to exclude the addresses from the pool of available addresses. In general, servers, routers, and other similar devices should be configured with static IP addresses.
- What information, in addition to the IP address, do you want to automatically configure? A default gateway? WINS Server? DNS Server?
- What options can be configured for all clients on the network? What options are shared by all clients on a particular subnet? Are there any options that are unique for specific clients?
- How many DHCP servers will you need? If your network consists of multiple physical subnets connected by routers, your routers must act as BOOTP Relay Agents as specified in RFC 1542, or you must put a DHCP server on each subnet with DHCP clients. If your router does not support RFC 1542 (as many older routers do not), you may be able to upgrade it to add such support without having to replace the router.
- What range of addresses, and other information, should be included in the scope defined on each DHCP server? Should any servers have multiple scopes defined? Remember, DHCP servers do not share information with other DHCP servers or DNS servers. Each must have its own set of addresses to offer to the clients it will service. Additional information on defining a scope is provided in the section called "Creating a DHCP Scope" later in this chapter.
DHCP offers several advantages over the manual configuration of TCP/IP addresses:
- Users are not required to enter an IP address, subnet mask, or any other addressing information. Therefore, they are much less likely to enter a random address or copy an address from a colleague's computer reasoning that if it is working, an identical configuration will work on their own computer.
- The process of manually entering an IP address, subnet mask, and other configuration information is prone to error, even with an educated user population that is cooperating fully with the process. There are too many numbers and settings to expect a large group of users to set them without error. When users change computers or locations, the settings need to be redone.
- A fair amount of administrative overhead is associated with managing the list of valid IP addresses, even with a DNS. It is also a process that is inherently difficult to divide among several individuals unless they are all knowledgeable about the technology and cooperate fully with one another.
- DHCP allows users to configure their own computer without having to contact an administrator to get a valid IP address. This eliminates errors, delays, and frustration.
- When users move their computer to a new location, or travel with a laptop containing a PCMCIA Ethernet adapter or similar device, they will automatically receive a valid address for the new location when they start their computer.
An overview of the DHCP lease address process may help you to administer the process more effectively. The first step is to configure a DHCP server, as described in the next section. After the server is operational, the basic steps involved in a DHCP client lease are as follows:
- A client computer starts and initializes a limited version of TCP/IP. Then it broadcasts a request for an IP address. The request contains the computer's hardware address and computer name so that DHCP servers know who sent the request.
- All DHCP servers that have an available lease that is valid for the client send a response using a broadcast message (because the client does not have an IP address yet). The message includes the client's hardware address, the IP address being offered, the subnet mask, the duration of the lease, and the IP address of the server making the offer. The server must reserve the address in case the offer is accepted.
- The client accepts the first offer it receives. It broadcasts its acceptance to all DHCP servers with a message including the IP address of the server whose offer was accepted. Other servers release the temporary reservation on their offered addresses.
- The server with the selected address sends an acknowledgment message with the IP address, subnet mask, and possibly other information defined in the scope as described in the next section. The client receives the acknowledgment and initializes a full version of TCP/IP, and can communicate with other hosts on the LAN or WAN.
A DHCP server is configured using the DHCP Manager utility. This is located in the Network Administration program group. The DHCP service is started, stopped, paused, and continued like all services - using the Services icon in the Control Panel or using the Windows NT Server Manager. Make sure that the service, formally named the Microsoft DHCP Server, is started.
The rest of this section describes the procedures you use to define a DHCP scope, set various options, and configure and test DHCP client workstations. You also learn how to reserve certain addresses that are manually assigned (for example, for servers and routers) so that they will be excluded from the pool of available addresses managed by the DHCP service.
See "A Flexible Set of Services," (Chapter 2)
To create a DHCP scope, follow these steps:
- Start the DHCP Manager.
- Choose Scope, Create from the menu. The Create Scope dialog box appears. Figure 8.5 depicts a completed scope.
Fig. 8.5 - This dialog box is used to create a scope containing an IP Address pool, excluded ranges, and optional characteristics for the scope.
- Enter the range of IP addresses that will be included in this scope. It is usually a good idea to include the full list of addresses used on this network or subnet and then to explicitly exclude those addresses managed by a DNS or other DHCP server. You may also want to set aside a range of addresses for servers, routers, or other network devices so that you can establish addressing conventions that make it easier to identify shared devices by their IP addresses. For example, within a given scope you might set aside host IDs from .1 to .20 for servers and .250 to .254 for routers and hubs even if they aren't all needed at this time.
- Enter a subnet mask. If you are not subnetting, this will be determined by the class of your IP address. For example, 255.255.255.0 would be used for class C addresses suitable for small networks with few (less than 255) hosts. If you are subnetting, consult a local TCP/IP expert or a TCP/IP reference book for information on calculating a subnet mask based on the number of subnets you need. The example configuration shown in figures 8.5 through 8.11 uses the third octet to subnet class B addresses into 14 subnets.
- Enter a name for the pool and include a descriptive comment if you want. Set the lease duration based on the volatility of your host population. For example, if you have a very stable network, set a long duration. If you have a small range of addresses that must be shared by an ever-changing group of traveling laptop users, set a short duration.
- Click OK. A dialog box informs you that the scope has been defined but not activated. You can activate it now or wait and activate it later by highlighting the scope and choosing Scope, Activate from the menu.
Another scope is shown in figure 8.6. This scope would compliment the scope shown in figure 8.5 on a network with two subnets. A DHCP server would be implemented on each subnet. Each DHCP server can back up the other with a range of addresses from the other scope. This design assumes that the two subnets are connected with routers that support RFC 1542 and can act as BOOTP Relay Agents. This is necessary for clients on one subnet to receive a leased IP address from the DHCP server on the other side of a router (on the other subnet) if its main DHCP server is down.
Fig. 8.6 - This figure depicts another scope that would compliment the scope shown in figure 8.5 for a small network involving two subnets.
To set options that will be provided to all clients from all scopes as they receive an IP address lease, follow these steps:
- Start the DHCP Manager.
- Choose DHCP Options, Global from the menu. The DHCP Options: Global dialog box appears (see fig. 8.7).
Fig. 8.7 - This dialog box is used to configure options that will apply to all scopes managed by this DHCP server.
- Select an option from the list of Unused Options. Click Add to move it to the Active Options list box.
- Select the option in the Active Options box and click Value. Then click Edit Array. The IP Address Array Editor appears (see fig. 8.8).
Fig. 8.8 - This dialog box allows you to specify the addresses of specific optional elements that will be part of this definition. In this case, the addresses listed are for DNS servers defined for all scopes (global).
- Enter the addresses of elements that correspond to the option listed in the General Information box. Click Add.
- Use the arrows to order the entries from the top down in the order you would like them to be used (not all options will be consulted in this order, depending on the nature of the option used). Click OK to return to the global options dialog box.
- When you have set all the options that apply globally to all scopes, click OK. Options that are good candidates for global definition are DNS servers and WINS servers because these can be accessed across routers and would therefore be available to multiple subnets.
To set options that will be provided to clients from a particular scope as they receive an IP address lease, follow these steps:
- Start the DHCP Manager.
- Highlight the scope for which you want to set options. Choose DHCP Options, Scope from the menu. The DHCP Options: Scope dialog box appears (see fig. 8.9).
Fig. 8.9 - This dialog box is used to configure options that will apply to only one scope.
- Select an option from the list of Unused Options. Click Add to move it to the Active Options list box.
- Select the option in the Active Options box and click Value. Then click Edit Array. The IP Address Array Editor appears.
- Enter the addresses of elements that correspond to the option listed in the General Information box. Click Add.
- Use the arrows to order the entries from the top down in the order you would like them to be used. Click OK to return to the scope options dialog box.
- When you have set all the options that apply to this scope, click OK. An option that is a good candidate for scope-specific definition is the address of the default gateway because many subnets have only one router that is used to connect to the rest of the network.
There are occasions when a client computer must always have the same IP address. This can occur based on the needs of a particular application. In addition, if you are using a client workstation as a peer server, and sharing resources with many other clients, it may be useful to reserve its address so that it will not change, much as server addresses are best not to change. To reserve an IP address for a particular client, follow these steps:
- Start the DHCP Manager.
- You can view any current reservations by choosing Scope, Active Leases from the menu.
- To enter a new reservation, choose Scope, Add Reservations from the menu. The Add Reserved Clients dialog box appears (see fig. 8.10).
Fig. 8.10 - The Add Reserved Clients dialog box is used to reserve a particular IP address for a specific computer so that its IP address will never change.
- The IP address will already be partially filled in based on the scope you are using. You may want to change part of the address if you are subnetting. Enter the remainder of the host ID to complete the address.
- In the Unique Identifier box, enter the hardware address of the network adapter in the computer for which you are creating the reservation.

The hardware address for a Windows NT computer can be found by running WINMSD.EXE and clicking the Network button. It can also be discovered on most Windows clients (including Windows NT) by typing NET CONFIG WKSTA at a command prompt.

- Enter a client name for this computer. Usually this is the NetBIOS name for the computer, although you can enter anything here without affecting the operation of the lease or the computer in question.
- Enter a comment, if you want, describing the client computer. Click OK to define the reservation.
You configure clients to use DHCP by clicking the Enable Automatic DHCP Configuration check box in the TCP/IP Configuration dialog box. This is accessed by using the Network icon on the Control Panel. Run Network Setup on Windows for Workgroups clients. All other settings can be received from the DHCP server if they are defined in the scope used by this client. Any entries made for other parameters, the default gateway for example, will take precedence over values received from the DHCP server.
In this section, you learn how to use the IPCONFIG diagnostic utility to report the status of your current network configuration. You will be able to view the IP address you have leased from a DHCP server and other information passed to your computer from the defined scope. To verify the operation of DHCP, you will view your current address, release it, and then renew a lease. This operation is only for testing or other diagnostic and troubleshooting use. These commands are not required by typical users in the normal course of computer operations.
To test the operation of a DHCP client, follow these steps:
- Start the client computer and log on to the network. If you cannot even complete this task, you will need to reconfigure your client software. Be sure that you have loaded the correct version of TCP/IP, especially for older Windows for Workgroups clients.
- Open a command prompt. Type the following command:
- IPCONFIG /all
- This displays a full listing of your IP address and all options that were defined globally, for your scope, or for your individual client workstation.
- If options have been defined for DNS servers, WINS servers, a default gateway, and so on, try using the PING command with their addresses. This will "bounce" a test packet off the other machine and return it to your computer to test basic network connectivity. For example, using the address of a WINS server defined in the examples used for the figures, you would enter:
- PING 182.111.200.3
- You should receive a series of replies with the time it took to make the trip to the remote host and back. PING other devices configured for your scope or globally on your network.
- Enter the following command to release your IP address:
- IPCONFIG /release
- 5. Then reenter the command:
- IPCONFIG /all
- 6. You will no longer have an IP address, and cannot communicate with other hosts on the network. Now enter:
- IPCONFIG /renew
- This renews your lease, probably with the same address (unless another host happened to lease it while it wasn't being used). Check the information you received from the DHCP server using the /all option with IPCONFIG again.
- This simple series of commands confirms the proper operation of your DHCP client.
To view the current status of the leases and reservations supplied by a DHCP server, follow these steps:
- Start the DHCP Manager.
- Highlight a scope in the left pane of the window and choose Scope, Active Leases from the menu. The Active Leases dialog box appears (see fig. 8.11).
Fig. 8.11 - This dialog box displays active leases and reservations for a defined scope.
- You can use the option buttons to sort the listing by name or by IP address. Using the check box, you can show only reservations (without leases). In addition, you can highlight any of the listed leases or reservations and click the Properties button for additional information.
- You can also use the Reconcile button to validate the listing. This should be done after the DHCP database is restored from a backup copy, or after a system crash.
At periodic intervals, the DHCP database may need to be compacted using a utility provided for that purpose named JETPACK.EXE. This utility reclaims wasted space in the database left by the process of entries being added and deleted. For large networks, this should be performed approximately once a week. For smaller networks, once a month is appropriate. See "Restoring the DHCP Database," in the Windows NT Server TCP/IP manual for information on restoring a corrupted DHCP database.
To use JETPACK to compact the DHCP database, follow these steps:
- You must stop the Microsoft DHCP Server service before this operation can be performed. Therefore, this operation is best done during off-peak times. Use the Services icon in the Control Panel or the Windows NT Server Manager to stop the service. You can also use the command:
net stop dhcpserver
- Open a command prompt and change to the \systemroot\SYSTEM32\DHCP directory. Make a backup copy of the database, just in case its needed:
copy dhcp.mdb dhcp.bak
- Use JETPACK to compact the DHCP database creating a new temporary file that will replace the existing database:
jetpack dhcp.mdb temp.mdb
- Delete the existing database (remember, you have a backup copy):
del dhcp.mdb
- Rename the compacted temporary database as the in-use database:
ren temp.mdb dhcp.mdb
- Restart the service:
net start dhcpserver
WINS is Microsoft's implementation of a NetBIOS Name Server (NBNS). It is implemented as a Windows NT Server service, with an administrative utility program called the WINS Manager and appropriate client software. WINS registers the NetBIOS names used by computers, both clients and servers, as they start. When a Microsoft networking command, such as NET USE, initiates a networking operation using the Windows interface, the subsequent need to resolve a NetBIOS name to complete the command will be handled by WINS. TCP/IP host names can also be resolved by WINS, after the local HOSTS file has been checked, and the DNS (if any) has been consulted.
The primary advantage of WINS is that it dramatically reduces the amount of broadcast traffic on the network. Because name resolution with WINS is handled by direct communication between WINS servers and clients, broadcast name registration requests and name query requests are therefore minimized. You do not need to configure all clients to use WINS - you can operate a mixed environment. WINS resolves names from clients across routers and can therefore support multiple subnets. If a WINS server is not available, the design of the system still allows clients to use broadcasts so that they are not disabled when the WINS server(s) is down. WINS servers can replicate the names in their databases to other WINS servers so that a single, dynamic names database is represented and managed across the enterprise network.
To use WINS, you must configure a WINS server and start the service, whose formal name is listed in the Services dialog box simply as Windows Internet Name Service. The steps involved in configuring a WINS server are covered in the next section. Once you have set up one or more WINS servers, and WINS enabled clients, the process of registering and resolving names involves a number of distinct processes that are carried out in a natural order.
The steps involved in WINS name registration are as follows:
- A WINS client is configured with the address of the primary, and an optional secondary, WINS server. This can be directly configured on the client, or received with an IP address as one of the optional DHCP parameters passed from a DHCP server. As the client starts, it sends its NetBIOS name directly to the WINS server in a name registration request.
- If the WINS server is available and the name is not already registered to another client, the registration is successful, and a message is returned to the client with a positive registration and the amount of time for which the name is registered known as the Time To Live (TTL).
- If a duplicate name is found, the server sends a name challenge to the currently registered client. If the client responds and affirms that it is using the name, the new registration is denied by sending a message to the requesting client. If the currently registered client does not respond to three queries, the name will be released and registered to the new client.
- If the primary WINS server cannot be found after three attempts by the client using ARP, an attempt will be made to find the secondary WINS server (if the client has been configured for a secondary WINS server). If it also cannot be found with three ARP requests, the client resorts to a standard b-node broadcast to register its name with the local subnet.
A WINS client, by default, will use the h-node (hybrid) implementation of NetBIOS over TCP/IP. The steps involved in WINS name resolution are as follows:
- When a command is entered, or implicitly specified by actions in the Windows interface, a name resolution is required. The NetBIOS name cache is checked first to see if the NetBIOS name mapping to an IP address is available.
- If the mapping is not in the NetBIOS name cache, a name resolution query is sent directly to the primary WINS server. If no response is returned, the request is sent three times.
- If the primary WINS server does not respond, the secondary WINS server (if configured) is tried, again as many as three times. If either the primary or secondary WINS server receives the request, it looks up the name in its database and sends the IP address back to the client, or replies with a "Requested name does not exist" message if it is not listed in the database.
- If the name cannot be resolved by a WINS server, either because the server is unavailable or because the name is not in the database, a b-node name resolution query is broadcast up to three times.
- If the name is still not resolved, the LMHOSTS file (if configured) and the HOSTS file are searched.
- If the name is not in either LMHOSTS or HOSTS, the DNS (if configured) is consulted.

An entirely different order is used to resolve host names used in traditional TCP/IP utilities. See "The Problem: Resolving Names and Addresses" earlier in this chapter.

A single WINS server can resolve names for an entire WAN because the requests are sent as directed datagrams and can be routed. A secondary WINS server provides redundancy and fault tolerance. Additional WINS servers can be provided based on the number of client requests received and performance considerations in large network environments. A rough rule of thumb is that a typical WINS server can handle as many as 1,200 name registrations and 700 name queries per minute. A pair of WINS servers should be able to handle as many as 8,000 WINS clients under typical network conditions. If you implement servers with two or more processors, a pair of WINS servers should handle more than 12,000 clients.
WINS servers do not need to be domain controllers as well. They should be configured with a static IP address, subnet mask, default gateway address, and other TCP/IP options. The use of DHCP assigned options is possible, but not recommended.
To configure the basic operation of your WINS server, follow these steps:
- Start the WINS Manager.
- Choose Server, Configuration from the menu. The WINS Server Configuration dialog box is displayed (see fig. 8.12).
Fig. 8.12 - This dialog box is used to enter or modify the basic values controlling the behavior of the WINS server.
- The WINS Server Configuration box contains settings for time periods that control the basic behavior of the server - for how long a name is registered and how often a client must reregister its name. For many installations the default values are appropriate. Additional information on these settings is available by using the Help button. Click OK after making any adjustments.
- Choose Options, Preferences from the menu. The Preferences dialog box appears (see fig. 8.13).
Fig. 8.13 - The Preferences dialog box allows you to control the refresh rate of the Statistics display in the right pane of the window and the format of the address display in the left pane.
- Settings you make in the Preferences dialog box control the address display and refresh rate of the statistics display. Make any changes you want to configure the display to suit your needs. Click OK.
If you have non-WINS clients on your network, you may want to enter static mappings for these computers, especially if they are involved in resource sharing as is possible with Windows for Workgroups, Windows 95, and Windows NT Workstation. If another computer attempts to use a shared resource on one of these devices, the WINS server can still provide name resolution, even though the original (non-WINS) computer did not register its name. By entering a static mapping, the non-WINS client appears in the WINS database anyway.
To enter a static mapping, follow these steps:
- Start the WINS Manager.
- Choose Mappings, Static Mappings from the Mappings menu. Click the Add Mappings button. The Add Static Mappings dialog box appears (see fig. 8.14).
Fig. 8.14 - The Add Static Mappings dialog box is used to map the NetBIOS name of a non-WINS client to an IP address for inclusion in the WINS database.
- Enter the name and IP address you want to register. For normal client workstations, click the Unique option button. Click the Close button to return to the Static Mappings dialog box (see fig. 8.15). Click Close to close the dialog box.
Fig. 8.15 - The Static Mappings dialog box displays the static mappings defined on this WINS server. Most often they correspond to non-WINS clients.
WINS clients are configured by simply entering the address of a primary WINS server, and optionally of a secondary WINS server, into the client's configuration. This can be done manually, using the Network icon on the Control Panel (run Network Setup for Windows for Workgroups clients), or you can automatically configure WINS addresses using DHCP. If you are using DHCP, you can manually configure individual clients, and those settings will take precedence over the DHCP settings. If you use DHCP to configure WINS addresses, you must also configure clients using option 046 WINS/NBT Node type or it will not work. A message box prompts you to do so if you forget. Set this option to 0x8 (h-node or hybrid).
To view the NetBIOS name/IP address mappings currently registered on a WINS server, follow these steps:
- Start the WINS Manager.
- Choose Mappings, Show Database from the menu. The Show Database dialog box appears (see fig. 8.16).
Fig. 8.16 - This window shows the WINS database and its NetBIOS name to IP address mappings.
- Click the option button in the Sort Order box that corresponds to the order you prefer. In the Owner box, you can select an option button to display all mappings or only those for the server selected in the Select Owner box, if you have multiple WINS servers defined. You can also use the Set Filter button to enter name or IP address criteria using the asterisk (*) as a wildcard character. This displays only matching entries and can be useful for finding a particular entry in a large list.
WINS servers can replicate their mappings database to other WINS servers. When you configure a WINS server to replicate with another server, you can configure the server as a push partner with the other server, a pull partner, or both. Designating a WINS server as a push partner causes the server to send messages to its partner(s) when its WINS database has received a specified number of changes. When the partner(s) responds, only the changes to the database will be replicated to the other server(s).
Configuring a server as a pull partner gives you the option to specify a time when requests should be made from its partner. This is the recommended way to provide replication of a WINS database over slow links because you can schedule the transfer for off-peak time periods. For example, two servers on either side of a slow link can each be configured to pull from the other server at different times during the night. A server can be configured to act in both roles with one or more other WINS servers.
To configure a push or pull partner, follow these steps:
- Start the WINS Manager.
- Choose Server, Replication Partners from the menu. The Replication Partners dialog box appears (see fig. 8.17).
Fig. 8.17 - The Replication Partners dialog box is used to configure push and pull replication partners for replication of NetBIOS name/IP address mapping database entries.
- Click Add. Enter the name of the server you want to replicate to or from in the Add WINS Server dialog box. Click OK. The WINS Manager will try to locate the server on the network. If it is found, the name and IP address of the server are added to the WINS Server list. If it cannot be found, you will be asked to enter the IP address of the server in the Validate WINS Server dialog box. Click OK.
- Highlight the new server, or another server in the list, and make a selection in the Replication Options box. The example here will configure both options, but you may want to choose only one. Click the Push Partner check box and then click Configure. The Push Partner Properties dialog box appears (see fig. 8.18).
Fig. 8.18 - The Push Partner Properties dialog box is used to configure the replication of changes between the local server and the push partner highlighted in the WINS Server list.
- Enter the number of changes that can be made to the local database before the changes will be pushed to the replication partner. The smallest number you can enter is 20. Click OK.
- Click the Pull Partner check box and then click Configure. The Pull Partner Properties dialog box appears (see fig. 8.19).
Fig. 8.19 - The Pull Partner Properties dialog box is used to configure the replication of changes between the local server and the pull partner highlighted in the WINS Servers list.
- Click OK. Check marks will appear in the Push and Pull columns to indicate which relationships have been established.
The JETPACK utility used to compact the DHCP database can be used to compact the WINS database as well. It is recommended that you compact the database if it grows to a size of more than 30M. This maintenance on the WINS database is required for the same reasons you must maintain the DHCP database. See the section "Maintaining the DHCP Database" earlier in the chapter for more information. Also, see "Restoring the WINS Database," in the Windows NT Server TCP/IP manual for information on restoring a corrupted WINS database.
To use JETPACK to compact the WINS database, follow these steps:
- You must stop the Microsoft WINS Server service before this operation can be performed. Therefore, this operation is best done during off-peak times. Use the Services icon in the Control Panel or the Windows NT Server Manager to stop the service. You can also use the command:
net stop wins
- Open a command prompt and change to the \systemroot\SYSTEM32\WINS directory. Make a backup copy of the database, just in case its needed:
copy wins.mdb wins.bak
- Use JETPACK to compact the DHCP database creating a new temporary file that will replace the existing database:
jetpack wins.mdb temp.mdb
- Delete the existing database (remember, you have a backup copy):
del wins.mdb
- Rename the compacted temporary database as the in-use database:
ren temp.mdb wins.mdb
- Restart the service:
net start wins
From Here...
In this chapter, you received a tutorial overview of TCP/IP and related technologies, including why they are important and how they operate. You learned how to install, configure, and use TCP/IP and related services. You also learned how to use DHCP and WINS to dynamically assign IP addresses and manage NetBIOS names.
- For information on the Internet, see Chapter 9, "Understanding the Internet."
- For information on gaining access to the Internet and preparing to participate in the Internet community, see Chapter 10, "Preparing for Internet Information Server."
- For information on the setting up a server on the Internet, including a World Wide Web server, see Chapter 11, "Implementing Internet Information Server."
- For information on the e-mail and groupware component of BackOffice, Exchange Server, see Chapter 12, "Understanding Exchange Server."
- For information on the database component of BackOffice, SQL Server, see Chapter 17, "Understanding SQL Server."
 Table of Contents
07 - Implementing the Remote Access Service (RAS)
09 - Understanding the Internet
|