Category: 291

Common ports for the 70-291 exam

Hi all though I would do a quick post about common ports for the 291 exams, these ones would be very useful to memorize in case questions come up about them in the exam, (ip filtering etc I suppose may ask about them).

So here’s a small list of ports, I’m sure I will add to them as I read through my books, All ports are TCP unless otherwise specified.

FTP 20 and 21
HTTP 80
HTTPS 443
DNS UDP 53
SMTP 25
POP3 110
PPTP 1723
L2TP UDP 500 + 1701 + 4500

As you can see a lot of these ports you should already know from previous ms exams (client ones) so there’s not much else to memorize. But this may be a good starting point.

I would highly recommend creating your own list and printing them out and sticking them up in your office prior to taking the exam as it’s a great way of memorizing them (I used to do the same with min and recommended sys specs for the client and server exams).

TTFN

Aging and Scavenging

Hi all,

I’ve just written up a quick tutorial on aging and scavenging, its only really a scrappy quick one but as usual please feel free to download it, and tell me what you think.

LINK

Secure Dynamic DNS updates

So reading a bit more about DNS I’d thought I’d write a little about the secure DNS update feature.

When the Zone properties of an Active Directory Integrated zone is modified to allow secure updates Kerberos is used.
Things to keep in mind is that legacy clients cannot perform dynamic updates (think pre windows 2000 systems) in which case the dhcp server can be configured to update the dns records for the legacy client.

Good things about secure updates.

Because it uses the Kerberos protocol you can be sure that the client has authenticated to the domain and has a valid computer account (have a look at my Kerberos tutorial for more info).

So that’s the good stuff, now consider that because Kerberos is used to authenticate the client. Consider a win98 box. This cannot perform dynamic updates of any kind so a DHCP server can register the DNS records for it (if configured to do so). Because Kerberos is used to authenticate the originating client the DHCP server then becomes the owner of that record. Now a slight issue arises from a good idea. Owners of a record are the only clients that can update the resource record in DNS (from an automagical system point of view).

Now consider that the Windows 98 box is upgraded to windows XP (unlikely I know because of the probable age of the hardware but still worth knowing for the exam). Now the upgraded Windows XP box can perform its own dynamic updates. So XP boots and attempts to update its DNS record and….. its fails. Because the “OWNER” of the DNS record is the DHCP server that used to handle updates for it when it was a windows 98 OS. In that instance someone would have to manually delete the record and either recreate it correctly or reboot/renew etc the client pc so it attempts to update DNS again.

This can be resolved by adding systems to a group called DNSUpdateProxy, which stops the owner information being sent when the client/dhcp server attempts to perform a DNS update.

Also worth a thought is what happens if you have a network with one DHCP server/200 win XP boxes and 50 win 98 boxes. Friday evening (it always happens on a Friday) your dhcp server explodes magnificently, and you receive a phone call just after you’ve popped the lid on your favourite beer.
So you drag yourself back to work commission another server as a dhcp server reconfigure the scopes and then go home for whats left of your weekend.

Eventually you will notice that all of the win 98 boxes are not getting their records updated because all those records were owned by the DHCP server which is now being used as your deskside cupholder. So you will have to manually delete all those DNS records and get the DHCP server to attempt to re-register the DNS records for the clients. This can be avoided if you use the DNSUpdateProxy group. Because DNS will not know who the owner of the record was only that it was authenticated by Kerberos.

DNS basics

Hi all, This post is just a quickie about the locations that you can use to store your DNS zone data, both standard and active directory integrated.

Standard Zones

 

Standard zones have all their information stored in text files on a DNS server. With standard zones you can only one primary copy of the database. Standard zones are also prone to failure as if the server hosting the primary zone fails then no updates/additions can be made to the zones which in a large domain/network with ddns enabled can quickly become a problem. The text files are generally named after the zone with .dns at the end for example a secondary zone for scrivnet.local would have its data saved on \system32\dns\scrivnet.local.dns . You can obviously use a normal text editor to view the contents of the files.

 

Active Directory Integrated Zones

Active Directory integrated zones do exactly what it says on the tin except with the added advantage that in this configuration you can have multiple servers with primary copies of the same zone data. The main thing to remember with this is that all the dns servers need to be domain controllers as well otherwise you cannot use integrated zones. Also secondary zones can never be integrated into active directory and can only be standard zones as above. Stub zones however can be integrated if you wish.

291 round one

Well I took a shot at the 291 on Thursday and failed it (641 if your interested). To be honest I was quite pleased with the score I got and didn’t expect to pass it anyway. I really just wanted to have a good idea of what I need to work on. Not only is this exam called the beast for a reason its not helping that we don’t use any of this stuff at work so I can only go by my lab.

 

Whilst the exam is called the beast for a good reason, its not as bad as it seems, anyway now I’ve got myself a nice little chart one what subjects I need to work on and I’ll give it another go again in a month. Hopefully next time I’ll be walking out with my MCSA.

 

Common ports for the 70-291 exam

Hi all,
Thought I would do a quick post about common ports for the 291 exams, these ones would be very useful to memorize in case questions come up about them in the exam, (ip filtering etc I suppose may ask about them).

So here’s a small list of ports, I’m sure I will add to them as I read through my books, All ports are TCP unless otherwise specified.

FTP 20 and 21
HTTP 80
HTTPS 443
DNS UDP 53
SMTP 25
POP3 110
PPTP 1723
L2TP UDP 500 + 1701 + 4500
Kerberos UDP 88

As you can see a lot of these ports you should already know from previous ms exams (client ones) so there’s not much else to memorize. But this may be a good starting point.

I would highly recommend creating your own list and printing them out and sticking them up in your office prior to taking the exam as it’s a great way of memorizing them (I used to do the same with min and recommended sys specs for the client and server exams).

TTFN

encryption Protocols

Just spotted this on the technet website which gives you a good brief summery of the encryption protocols which can be used with remote access (rras).

http://technet.microsoft.com/en-us/library/cc738300.aspx

DNS Properties Tab

Hi all,

 

Heres a quick paper I put together on the DNS properties page within the DNS mmc. There is alot of options to consider on this particular properties page most of which can in day to day events be left well alone and only require tinkering either when DNS changes on your network or you are setting up a new  domain.

 

LINKY