Monday, 6 October 2014

How to configure Windows Server 2008 for DSE





   This article is about the configuration of Windows Server 2008 with Kerberos authentication. Kerberos is an integral part of Windows 2008 Active Directory implementations, and anyone planning to deploy and maintain the enterprise NoSQL database e.g. DataStax Enterprise must should have a basic knowledge of the principals and administrative issues involved in this front-line security technology.
   If we want to configure Windows Server 2008 with Kerberos authentication we need to install: Web Server(IIS), DHCP Server, Active Directory Domain Server. Also, we should set static ip address, computer name, and configure all installed services. The following section will explain how to properly configure system for Kerebros authentication and install the necessary software.


1.        Change computer name (server)


The computer name for Windows Server is the name of our server.
1.1. Click Start, right-click Computer, and then click Properties.
1.2. Under Computer name, domain, and workgroup settings, click Change settings.
1.3. Click the Computer Name tab, and then click Change.
1.4. Write down the computer name. For example we are using "cogserver02" , and then click “OK”.
1.5. Restart computer

1.1        Set static ip


For certain types of servers, you must assign a static IP address and subnet mask during or after Setup.
These servers include DHCP servers, DNS servers and any server providing access to users on the Internet. It is also recommended that you assign a static IP address and subnet mask for each domain controller. 

To configure IPv4 for static addressing please do the following:

  1. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center and then click Change Adapter Settings.
  2. Right-click the connection to which you want to add a static IP address and then click Properties.
  3. Acknowledge the UAC dialog and then double-click Internet Protocol Version 4 (TCP/IP/IPv4).
  4. Click Use the following IP address, and do one of the following:
    • For a local area connection, in IP address, Subnet mask, and Default gateway, type the IP address, subnet mask, and default gateway addresses.
    • For all other connections, in IP address, type the IP address.
  5. Click Use the following DNS server addresses.
  6. In Preferred DNS server and Alternate DNS server, type the primary and secondary DNS server addresses.

To configure advanced static IPv4 address settings for a local area connection, click Advanced.

2.        Web Server(IIS) installation 


Internet Information Services (IIS) is an extensible web server created by Microsoft for use with Windows NT family. 

2.1      Click Start, click Administrative Tools and then click Server Manager.
2.2      In the Server Manager window, scroll down to Roles Summary, and then click Add Roles.
2.3      Select Web Server (IIS) on the Select Server Roles page. 
2.4     Select the IIS services to be installed on the Select Role Services page. Add only the necessary modules. In this case, ASP.NET is selected, and a description of ASP.NET appears in the right pane.Once desired modules are added, click Next.
2.5      Add any required role services.
2.6      IIS is now installed with a default configuration for hosting ASP.NET on Windows Server. Click Close to complete the process.
More information: installation IIS

3.        DHCP Server installation   


Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway
3.1          From the Start menu, select Administrative Tools, then select Server Manager.
3.2          Expand and click Roles from the left window. Choose Add Roles.
3.3          Next, select that you want to add the DHCP Server Role, and click Next.
3.4          On the Network connection binding screen click Next.
3.5          On the IPv4 DNS Settings screen set Parent Domain (cognet.local), Primary DNS Server (192.168.1.200) and click Next.
3.6          We strongly suggest not to use WINS on the network. Please disable this option. Then click Next.
3.7      On the next screen, click Add  to add a new scope. In our example the scope is named “cognet-local”,  the starting and ending IP addresses is set to 192.168.1.1-192.168.1.100, the subnet mask is set to 255.255.255.0, After writing down these parameters, please click OK, then Next.
3.8          Please set Disable DHCPv6 stateless mode to disable for this server, then click Next.
3.9          Confirm Installation Selections.

More information: Installation and configure DHCP

4.       Active Directory Domain Server


AD DS provides a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications. Administrators can use AD DS to organize elements of a network, such as users, computers, and other devices, into a hierarchical containment structure. The hierarchical containment structure includes the Active Directory forest, domains in the forest, and organizational units (OUs) in each domain. A server that is running AD DS is called a domain controller.

4.1        Installation Active Directory


4.1.1        From the Start menu, select Administrative Tools, then select Server Manager.
4.1.2        Expand and click Roles from the left window. Choose Add Roles.
4.1.3        Next, select that you want to add the Active Directory Domain Server role, and click Next.
4.1.4        Click next to skip  the part and then click install to start installing the binaries for Active Directory.
4.1.5        When the installation is finished you will be shown a success message, then click Close.


4.2        Configuration Active Directory


4.2.1         Open Server Manager, expand Roles and click Active Directory Domain Services. On the right hand side click the Run the Active Directory Domain Services Installation Wizard (dcpromo.exe) link.
4.2.2        This will launch another wizard, this time to configure the settings for you domain. Please  click Next to continue.
4.2.3          Click Nextchoose to create a new domain in a new forest.
4.2.4          Type FQDN ( we are using “cognet.local” as an example ), then click  Next.
4.2.5       Since this is the first DC in our domain we can change our forest functional level to Windows Server 2008 R2.
4.2.6         We want to include DNS in our installation because this will allow us to have an AD Integrated DNS Zone. When you click Next you will be prompted with a message to confirm. Please confirm this by clicking Yes to continue.
4.2.7          Confirm all installation sections. (Active directory should install DNS Server)
4.2.8          Restart computer.

4.3        Configure DNS Server


4.3.1          From the Start menu, select Administrative Tools and then select DNS to open the DNS console.
4.3.2          Double-click on your computer name (COGSERVER02), then right-click on Reverse Lookup Zones and choose New zone to launch the New Zone Wizard.
4.3.3          Select Primary zone  and  Store the zone in Active Directory, then click  Next.
4.3.4       On the screen Active Directory Replication Scope select To all DNS servers running on domain controllers in this domain: cognet.local, then click  Next.
4.3.5          On the next screen select IPv4 Reverse Lookup Zone, then click Next.
4.3.6          Type Network ID: 192.168.1, then click  Next.
4.3.7          On the screen Dynamic Update select: Allow only secure dynamic updates.
4.3.8          Confirm all configurations sections.


4.4        Managing DNS Records


4.4.1         In DNS Manager, expand your server name (cogserver02), then expand the Forward Lookup Zones , right-click on your domain name (cognet.local) and select Properties.
4.4.2          Click the Start of Authority (SOA) tabulation.
4.4.3          Set the Primary Server to your primary nameserver ( for example we are using “cogserver02.cognet.local”)
4.4.4          Next, click the Name Servers tabulation.
4.4.5          Remove all items in the list, then click Add and type your name servers ( for example we are using “cogserver02.cognet.local”).
4.4.6          When done, click OK to close the window. You are now ready to set up your zone records.
4.4.7          Right-click your domain name under Forward Lookup Zones and Reverse Lookup Zones, and select New Host (A or AAAA) or Pointer(PTR). See image below:
Reverse Lookup Zones settings

Forward Lookup Zones settings

More information: DNS and DNS2

4.5        Add users to Active directory


4.5.1          Open Active Directory Users and Computers
4.5.2          Right-click the Users then New. Next please select User (in your example “test_user”, “dse/linuxccm.cognet.local”).

4.6        Connect computer to a domain


4.6.1          Open System by clicking the Start button, right-click Computer, and then click Properties
4.6.2          Under Computer name, domain, and workgroup settings, click Change settings.  If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4.6.3          Click the Computer Name tab, and then click Change. Alternatively, click Network ID to use the Join a Domain or Workgroup wizard to automate the process of connecting to a domain and creating a domain user account on your computer.
4.6.4          Under Member of, click Domain.
4.6.5          Type the name of the domain (for example: “COGNET.LOCAL”) that you want to join, and then click OK.
4.6.6          Restart the computer.

If Your computer is already in the domain, you must remove computer from the domain:
                    I.            Click Start button, then point to Computer.
                  II.            Right-Click Computer, then click Properties.
                III.            Under the Computer name, domain, and workgroup settings, click Change Settings.
               IV.            Please click Change, change the Member of Option to Workgroup, then click OK.
                 V.            When you are asked for the administrator’s account and/or password, please type it.
               VI.            Restart the computer.
             VII.            Then the computer can be added to the domain.
And  disable cached domain logon:
How to disable the cached domain logon, please set the cachedlogonscount registry key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon to 0. Then restart the computer.

4.7        Check the correctness settings


4.7.1          Run command line (on the windows: windows button + R, then type cmd ; on the linux: ctrl + alt + T)

4.7.2          Type nslookup name server (for example: “nslookup cogserver02”)

Result nslookup







Cognitum cooperates with Microsoft under prestigious Azure Circle program, where technology partners are invited with experience in Windows Azure. It provides IT solutions in the area of Cloud and BigData for customers both in Poland and abroad.
Cognitum is also a partner of DataStax, a major Cassandra vendor that provides worldwide training for Cassandra and Enterprise level appliances: DataStax Enterprise combining Cassandra, Hadoop, Hive, Solr into single solution. 


No comments:

Post a Comment