Module 4 - scribblerbiz.files.wordpress.com · might have several routers that connect it to other local and remote subnets. You must configure one of the routers as the default gateway

4-1

Module 4 Configuring Network Connectivity

Contents: Module Overview 4-1

Lesson 1: Configuring IP Network Connectivity 4-2

Lesson 2: Implementing Name Resolution 4-17

Lesson 3: Implementing Wireless Network Connectivity 4-25

Lesson 4: Overview of Remote Access 4-29

Lab: Configuring Network Connectivity 4-33

Module Review and Takeaways 4-38

Module Overview Configuring network connectivity is a common administrative task. In many organizations, it can account for a significant percentage of overall administrative effort. Windows 10 includes several tools that enable you to set up and troubleshoot both wired and wireless network connections more efficiently. To support your organization’s network infrastructure, it is important that you understand how to configure and troubleshoot network connections.

Objectives After completing this module, you will be able to:

• Describe how to configure IP network connectivity.

• Implement name resolution.

• Implement wireless network connectivity.

• Describe options for remote access in Windows 10.

4-2 Configuring Network Connectivity

Lesson 1 Configuring IP Network Connectivity

By default, Windows 10 implements both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). It is important that you understand the fundamentals of both IPv4 and IPv6, and know how to configure them in Windows 10 within the context of your organization’s network infrastructure.

Lesson Objectives After completing this lesson, you will be able to:

• Describe IPv4.

• Describe IPv4 subnets.

• Explain the difference between public and private IPv4 addressing.

• Implement automatic IPv4 address allocation.

• Describe the tools available to configure network settings in Windows 10.

• Describe the tools available to troubleshoot network connections.

• Configure an IPv4 network connection.

• Describe IPv6.

• Explain IPv6 addressing.

Overview of IPv4 Settings

To configure network connectivity, you must be familiar with IPv4 addresses and how they work. Communication between computers can happen only if they can identify each other on the network. When you assign a unique IPv4 address to each networked computer, the IPv4 address identifies the computer to the other computers on the network. That IPv4 address, combined with the subnet mask, identifies the computer’s location on the network, just as the combination of a number and a street name identify the location of a house.

Overview of connecting with another network host In a typical situation, communication starts with a request to connect to another host by its computer name. However, to communicate, the requesting host needs to know the media access control (MAC) address of the receiving host’s network interface. Conversely, the receiving host needs to know the requesting host’s MAC address. Once the requesting host discovers the MAC information, it caches it locally. A MAC address is a hard-coded, unique identifier assigned to network interfaces by the manufacturers of network adapters. Before the requesting host can find the receiving host’s MAC address, a number of steps occur.

Installing and Configuring Windows 10 4-3

The following is a high-level overview of these steps:

1. A host sends a request to connect to Server1. The name Server1 must be resolved to an IPv4 address. You will learn about name resolution later in the module.

2. Once the sender knows the recipient’s IPv4 address, it uses the subnet mask to determine whether the IPv4 address is remote or on the local subnet.

3. If it is local, an Address Resolution Protocol (ARP) request is broadcast on the local subnet. If it is remote, an ARP request is sent to the default gateway and then routed to the correct subnet.

4. The host that owns that IPv4 address will respond with its MAC address and a request for the sender’s MAC address.

5. Once the exchange of MAC addresses completes, IPv4 communication negotiation and the exchange of IP data packets can occur.

Components of an IPv4 address IPv4 uses 32-bit addresses. If you view an IPv4 address in its binary format, it has 32 characters, as the following example shows:

11000000101010000000000111001000

IPv4 divides the address into four octets, as the following example shows:

11000000.10101000.00000001.11001000

To make the IP addresses more readable, binary representation of the address typically shows it in decimal form, as the following example shows:

192.168.1.200

In conjunction with a subnet mask, the address identifies:

• The computer’s unique identity, which is the host ID.

• The subnet on which the computer resides, which is the network ID.

This enables a networked computer to communicate with other networked computers in a routed environment.

IPv4 address classes The Internet Assigned Numbers Authority (IANA) organizes IPv4 addresses into classes, and the number of hosts in a network determines the required class of addresses. Class A through Class E are the names that IANA has specified for IPv4 address classes.

Classes A, B, and C are IP addresses that you can assign to host computers as unique IP addresses, whereas you can use Class D for multicasting. Additionally, IANA reserves Class E for experimental use.


Defining Subnets

A subnet is a network segment. Single or multiple routers separate the subnet from the rest of the network. When your Internet service provider (ISP) assigns a network to a Class A, B, or C address range, you often must subdivide the range to match the network’s physical layout. Subdividing enables you to break a large network into smaller, logical subnets.

When you subdivide a network into subnets, you must create a unique ID for each subnet, which you derive from the main network ID. To create subnets, you must allocate some of the bits in the host ID to the network ID. By doing so, you can create more networks.

By using subnets, you can:

• Use a single Class A, B, or C network across multiple physical locations.

• Reduce network congestion by segmenting traffic and reducing broadcasts on each segment.

• Overcome the limitations of current technologies, such as exceeding the maximum number of hosts that each segment can have.

A subnet mask specifies which part of an IPv4 address is the network ID and which is the host ID. A subnet mask has four octets, similar to an IPv4 address.

Simple IPv4 networks In simple IPv4 networks, the subnet mask defines full octets as part of the network and host IDs. A 255 represents an octet that is part of the network ID, and a 0 represents an octet that is part of the host ID. Class A, B, and C networks use default subnet masks. The following table lists the characteristics of each IP address class.

Class First octet Default subnet mask Number of networks

Number of hosts per network

A 1 to 127 255.0.0.0 126 16,777,214

B 128 to 191 255.255.0.0 16,384 65,534

C 192 to 223 255.255.255.0 2,097,152 254

Complex IPv4 networks In complex networks, subnet masks might not be simple combinations of 255 and 0. Rather, you might subdivide one octet with some bits for the network ID and some for the host ID. If you do not use an octet for subnetting, this is classless addressing, or Classless Interdomain Routing (CIDR). You use more or less of the octet. This type of subnetting uses a different notation, which the following example shows:

172.16.16.1/255.255.240.0

The following example shows the more common representation of classless IPv4 addressing:

172.16.16.1/20


The /20 represents how many leftmost subnet bits are set to 1 in the mask. This notation style is called CIDR. This subnet mask in binary notation would look like this:

11111111.11111111.11110000.00000000

The first 20 bits are set to 1 and indicate the subnet ID, and the last 12 zero placeholders represent how many bits are used to identify the host.

Configuring connectivity to other subnets A default gateway is a device on a TCP/IP internetwork, usually a router, which forwards IP packets to other subnets. A router connects groups of subnets to create an intranet. In an intranet, any given subnet might have several routers that connect it to other local and remote subnets. You must configure one of the routers as the default gateway for local hosts so that the local hosts can communicate with hosts on remote networks.

When a host delivers an IPv4 packet, it performs an internal calculation by using the subnet mask to determine whether the destination host is on the same network or on a remote network. If the destination host is on the same network, the local host delivers the packet. If the destination host is on a different network, the host transmits the packet to a router for delivery.

Note: The host determines the MAC address of the router for delivery, and the initiating host addresses the router explicitly, at the media access layer.

When a host on the network uses IPv4 to transmit a packet to a destination subnet, IPv4 consults the internal routing table to determine the appropriate router to ensure that the packet reaches the destination subnet. If the routing table does not contain any routing information about the destination subnet, IPv4 forwards the packet to the default gateway. The host assumes that the default gateway contains the required routing information.

In most cases, you can use a Dynamic Host Configuration Protocol (DHCP) server to assign the default gateway automatically to a DHCP client. This is more straightforward than manually assigning a default gateway on each host.

Public and Private IP Addressing

Devices and hosts that connect directly to the Internet require a public IPv4 address. However, hosts and devices that do not connect directly to the Internet do not require a public IPv4 address.

Public IPv4 addresses Public IPv4 addresses, which IANA assigns, must be unique. Usually, your ISP allocates to you one or more public addresses from its address pool. The number of addresses that your ISP allocates to you depends upon how many devices and hosts that you have to connect to the Internet.


Private IPv4 addresses The pool of IPv4 addresses is becoming smaller, so IANA is reluctant to allocate superfluous IPv4 addresses. Technologies such as network address translation (NAT) enable administrators to use a relatively small number of public IPv4 addresses, and at the same time, enable local hosts to connect to remote hosts and services on the Internet.

IANA defines the following address ranges as private. Internet-based routers do not forward packets originating from, or destined to, these ranges.

Class Mask Range

A 10.0.0.0/8 10.0.0.0 - 10.255.255.255

B 172.16.0.0/12 172.16.0.0 - 172.31.255.255

C 192.168.0.0/16 192.168.0.0 - 192.168.255.255

In today’s network environments, it is most common for organizations to have one or more public, routable IP addresses from an ISP assigned to the external interfaces of their firewall appliances. Additionally, they use the designated private IP subnets internally.

Implementing Automatic IPv4 Addressing

It is important that you know how to assign static IPv4 addresses manually and support devices that use DHCP to assign IPv4 addresses dynamically.

Static configuration You can configure static IPv4 configuration manually for each of your network’s computers. When you perform IPv4 configuration, you must configure the:

• IPv4 address

• Subnet mask

• Default gateway

• Domain Name System (DNS) server

Static configuration requires that you visit each computer and input the IPv4 configuration. This method of computer management is time-consuming if your network has more than 10 to 12 computers. Additionally, making a large number of manual configurations heightens the risk of mistakes.

DHCPv4 DHCPv4 enables you to assign IPv4 configurations automatically for a large number of computers without having to assign each one individually. The DHCP service receives requests for IPv4 configuration from computers that you configure to obtain an IPv4 address automatically. It also assigns IPv4 information from scopes that you define for each of your network’s subnets. The DHCP service identifies the subnet from which the request originated, and assigns IP configuration from the relevant scope.


DHCP helps simplify the IP configuration process. However, keep in mind that if you use DHCP to assign IPv4 information and the service is business-critical, you must:

• Include resilience in your DHCP service design so that the failure of a single server does not prevent the service from functioning.

• Configure the scopes on the DHCP server carefully. If you make a mistake, it can affect the whole network, and it can prevent communication.

IPv4 alternate configuration If you use a laptop to connect to multiple networks, such as networks at work and at home, each network might require a different IP configuration. Windows 10 supports the use of Automatic Private IP Addressing (APIPA) and an alternate static IP address for this scenario.

When you configure Windows 10 devices to obtain IPv4 addresses from DHCP, use the Alternate Configuration tab to control the behavior if a DHCP server is not available. By default, Windows 10 uses APIPA to assign itself an IP address automatically from the 169.254.0.0 to 169.254.255.255 address range. This enables you to use a DHCP server at work and the APIPA address range at home, without reconfiguring IP settings. Additionally, this is useful for troubleshooting DHCP. If the computer has an address from the APIPA range, it is an indication that the computer cannot communicate with a DHCP server.

Tools for Configuring Network Settings

You can configure network settings by using a number of tools in Windows 10. The tool you decide to use depends on your situation and goals.

Network & Internet To access the network settings, open Settings, and then click Network & Internet. If you are using a wired connection, tap Ethernet. If you are using a wireless connection, tap WiFi.

Note: You can also access NETWORK & INTERNET by tapping the network icon in the notification area and then tapping Network settings.

From within Ethernet or WiFi, you can:

• Change adapter options. You can configure the network adapter settings. A list of network adapters displays, and you can then configure the properties for each, including:

o Internet Protocol Version 6 (TCP/IPv6). Enables you to manually configure the IPv6 settings for a given adapter.

o Internet Protocol Version 4 (TCP/IPv4). Enables you to manually configure the IPv4 settings for a given adapter.

• Change advanced sharing options. You can configure network discovery, file and print sharing, public folder sharing, media streaming options, and the encryption level to use for file sharing connections.


• Launch the Network and Sharing Center. You can use this tool to configure most network settings. You will learn more about it below.

• Enable and configure a homegroup. You can enable and configure homegroups, which are collections of computers that you deploy on a home network and that share resources such as files and printers. When your computer is part of a homegroup, you can share images, media files, documents, and printer devices with others in your homegroup. Once you enable a homegroup, you can then define which libraries you will share, such as Pictures, Documents, or Videos. You can enable a homegroup only on network interfaces that are defined as part of a private network location profile. To provide for basic security, you can enable a password on your homegroup.

Note: Although domain-joined computers cannot create homegroups, they can connect to existing homegroups.

• Configure Internet options. You can configure the options your web browsers use.

• Configure Windows Firewall. You can launch the Windows Firewall tool and configure Windows Firewall rules, notifications, and advanced settings.

Network and Sharing Center This tool is largely the same as it is in Windows 8.1. It provides a clear view of the status for any wired or wireless connection, and you can use it to create additional network connections by using a wizard-driven interface. The Network and Sharing Center also provides links for accessing other network-related tools, including:

• Change advanced sharing settings

• Internet Options

• Windows Firewall

• Network and Internet Troubleshooting Wizard

Network Setup Wizard Windows 10 provides the Network Setup Wizard, a user-friendly interface that you can use to configure network settings. Windows 10 recognizes any unconfigured network devices on the computer, and then automates the process of adding and configuring them. The Network Setup Wizard also recognizes any wireless networks in range of the computer, and then guides you through the process of configuring them.

You can save network settings to a USB flash drive for use when configuring additional computers, which makes that process quicker. You also can use the Network Setup Wizard to enable sharing across your network for documents, photos, music, and other files.

Windows PowerShell Although you can use the graphical tools previously described to perform all network configuration and management tasks, sometimes it can be quicker to use command-line tools and scripts. Windows has always provided the command prompt for certain network management tools. However, Windows PowerShell provides a number of network-specific cmdlets that you can use to configure, manage, and troubleshoot Windows network connections.


The following table lists some of the network-related Windows PowerShell cmdlets and their purposes.

Cmdlet Purpose

Get-NetIPAddress Retrieves information about the IP address configuration.

Get-NetIPv4Protocol Retrieves information about the IPv4 protocol configuration (the cmdlet Get-NetIP6Protocol returns the same information for the IPv6 protocol).

Get-NetIPInterface Obtains a list of interfaces and their configurations. This does not include IPv4 configuration of the interface.

Set-NetIPAddress Sets information about the IP address configuration.

Set-NetIPv4Protocol Sets information about the IPv4 protocol configuration (the cmdlet Set-NetIP6Protocol returns the same information for the IPv6 protocol.)

Set-NetIPInterface Modifies IP interface properties.

Get-NetRoute Obtains the list of routes in the local routing table.

Test-Connection Runs similar connectivity tests to that used by the Ping command. For example, test-connection lon-dc1.

Resolve-Dnsname Provides a similar function to the NSLookup tool.

Get-NetConnectionProfile Obtains the type of network (public, private, or domain) to which a network adapter is connected.

Clear-DnsClientCache Clears the client’s resolver cache, similar to the IPConfig /flushdns command.

Get-DnsClient Retrieves configuration details specific to the different network interfaces on a specified computer.

Get-DnsClientCache Retrieves the contents of the local DNS client cache, similar to the IPConfig /displaydns command.

Get-DnsClientGlobalSetting Retrieves global DNS client settings, such as the suffix search list.

Get-DnsClientServerAddress Retrieves one or more DNS server IP addresses associated with the interfaces on the computer.

Register-DnsClient Registers all of the IP addresses on the computer onto the configured DNS server.


Cmdlet Purpose

Set-DnsClient Sets the interface-specific DNS client configurations on the computer.

Set-DnsClientGlobalSetting Configures global DNS client settings, such as the suffix search list.

Set-DnsClientServerAddress Configures one or more DNS server IP addresses associated with the interfaces on the computer.

For example, to configure the IPv4 settings for a network connection by using Windows PowerShell, use the following cmdlet:

Set-NetIPAddress –InterfaceAlias Wi-Fi –IPAddress 172.16.16.1

Netsh You can also use the Netsh command-line tool to configure network settings. For example, to configure IPv4 by using Netsh, you can use the following example:

Netsh interface ipv4 set address name="Local Area Connection" source=static addr=172.16.16.3 mask=255.255.255.0 gateway=172.16.16.1

Note: Functionality in the Windows PowerShell network-related cmdlets has largely replaced Netsh.

Tools for Troubleshooting Network Connections

Windows 10 includes a number of tools that you can use to diagnose network problems, including:

• Event Viewer

• Windows Network Diagnostics

• IPConfig

• Ping

• Tracert

• NSLookup

• Pathping

• Windows PowerShell

• Microsoft Message Analyzer

Event Viewer Event logs are files that record significant events on a computer, such as when a process encounters an error. IP conflicts are reflected in the system log and might prevent services from starting. When these events occur, Windows records the event in an appropriate event log. You can use Event Viewer to read the log. When you troubleshoot errors on Windows 10, you can view the events in the event logs to determine the cause of the problem.


You can use Event Viewer to access the Application, Security, Setup, and System logs under the Windows Logs node. When you select a log and then select an event, a preview pane under the event list contains details of the specified event. To help diagnose network problems, look for errors or warnings related to network services in the System log.

Windows Network Diagnostics In the event of a Windows 10 networking problem, the Diagnose Connection Problems option helps diagnose and repair the problem. Windows Network Diagnostics then presents a possible description of the problem and a potential remedy. The solution may require manual intervention from the user.

IPConfig The IPConfig command displays the current TCP/IP network configuration. Additionally, you can use IPConfig to refresh DHCP and DNS settings. For example, you might need to flush the DNS cache. The following table provides a brief description of some of the IPConfig command switches.

Command Description

ipconfig /all View detailed configuration information.

ipconfig /release Release the leased configuration back to the DHCP server.

ipconfig /renew Renew the leased configuration.

ipconfig /displaydns View the DNS resolver cache entries.

ipconfig /flushdns Purge the DNS resolver cache.

ipconfig /registerdns Register/update the client’s host name with the DNS server.

Ping You use the Ping command to verify IP-level connectivity to another TCP/IP computer. This command sends and receives Internet Control Message Protocol (ICMP) echo request messages, and displays the receipt of corresponding echo reply messages. The Ping command is the primary TCP/IP command used to troubleshoot connectivity.

Note: Firewalls might block the ICMP requests. As a result, you may receive false negatives when using ping as a troubleshooting tool.

Tracert The Tracert tool determines the path taken to a destination computer by sending ICMP echo requests. The path displayed is the list of router interfaces between a source and a destination. This tool also determines which router has failed, and what the latency, or speed, is. These results may not be accurate if the router is busy, because the router will assign the packets a low priority.

Pathping The Pathping command traces a route through the network in a manner similar to the Tracert tool. However, Pathping provides more detailed statistics on the individual steps, or hops, through the network. The command can provide greater detail because it sends 100 packets for each router, which enables it to establish trends.


NSLookup The NSLookup tool displays information that you can use to diagnose the DNS infrastructure. You can use the tool to confirm connection to the DNS server, in addition to the existence of the required records.

Windows PowerShell You can use Windows PowerShell to configure network connection settings. In addition to this, you can use Windows PowerShell cmdlets for troubleshooting network settings.

Microsoft Message Analyzer Microsoft Message Analyzer is a tool that captures network traffic and then displays and analyzes information about that traffic. You can use Microsoft Message Analyzer to monitor live network traffic, or import, aggregate, and analyze data from log and trace files. Microsoft Message Analyzer replaces Network Monitor.

Demonstration: Configuring an IPv4 Connection

In this demonstration, you will see how to:

• View IPv4 configuration from a GUI.

• View IPv4 configuration from a command line.

• Test connectivity.

• Check Windows Firewall configuration.

• Reconfigure the IPv4 configuration.

Demonstration Steps

View IPv4 configuration from a GUI 1. Launch Network and Sharing Center.

2. View the TCP/IPv4 configuration.

View IPv4 configuration from a command line 1. Open Windows PowerShell, and run Get-NetIPAddress.

2. Run Get-NetIPv4Protocol.

3. Run netsh interface ipv4 show config. The current IPv4 configuration is displayed.

4. Run ipconfig /all.

Test connectivity 1. Run test-connection LON-DC1.

2. Run netstat –n. Observe the active connections to 172.16.0.10. Most connections to services are transient. If no connections appear, create a connection.

3. Run netstat -n. Identify the services that LON-CL1 had connections to on LON-DC1.

Check Windows Firewall configuration 1. In Windows Firewall with Advanced Security, expand Monitoring, and then click Firewall. These are

the active firewall rules.

2. In Windows PowerShell, run netsh advfirewall firewall show rule name=all dir=in. Review the results, which display all inbound rules.


Reconfigure the IPv4 configuration 1. By using Network and Sharing Center, modify the adapter’s TCP/IPv4 configuration to enable

automatic IPv4 addressing.

2. Verify your configuration change from the command prompt by using Get-NetIPAddress.

Overview of IPv6 in Windows 10

Though most networks to which you connect Windows 10–based devices currently provide IPv4 support, many also support IPv6. To connect computers that are running Windows 10 to IPv6-based networks, you must understand the IPv6 addressing scheme and the differences between IPv4 and IPv6.

Benefits of IPv6 The IPv6 protocol provides the following benefits:

• Large address space. A 32-bit address space can have 2^32 or 4,294,967,296 possible addresses. IPv6 uses 128-bit address spaces, which can have 2^128 or 340,282,366,920,938,463,463,374,607,431,768,211,456 (or 3.4x10^38 or 340 undecillion) possible addresses.

• Hierarchical addressing and routing infrastructure. The IPv6 address space is more efficient for routers, which means that even though there are many more addresses, routers can process data much more efficiently because of address optimization.

• Stateless and stateful address configuration. IPv6 has autoconfiguration capability without DHCP, and it can discover router information so that hosts can access the Internet. This is a stateless address configuration. A stateful address configuration is when you use the DHCP version 6 (DHCPv6) protocol. Stateful configuration has two additional configuration levels: one in which DHCP provides all the information, including the IP address and configuration settings, and another in which DHCP provides just configuration settings.

• Required support for Internet Protocol security (IPsec). The IPv6 standards require support for the Authentication Header (AH) and encapsulating security payload (ESP) headers that IPsec defines. Although IPsec does not define support for its specific authentication methods and cryptographic algorithms, IPsec is defined from the start as the way to protect IPv6 packets.

Note: IPsec provides for authentication and, optionally, encryption for communications between hosts.

• Restored end-to-end communication. The global addressing model for IPv6 traffic means that translation between different types of addresses is not necessary, such as the translation done by NAT devices for IPv4 traffic. This simplifies communication because you do not need to use NAT devices for peer-to-peer applications, such as video conferencing.


• Prioritized delivery. IPv6 contains a field in the packet that lets network devices determine that the packet processing should occur at a rate that you specify. This enables traffic prioritization. For example, when you are streaming video traffic, it is critical that the packets arrive in a timely manner. You can set this field to ensure that network devices determine that the packet delivery is time-sensitive.

• Support for single-subnet environments. IPv6 has much better support of automatic configuration and operation on networks consisting of a single subnet. You can use this to create temporary, ad hoc networks through which you can connect and share information.

• Extensibility. The design of IPv6 enables you to extend it with less constraint than IPv4.

IPv6 in Windows 10 Windows 10 uses IPv6 by default. Windows 10 includes several features that support IPv6, as described below.

Windows 10 dual stack Windows 10 supports both IPv6 and IPv4 in a dual stack configuration. The dual IP stack helps reduce maintenance costs by providing the following features:

• Shared transport and framing layer.

• Shared filtering for firewalls and IPsec.

• Consistent performance, security, and support for both IPv6 and IPv4.

When you connect to a new network that advertises IPv6 routability, Windows 10 tests IPv6 connectivity, and it will only use IPv6 if IPv6 connectivity is actually functioning. Windows 10 also supports a functionality called address sorting. This functionality helps the Windows 10 operating system determine which protocol to use when applications that support both IPv4 and IPv6 addresses are configured for both protocol stacks.

DirectAccess use of IPv6 DirectAccess enables remote users to access a corporate network anytime they have an Internet connection, because it does not require a virtual private network (VPN). DirectAccess provides a flexible corporate network infrastructure to help you remotely manage and update user PCs on and off a network. DirectAccess makes the end-user experience of accessing corporate resources over an Internet connection nearly indistinguishable from the experience of accessing these resources from a computer at work. DirectAccess uses IPv6 to provide globally routable IP addresses for remote access clients.

Windows services can use IPv6 Windows 10 services such as file sharing and remote access use IPv6 features, such as IPsec. This includes VPN Reconnect, which uses Internet Key Exchange version 2 (IKEv2), an authentication component of IPv6.

The Windows 10 operating system supports remote troubleshooting capabilities such as Windows Remote Assistance and Remote Desktop. Remote Desktop enables administrators to connect to multiple Windows Server sessions for remote administration purposes. You can use IPv6 addresses to make remote desktop connections. Windows Remote Assistance and Remote Desktop use the Remote Desktop Protocol to enable users to access files on their office computers from other computers, such as their home computers.


Overview of IPv6 Addressing

The most obvious, distinguishing feature of IPv6 is its use of much larger addresses. IPv4 addresses are expressed in four groups of decimal numbers, such as 192.168.1.1. Each grouping of numbers represents a binary octet. In binary, the preceding number is as follows:

11000000.10101000.00000001.00000001

(four octets = 32 bits)

The size of an address in IPv6 is four times larger than an IPv4 address. IPv6 addresses are expressed in hexadecimal, as the following example shows:

2001:DB8::2F3B:2AA:FF:FE28:9C5A

This might seem complex for end users, but the assumption is that users will rely on DNS names to resolve hosts, meaning they will rarely type IPv6 addresses manually. The IPv6 address in hexadecimal also is easier to convert to binary. This makes it simpler to work with subnets and calculate hosts and networks.

IPv6 address types IPv6 address types are similar to IPv4 address types. The IPv6 address types are:

• Unicast. An IPv6 unicast address is equivalent to an IPv4 unicast address. You can use this address type for one-to-one communication between hosts. Each IPv6 host has multiple unicast addresses. There are three types of unicast addresses:

o Global unicast addresses. These are equivalent to public IPv4 addresses. They are globally routable and reachable on the IPv6 portion of the Internet.

o Link-local addresses. Hosts use link-local addresses when communicating with neighboring hosts on the same link. For example, on a single-link IPv6 network with no router, hosts communicate by using link-local addresses. Link-local addresses are local-use unicast addresses with the following properties:

IPv6 link-local addresses are equivalent to IPv4 APIPA addresses.

Link-local addresses always begin with FE80.

o Unique local unicast addresses. Unique local addresses provide an equivalent to the private IPv4 address space for organizations, without the overlap in address space when organizations combine.

• Multicast. An IPv6 multicast is equivalent to an IPv4 multicast address. You use this address type for one-to-many communication between computers that you define as using the same multicast address.

• Anycast. An anycast address is an IPv6 unicast address that is assigned to multiple computers. When IPv6 addresses communicate to an anycast address, only the closest host responds. You typically use this address type for locating services or the nearest router.

In IPv4, you typically assign a single host with a single unicast address. However, in IPv6, you can assign multiple unicast addresses to each host. To verify communication processes on a network, you must know the purposes for which IPv6 uses each of these addresses.


Interface identifiers The last 64 bits of an IPv6 address are the interface identifier. This is equivalent to the host ID in an IPv4 address. Each interface on an IPv6 network must have a unique interface identifier. Because the interface identifier is unique to each interface, IPv6 uses interface identifiers rather than MAC addresses to identify hosts uniquely.

Verify the correctness of the statement by placing a mark in the column to the right.

Statement Answer

Domain-joined computers cannot join homegroups.

Check Your Knowledge

Question

Which command would you use to obtain a new lease from a DHCP server?

Select the correct answer.

Ping

Tracert

Netsh

Ipconfig

NSLookup


Lesson 2 Implementing Name Resolution

Windows 10 devices communicate over a network by using names in place of IP addresses. Devices use name resolution to find an IP address that corresponds to a name, such as a host name. This lesson focuses on different types of computer names and the methods to resolve them.


• Describe name resolution.

• Describe DNS.

• Explain how to troubleshoot name resolution.

• Configure and test name resolution settings in Windows 10.

What Is Name Resolution?

Name resolution is the process of converting computer names to IP addresses. Name resolution is an essential part of computer networking because it is easier for users to remember names than abstract numbers, such as an IPv4 or IPv6 address. Windows 10 supports a number of different methods for resolving computer names, such as DNS, Windows Internet Name Service (WINS), and local hosts or LMHOSTS resolution.

Computer names A host name is a user-friendly name that is associated with a host’s IP address and identifies it as a TCP/IP host. A host name can be no more than 255 characters in length, and must contain only alphanumeric characters, periods, and hyphens. A host name is an alias or a fully qualified domain name (FQDN).

Note: An alias is a single name associated with an IP address, and the host name combines an alias with a domain name to create the FQDN.

The elements of the name include periods as separators. Applications use the structured FQDN on the Internet.

An example of an FQDN is payroll.contoso.com.

A NetBIOS name is a nonhierarchical name that some older apps use. A 16-character NetBIOS name identifies a NetBIOS resource on a network. A NetBIOS name represents a single computer or a group of computers. NetBIOS uses the first 15 characters for a specific computer’s name and the final sixteenth character to identify a resource or service on that computer. An example of a NetBIOS name is NYC-SVR2[20h].


Methods for resolving names There are a number of ways in which apps resolve names to IP addresses. DNS is the Microsoft standard for resolving host names to IP addresses. Apps also use DNS to do the following:

• Locate domain controllers and global catalog servers. Apps use this functionality when you sign in to Active Directory Domain Services (AD DS).

• Resolve IP addresses to host names. Apps use this functionality when a log file contains only a host’s IP address.

• Locate a mail server for email delivery. Apps use this functionality for the delivery of all Internet email.

When an app specifies a host name, TCP/IP uses the DNS resolver cache, DNS, and Link-Local Multicast Name Resolution when it attempts to resolve the host name. The Hosts file is loaded into the DNS resolver cache.

Note: If NetBIOS over TCP/IP is enabled, TCP/IP also uses NetBIOS name resolution methods when resolving single-label, unqualified host names.

Depending on the configuration, Windows 10 resolves host names by performing the following actions:

1. Checking whether the host name is the same as the local host name.

2. Searching the DNS resolver cache which is populated from the local Hosts file.

3. Sending a DNS request to its configured DNS servers.

Note: Windows 10 can use Link-Local Multicast Name Resolution for networks that do not have a DNS server.

Overview of DNS

DNS is a service that manages the resolution of host names to IP addresses. Microsoft provides a DNS Server role on Windows Server 2012 R2 that you can use to resolve host names in your organization. Typically, you will deploy multiple DNS servers in your organization to help improve both the performance and the reliability of name resolution.

Note: The Internet uses a single DNS namespace with multiple root servers. To participate in the Internet DNS namespace, you must register a domain name with a DNS registrar. This ensures that no two organizations attempt to use the same domain name.

Structure of DNS The DNS namespace consists of a hierarchy of domains and subdomains. A DNS zone is a specific portion of that namespace that resides on a DNS server in a zone file. DNS uses both forward and reverse lookup zones to satisfy name resolution requests.


Forward lookup zones Forward lookup zones are capable of hosting a number of different record types. The most common record type in forward lookup zones is an A record, also known as a host record. This record is used when resolving a host name to an IP address. Record types in forward lookup zones include:

• A. A host record, the most common type of DNS record.

• SRV. Service records are used to locate domain controllers and global catalog servers.

• MX. Mail exchange records are used to locate the mail servers responsible for a domain.

• CNAME. Canonical name records (CNAME records) resolve to another host name, also referred to as an alias.

Reverse lookup zones Reverse lookup zones contain PTR records. PTR records are used to resolve IP addresses to host names. An organization typically has control over the reverse lookup zones for its internal network. However, some PTR records for external IP addresses obtained from an ISP may be managed by the ISP.

How names are resolved with DNS Resolving DNS names on the Internet involves an entire system of computers, not just a single server. There are hundreds of servers on the Internet, called root servers, which manage the overall process of DNS resolution. 13 FQDNs represent these servers. A list of these 13 FQDNs is preloaded on each DNS server. When you register a domain name on the Internet, you are paying to become part of this system.

To understand how these servers work together to resolve a DNS name, see the following name resolution process for the name www.microsoft.com:

1. A workstation queries the local DNS server for the IP address www.microsoft.com.

2. If the local DNS server does not have the information, it queries a root DNS server for the location of the .com DNS servers.

3. The local DNS server queries a .com DNS server for the location of the microsoft.com DNS servers.

4. The local DNS server queries the microsoft.com DNS server for the IP address of www.microsoft.com.

5. The microsoft.com DNS server returns the IP address of www.microsoft.com to the local DNS server.

6. The local DNS server returns the result to the workstation.

Caching and forwarding can modify the name resolution process:

• Caching. After a local DNS server resolves a DNS name, it caches the results for the period that the Time to Live (TTL) value defines in the Start of Authority (SOA) record for the DNS zone. The default TTL is one hour. Subsequent resolution requests for the DNS name receive the cached information. Note that it is not the caching server that sets the TTL, but the authoritative DNS server that resolved the name from its zone. When the TTL expires, the caching server must delete it. Subsequent requests for the same name would require a new name resolution request to the authoritative server.

• Forwarding. Instead of querying root servers, you can configure a DNS server to forward DNS requests to another DNS server. For example, requests for all Internet names can be forwarded to a DNS server at an ISP.


Troubleshooting Name Resolution

When you troubleshoot name resolution, you must understand which name resolution methods the computer is using, and in what order. As you know, the operating system resolves host names either by using a local text file named Hosts, or by using DNS.

Note: Windows 10 appends the primary and connection-specific suffixes to all names that it is resolving. If the name resolution is unsuccessful initially, Windows 10 applies parent suffixes of the primary DNS suffix. For example, if the DNS resolver attempts to resolve the name LON-CL1, Windows 10 appends the .adatum.com suffix to attempt resolution. If that is unsuccessful, the operating system appends .com to the name, and attempts to resolve it once again. You can configure this behavior from the Advanced TCP/IP Settings page.

The primary tools for troubleshooting host name resolution are IPConfig and NSLookup, and their Windows PowerShell equivalents Get-NetIPAddress, Get-NetIPv4Protocol, and Resolve-dnsname.

Best Practice: Be sure to clear the DNS resolver cache between resolution attempts.

The process for troubleshooting name resolution If you cannot connect to a remote host, and if you suspect a name resolution problem, you can troubleshoot name resolution by using the following procedure:

1. Open an elevated command prompt, and then clear the DNS resolver cache by typing the following command:

IPConfig /flushdns

Note: Alternately, you can use the Windows PowerShell cmdlet Clear-DnsClientCache.

2. Attempt to verify connectivity to a remote host by using its IP address. This helps you identify whether the issue is due to name resolution. You can use the Ping command or the test-connection Windows PowerShell cmdlet. If the Ping command succeeds with the IP address but fails by the host name, the problem is with name resolution.

Note: Remember that the remote host must allow inbound ICMP echo packets through its firewall for this test to be viable.


3. Attempt to verify connectivity to the remote host by its host name, by using the FQDN followed by a period. For example, type the following command at the command prompt:

Test-connection LON-cl1.adatum.com.

Note: You can also use the ping command.

4. If the test is successful, the problem is likely unrelated to name resolution.

5. If the test is unsuccessful, edit the C:\windows\system32\drivers\etc\hosts text file, and then add the appropriate entry to the end of the file. For example, add this line, and then save the file:

172.16.0.51 LON-cl1.adatum.com

6. Perform the test-by-host-name procedure again. Name resolution should now be successful.

7. Examine the DNS resolver cache to verify that the name resolved correctly. To examine the DNS resolver cache, type the following command at a command prompt:

IPConfig /displaydns

Note: You can also use the Windows PowerShell cmdlet Get-DnsClientCache.

8. Remove the entry that you added to the Hosts file, and then clear the resolver cache once more.

At the command prompt, type the following command, and then examine the contents of the filename.txt file to identify the failed stage in name resolution:

NSLookup.exe –d2 LON-cl1.adatum.com. > filename.txt

The Windows PowerShell equivalent command is:

Resolve-dnsname lon-cl1.adatum.com. > filename.txt


Interpreting NSLookup output You should understand how to interpret the NSLookup command output so that you can identify whether the name resolution problem exists with the client computer’s configuration, the name server, or the configuration of records within the name server-zone database. In the first section of the following output sample, the client resolver performs a reverse lookup to determine the DNS server host name. You can view the query 10.0.16.172.in-addr.arpa, type = PTR, class = IN in the QUESTIONS section. The returned result, name = LON-dc1.adatum.com, identifies the host name of the petitioned DNS server:

------------ SendRequest(), len 41 HEADER: opcode = QUERY, id = 1, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: 10.0.16.172.in-addr.arpa, type = PTR, class = IN ------------ ------------ Got answer (73 bytes): HEADER: opcode = QUERY, id = 1, rcode = NOERROR header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: 10.0.16.172.in-addr.arpa, type = PTR, class = IN ANSWERS: -> 10.0.16.172.in-addr.arpa type = PTR, class = IN, dlen = 20 name = LON-dc1.adatum.com ttl = 1200 (20 mins) ------------ Server: LON-dc1.adatum.com Address: 172.16.0.10

Demonstration: Configuring and Testing Name Resolution

In this demonstration, you will see how to:

• Verify the IPv4 configuration.

• View and clear the name cache.

• Test name resolution to LON-DC1.

• Create a record in the Hosts file.

• Test the new record.

• Test name resolution.

Demonstration Steps

Verify the IPv4 configuration • On LON-CL1, using Network and Sharing Center, view the adapter’s TCP/IPv4 configuration. Notice

that DHCP is enabled, and that the IP address of the DHCP server displays. Notice the DNS server address.


View and clear the name cache 1. Open Windows PowerShell.

2. Run the following commands:

o ipconfig /displaydns

o Get-DnsClientCache

o ipconfig /flushdns

o Clear-DnsClientCache


Test name resolution to LON-DC1 • At the Windows PowerShell command prompt, run the following commands:

o test-connection lon-dc1

o Get-DnsClientCache | fl


Create a record in the Hosts file 1. At the Windows PowerShell command prompt, run the following command: notepad

C:\windows\system32\drivers\etc\hosts.

2. Create a host record called 172.16.0.10 intranet, and then save the file.

Test the new record 1. At the Windows PowerShell command prompt, run test-connection intranet.

2. Run Get-DnsClientCache | fl.

3. View the intranet record in the cache.

Test name resolution 1. At the Windows PowerShell command prompt, run the following commands:

o nslookup LON-DC1

o Resolve-Dnsname LON-DC1 | fl

o nslookup –d1 LON-DC1 > file.txt

o notepad file.txt

2. Review the information, and then close Notepad.



Question

Which command(s) should you always use before starting to test name resolution? Choose all that apply.


Ipconfig /release

Ipconfig /flushdns

Clear-DnsClientCache

Purge-DnsClientCache


Lesson 3 Implementing Wireless Network Connectivity

An increasing number of devices use wireless connections as the primary method for accessing corporate intranets and the Internet. Additionally, many users have come to expect a wireless infrastructure in a corporate workplace. As a result, a good working knowledge of wireless connectivity is a requirement for today’s networking environment. This lesson discusses the various wireless standards and the configuration and support of Windows 10 wireless clients.


• Describe wireless technologies.

• Configure wireless settings in Windows 10.

• Discuss the considerations for implementing wireless networks within organizations.

Wireless Network Technologies

Wireless networking uses radio waves to connect wireless devices to other network devices. Wireless networks generally consist of wireless network devices, access points (APs), and wireless bridges that conform to 802.11x wireless standards.

Wireless network topologies There are two types of wireless network topologies:

• Infrastructure. Infrastructure wireless networks consist of wireless local area networks (LANs) and cellular networks, and require the use of a device, such as an AP, to allow communication between client wireless devices. You can manage infrastructure wireless networks centrally.

• Ad hoc. Ad hoc networks can connect wireless devices dynamically in a peer-to-peer configuration without the use of any infrastructure devices.

802.11x wireless standards The 802.11 standard has been evolving since 1997. There have been many improvements in transmission speed and security of the 802.11 technology since then. A letter of the alphabet designates each new standard, as the following table shows.

Specification Description

802.11a This is the first extension to the original 802.11 specification. It provides up to 54 megabits per second (mbps) and operates in the 5 gigahertz (GHz) range. It is not compatible with 802.11b.

802.11b This specification provides 11 mbps and operates in the 2.4 GHz range.

802.11e This specification defines Quality of Service and multimedia support.


Specification Description

802.11g This specification is for transmission over short distances at speeds up to 54 mbps. It is backward-compatible with 802.11b, and operates in the 2.4 GHz range.

802.11n This specification adds multiple-input and multiple-output, thereby providing increased data throughput at speeds up to 100 mbps. It vastly improves speed over previous specifications, and it supports both 2.4 GHz and 5 GHz ranges.

802.11ac This specification builds on 802.11n to attain data rates of 433 mbps. 802.11ac operates only in the 5 GHz frequency range.

Wireless security Wireless security has been the biggest consideration by organizations planning a wireless implementation. Because wireless traffic travels across open airwaves, it is susceptible to interception by attackers. Therefore, organizations utilize several security technologies to address these concerns. Most Wi-Fi devices support multiple security standards. The following table describes the current security methods available for wireless networks.

Security method Description

Wired Equivalent Privacy (WEP)

WEP is the oldest form of wireless security. Some devices support different versions: • WEP 64-bit key

• WEP 128-bit key

• WEP 256-bit key

The security issues surrounding WEP are well-documented, and you should avoid using WEP unless it is the only alternative.

Wi-Fi Protected Access (WPA)

Developed to replace WEP, WPA has two variations: • WPA-Personal. WPA-Personal is for home and small business networks,

and is easier to implement than WPA-Enterprise. It involves providing a security password, and uses a technology called Temporal Key Integrity Protocol. The password and the network Service Set Identifier (SSID) generate constantly changing encryption keys for each wireless client.

• WPA-Enterprise. WPA-Enterprise is for corporate networks. It involves the use of a Remote Authentication Dial-In User Service (RADIUS) server for authentication.

WPA2 This is an improved version of WPA that has become the Wi-Fi security standard. WPA2 employs Advanced Encryption Standard (AES), which employs larger encryption key sizes.

The security methods that a given wireless device supports depend on the vendor and the device’s age. All modern wireless devices should support WPA2.


Configuring Wi-Fi Settings

Windows 10 makes it very easy to connect to and configure wireless network settings. Use the following procedures to manage your wireless network connections.

Connect to a wireless network To connect to a wireless network:

1. Tap the network icon on the notification area to see a list of available wireless networks.

2. Tap the network of your choice.

3. Tap Connect.

4. When prompted, enter the security information required by the wireless hub to which you are connecting your device, and then tap Next.

You are connected.

Configure wireless networks To configure your wireless networks:

1. Open Network settings.

2. In NETWORK & INTERNET, on the WiFi page, tap Manage WiFi settings.

3. Choose options:

o Connect to suggested open hotspots.

o Connect to networks shared by my contacts.

o Select how you will share your networks with your contacts. Choose from:

Outlook.com

Skype

Facebook

4. At the bottom of the page, beneath Manage known networks, tap the network you wish to manage.

5. Tap to Share or Forget the network.

Configure advanced wireless properties From Network and Sharing Center, you can also configure advanced wireless properties:

• In Network and Sharing Center, tap the name of your wireless network adapter on the right.

• In the Wi-Fi Status dialog box, you can view the properties of your wireless connection.

• Tap Wireless Properties to view additional information, including the security settings of the connection.

Note: You can use Windows Server Group Policy Objects (GPOs) to configure wireless profiles. This saves your users from having to configure their wireless connections manually.


Discussion: Considerations for Wireless Connectivity

Consider the following question, and be prepared to discuss your answers with the class as directed by your instructor.

Question: What are some considerations for enabling Wi-Fi access for your users?


Lesson 4 Overview of Remote Access

Windows 10 helps users improve their productivity, regardless of their location, or that of the data they need. Windows 10 supports the use of either VPNs or DirectAccess to enable users to access their work environments from anywhere they connect.


• Describe how to use VPNs to connect to a remote network.

• Explain how DirectAccess can help remote users connect.

• Discuss the considerations of enabling remote access for your users.

Overview of VPNs

A VPN provides a point-to-point connection between components of a private network, through a public network such as the Internet. Tunneling protocols enable a VPN client to establish and maintain a connection to the listening virtual port of a VPN server. To emulate a point-to-point link, the data is encapsulated, or wrapped, and prefixed with a header. This header provides routing information that enables the data to traverse the public network to reach its endpoint.

To emulate a private link, the data is encrypted to ensure confidentiality. Packets that are intercepted on the public network are indecipherable without encryption keys. Two types of VPN connections exist:

• Remote access. Remote access VPN connections enable users who are working at home, at customer sites, or from public wireless access points to access a server that exists in your organization’s private network. They do so by using the infrastructure that a public network, such as the Internet, provides.

From the user’s perspective, the VPN is a point-to-point connection between the computer, the VPN client, and your organization’s server. The exact infrastructure of the shared or public network is irrelevant, because it logically appears as if the data is sent over a dedicated private link.

• Site-to-site. Site-to-site VPN connections, which also are known as router-to-router VPN connections, enable your organization to have routed connections between separate offices or with other organizations over a public network, while maintaining secure communications.

Properties of VPN connections VPN connections in Windows 10 can use:

• Point-to-Point Tunneling Protocol (PPTP)

• Layer Two Tunneling Protocol with IPsec (L2TP/IPsec)

• Secure Socket Tunneling Protocol (SSTP)

• Internet Key Exchange version 2 (IKEv2)


Note: An IKEv2 VPN provides resilience to the VPN client when the client either moves from one wireless hotspot to another or switches from a wireless to a wired connection. This ability is a requirement of VPN Reconnect.

All VPN connections, irrespective of tunneling protocol, share some common characteristics:

• Encapsulation. With VPN technology, private data is encapsulated with a header that contains routing information, which allows the data to traverse the transit network.

• Authentication. Authentication ensures that the two communicating parties know with whom they are communicating.

• Data encryption. To ensure data confidentiality as the data traverses the shared or public transit network, the sender encrypts the data and the receiver decrypts it. The encryption and decryption processes depend on both the sender and the receiver using a common encryption key. Intercepted packets sent along the VPN connection in the transit network will be unintelligible to anyone who does not have the common encryption key.

Creating a VPN connection in Windows 10 To create a VPN connection in Windows 10, use the following procedure:

1. Tap the Network icon in the notification area, and then tap Network settings.

2. In NETWORK & INTERNET, tap the VPN tab.

3. Tap Add a VPN connection.

4. In the Add a VPN connection dialog box, in the VPN provider list, tap Windows (built-in).

5. In the Connection name box, enter a meaningful name, such as Office Network.

6. In the Server name or address box, type the FQDN of the server to which you want to connect. This is usually the name of the VPN server.

7. In the VPN type list, select between Point to Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol with IPsec (L2TP/IPsec), Secure Socket Tunneling Protocol (SSTP), and IKEv2. This setting must match the setting and policies configured on your VPN server. In you are unsure, tap Automatic.

8. In the Type of sign-in info list, select either User name and password, Smart card, or One-time password. Again, this setting must match your VPN server policies.

9. In the User name (optional) box, type your user name, and then in the Password (optional) box, type your password. Select the Remember my sign-in info check box, and then tap Save.

To manage your VPN connection, from within NETWORK & INTERNET, on the VPN tab, tap the VPN connection, and then tap Advanced options. You can then reconfigure the VPN settings as needed.

Note: Your VPN connection will appear on the list of available networks when you tap the network icon in the notification area.


Overview of DirectAccess

The DirectAccess feature in Windows 10 enables seamless remote access to intranet resources without first establishing a user-initiated VPN connection. The DirectAccess feature also ensures seamless connectivity to an application infrastructure for internal users and remote users.

Unlike traditional VPNs that require user intervention to initiate a connection to an intranet, DirectAccess enables any application that supports IPv6 on a client computer to have complete access to intranet resources. DirectAccess also enables you to specify resources and client-side applications that are restricted for remote access.

IPv6 in DirectAccess DirectAccess uses IPv6 and IPsec when clients connect to internal resources. However, many organizations do not have native IPv6 infrastructure. Therefore, DirectAccess uses transitioning tunneling technologies and communication through IPv4-based Internet to connect IPv6 clients to IPv4 internal resources.

DirectAccess tunneling protocols include:

• ISATAP. ISATAP enables DirectAccess clients to connect to the DirectAccess server over the IPv4 networks for intranet communication. By using ISATAP, an IPv4 network emulates a logical IPv6 subnet to other ISATAP hosts, where ISATAP hosts automatically tunnel to each other for IPv6 connectivity. ISATAP does not need changes on IPv4 routers because IPv6 packets are tunneled within an IPv4 header. To use ISATAP, you have to configure DNS servers to answer ISATAP queries, and enable IPv6 on network hosts.

• 6to4. 6to4 enables DirectAccess clients to connect to the DirectAccess server over IPv4-based Internet. You can use 6to4 when clients have a public IP address. IPv6 packets are encapsulated in an IPv4 header and sent over the 6to4 tunnel adapter to the DirectAccess server. You can use a GPO to configure the 6to4 tunnel adapter for DirectAccess clients and the DirectAccess server.

• Teredo. Teredo enables DirectAccess clients to connect to the DirectAccess server across the IPv4 Internet, when clients are located behind an IPv4 NAT device. Clients that have a private IPv4 address use Teredo to encapsulate IPv6 packets in an IPv4 header and send them over IPv4-based Internet. You can use a GPO to configure Teredo for DirectAccess clients and the DirectAccess server.

• IP-HTTPS. IP-HTTPS enables DirectAccess clients to connect to the DirectAccess server over IPv4-based Internet. Clients that are unable to connect to the DirectAccess server by using ISATAP, 6to4, or Teredo use IP-HTTPS. You can use a GPO to configure IP-HTTPS for DirectAccess clients and the DirectAccess server.

Components of DirectAccess To deploy and configure DirectAccess, your organization must support the following infrastructure components:

• DirectAccess server. The DirectAccess server can be any computer running Windows Server 2012 or Windows Server 2012 R2 that you join to a domain, that accepts connections from DirectAccess clients, and that establishes communication with intranet resources.

• DirectAccess clients. A DirectAccess client can be any domain-joined computer that is running the Enterprise edition of Windows 10, Windows 8.1, Windows 8, or Windows 7.


• Network Location Server. A DirectAccess client uses the Network Location Server to determine its location. If the client computer can securely connect to the Network Location Server by using HTTPS, then the client computer assumes it is on the intranet, and the DirectAccess policies are not enforced. If the client computer cannot contact the Network Location Server, the client assumes it is on the Internet.

• Internal resources. These are the server-based resources to which users want to connect.

• An AD DS domain. You must deploy at least one AD DS domain running, at a minimum, Windows Server 2003 domain functional level.

• Group Policy. You need to use Group Policy for the centralized administration and deployment of DirectAccess settings.

• Public key infrastructure (PKI). This is optional for the internal network. It provides the security infrastructure (in terms of certificates) for authentication in some configurations of DirectAccess.

• DNS server. You use the DNS server to enable name resolution of the servers in the DirectAccess topology.

Discussion: Considerations for Remote Access

Consider the following question, and be prepared to discuss your answers with the class as directed by your instructor.

Question: What are the considerations for enabling remote access to your network?


Question

Which VPN tunneling protocol supports the VPN auto reconnect feature?


PPTP

L2TP

SSTP

IKEv2


Lab: Configuring Network Connectivity Scenario Before delivering the first batch of Windows 10 devices to your users, you decide to test them on a secure test network. You have installed a domain controller and deployed the DHCP and DNS Server roles within the test environment. You must configure the IP network settings on your Windows 10 devices.

Objectives After completing this lab, you will have:

• Verified IPv4 settings.

• Configured the IPv4 settings so that the device obtains an automatic IP configuration from a DHCP server.

• Verified the settings by testing name resolution.

Lab Setup Estimated Time: 45 minutes

Virtual machines: 20697-1B-LON-DC1 and 20697-1B-LON-CL1

User name: Adatum\Administrator

Password: Pa$$w0rd

For this lab, you need to use the available virtual machine environment. Before you begin the lab, you must complete the following steps:

1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.

2. In Hyper-V Manager, click 20697-1B-LON-DC1, and in the Actions pane, click Start.

3. In the Actions pane, click Connect. Wait until the virtual machine starts.

4. Sign in by using the following credentials:

o User name: Administrator

o Password: Pa$$w0rd

o Domain: Adatum

5. Repeat steps 2 through 4 for 20697-1B-LON-CL1.

Exercise 1: Verifying and Testing IPv4 Settings

Scenario In this exercise, you will verify and test the initial network settings of a Windows 10 device.

The main tasks for this exercise are as follows:

1. Verify the IPv4 settings from Network and Sharing Center.

2. Verify the current IPv4 settings from the command line.

3. Test connectivity.


Task 1: Verify the IPv4 settings from Network and Sharing Center 1. Switch to LON-CL1.

2. Open Network and Sharing Center.

3. Open the Ethernet connection.

4. Click Details and record the following information:

o IPv4 Address

o IPv4 Subnet Mask

o IPv4 DNS Server

5. Click Properties, and then double-click Internet Protocol Version 4 (TCP/IPv4). You can configure the IP address, subnet mask, default gateway, and DNS servers in this window.

6. Verify that the configuration matches what you just recorded.

7. Close all open windows without making modifications.

Task 2: Verify the current IPv4 settings from the command line 1. Open Windows PowerShell, and then run Get-NetIPAddress. The IPv4 address should match what

you recorded earlier.

2. Run netsh interface ipv4 show config. The current IPv4 configuration is displayed and should match what you recorded earlier.

3. Run ipconfig /all. Again, the information should match what you recorded earlier.

4. Leave Windows PowerShell open.

Task 3: Test connectivity 1. In Windows PowerShell, run test-connection LON-DC1.

2. Run netstat –n. Observe the active connections to 172.16.0.10. Most connections to services are transient. If no connections appear, create a connection. For example, map a network drive to \\LON-DC1\NETLOGON.


Results: After completing this exercise, you will have successfully verified Internet Protocol version 4 (IPv4) settings.

Exercise 2: Configuring Automatic IPv4 Settings

Scenario It is necessary to assign IPv4 configurations for the Windows 10 devices by using DHCP. You will test this in your computer lab.


1. Reconfigure the IPv4 settings.

2. Test connectivity.

3. View the impact on the DHCP server.


Task 1: Reconfigure the IPv4 settings 1. By using Network and Sharing Center, modify the adapter’s TCP/IPv4 configuration to enable

automatic IPv4 addressing by selecting these two options:

o Obtain an IP address automatically

o Obtain DNS server address automatically

2. Verify your configuration change from the Windows PowerShell prompt by using Ipconfig /all.

Task 2: Test connectivity 1. In Windows PowerShell, run test-connection LON-DC1.

2. Run netstat –n. Observe the active connections to 172.16.0.10. Most connections to services are transient. If no connections appear, create a connection.


4. Close all open windows except Windows PowerShell.

Task 3: View the impact on the DHCP server 1. Switch to LON-DC1.

2. In Server Manager, open DHCP.

3. Expand lon-dc1.adatum.com, expand IPv4, expand Scope [172.16.0.0] Adatum, and then click Address Leases.

4. In the details pane, you should see the address lease for your Windows 10 client.

Results: After completing this exercise, you will have successfully configured IPv4 settings to be assigned automatically.

Exercise 3: Configuring and Testing Name Resolution

Scenario Name resolution is a critical part of your network infrastructure. You must ensure that you have correctly configured the Windows 10 devices for name resolution. Then you must test the name resolution process.


1. Verify current DNS settings on the client.

2. View and clear the DNS resolver cache.

3. Test name resolution.

4. Create and test a new record.

5. Troubleshoot name resolution.

Task 1: Verify current DNS settings on the client 1. On LON-CL1, by using Network and Sharing Center, view the adapter’s TCP/IPv4 configuration.

2. Notice that DHCP is enabled, and that the IP address of the DHCP server displays. Notice the DNS server address.


Task 2: View and clear the DNS resolver cache 1. Switch to Windows PowerShell.

2. Run the following commands:

o ipconfig /displaydns. This displays the current DNS resolver cache.

o Get-DnsClientCache. This displays the current DNS resolver cache.

o ipconfig /flushdns. This flushes the current DNS resolver cache.

o Clear-DnsClientCache. This flushes the current DNS resolver cache. It is not necessary to run this in addition to the preceding command.

o ipconfig /displaydns. This verifies that you have no entries in the cache.

Task 3: Test name resolution • At the Windows PowerShell command prompt, run the following commands:

o test-connection lon-dc1

o Get-DnsClientCache | fl

o ipconfig /displaydns. This should display similar information to the preceding command.

Task 4: Create and test a new record 1. At the Windows PowerShell command prompt, run the following command: notepad

C:\windows\system32\drivers\etc\hosts

2. Create a host record 172.16.0.10 www, and then save the file.

3. At the Windows PowerShell command prompt, run test-connection www.

4. Run Get-DnsClientCache | fl.

5. View the www record in the cache.

Task 5: Troubleshoot name resolution 1. At the Windows PowerShell command prompt, run the following commands:

o nslookup LON-DC1

o Resolve-Dnsname LON-DC1 | fl,

o nslookup –d1 LON-DC1 > file.txt

o notepad file.txt

2. Review the information. Note that you must scroll to the section starting Got answer.

o What was the question that was asked of the DNS server?

o What was the response?

o How long will the record be cached?

o What is the FQDN for the primary name server?

3. Close Notepad and Windows PowerShell.

Results: After completing this exercise, you will have successfully verified your DNS settings and tested name resolution.


Prepare for the next module When you have finished the lab, revert the virtual machines to their initial state.

1. On the host computer, start Hyper-V Manager.

2. In the Virtual Machines list, right-click 20697-1B-LON-CL1, and then click Revert.

3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for 20697-1B-LON-DC1.


Module Review and Takeaways Review Questions

Question: You are troubleshooting a network-related problem. The IP address of the host you are troubleshooting is 169.254.16.17. What is a possible cause of the problem?

Question: You are troubleshooting a network-related problem, and you suspect a name-resolution issue. Before conducting tests, you want to purge the DNS resolver cache. How do you do that?