MCTS Guide to Microsoft Windows Server 2008 Network Configuration
This erratum contains errors, corrections, and omissions from the current text along with suggested
changes for future editions of the book. If you come across additional errors or have suggestions for
future releases, please email the author at Server2008book@bentech.net.
The author would like to thank the following instructors for their comments which help to complete this
Mike Fuszner, St. Charles Community College
Randy Graves, North Idaho College
Note on Operating System updates: The text and all activities are based on the RTM version of
Windows Server 2008, not SP1, SP2, or Windows Server 2008 R2 RTM. There are known issues with
specific activities such as BitLocker when working with SP2. It is recommended that you run the RTM
version of Windows. If you choose to apply any available service packs and/or updates, you may
experience issues or functionality change compared with the textbook.
Chapter 1 - p. 3 should read
Trusts between Active Directory domains in a forest are created automatically when you create domains
in Windows Server 2008. These are called transitive trusts. In Windows NT domains prior to Windows
2000, administrators created all trusts manually.
Pg. 8, Step 5 should read:
Enter your product key if you have one and are required to enter the key. You can install Windows
Server 2008 without a product key.
Pg. 46 Should Read:
Out-of-Box Experience The most common cleanup action with Sysprep is to use the system OOBE when
generalizing images. This combination will remove the computer security identifier (SID), reset the
computer activation, and boot the computer into Windows Welcome.
Pg. 50 should read:
This section explores the three installation methods available for Windows Server 2008. Each of the
following methods has a purpose and place within a network:
• DVD/USB boot installation
• Network distribution share installation
• Image-based installation
DVD/USB Boot Installation Probably the most familiar of the installation methods is using physical
installation media. Windows Server 2008 can be installed via optical drive (that is a DVD drive) or via
USB flash drive. This type of installation is called a DVD boot installation and is the most common
media-based type. Installing with a USB flash drive is new and not yet as popular as using a DVD.
However, with the advent of USB 2.0 and servers that can boot from the drives in their USB ports, USB
flash drives are the perfect media for installing Windows Server 2008. Whether using optical or flash
media, this installation method requires you to be present at the server. Activity 1-1, where you
installed Windows Server 2008, is an example of a DVD installation.
Page 52 Activity 2-4 should read:
1. Log onto your server.
2. Click Start, type Windows PE Command Prompt in the Start Search box. When it Windows PE
Command Prompt appears, select it and press enter to launch.
3. Type md c:\MCTS_70642\Ch2\ImageFolder and then press Enter to create a new directory
called ImageFolder in the folder created for this chapter. This represents a distribution point to
contain the .wim file created with ImageX.
4. Change to the directory containing ImageX by using the following cd command:
cd \Program Files\Windows AIK\Tools\x86\
5. Next, run the following ImageX command to create an image of the c:\windows\fonts direc
tory from the command prompt:
imagex /capture “c:\Windows\fonts”
6. Leave the command prompt window open for the next exercise.
Pg 53 Activity 2-5 should read:
1. Open the Windows PE Command Prompt from the start menu, if necessary.
2. Type md c:\MCTS_70642\Ch2\ImageMountFolder to create a new directory called
ImageMountFolder. This is the mount point for your image within the file system.
3. Next, run the following ImageX command to mount the image Server2008Fonts.wim to the
c:\MCTS_40642\Ch2\ImageMountFolder directory from the command prompt:
imagex /mount “c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim” “All Installed
Ionts” Error! Hyperlink reference not valid.
4. Open Windows Explorer and browse to c:\MCTS_70642\Ch2\ImageMountFolder.5. Create a file
named Server2008SuperFont.txt by right-clicking a blank spot in the folder window, pointing to
New on the shortcut menu, and then clicking Text Document. Use Server2008SuperFont.txt as
the file name. Note that access is denied because you did not mount the image as read/write.
5. Before mounting the image as read/write, unmount the current image as follows:
imagex /unmount “c:\MCTS_70642\Ch2\imagemountfolder”
6. Rerun the ImageX command as follows using the /mountrw option:
imagex /mountrw “c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim” “All
Installed Fonts” Error! Hyperlink reference not valid.
7. Create a file named Server2008SuperFont.txt and leave Windows Explorer open. This time you
should be successful.
8. Commit and dismount the image using the following command:
imagex /unmount /commit “c:\MCTS_70642\Ch2\imagemountfolder”
9. In your Windows Explorer window, press F5 to refresh the screen. You should no longer have any
files listed in c:\MCTS_70642\Ch2\ImageMountFolder.
10. Close the Command Prompt.
Pg. 54 step 9 should read:
Imagex /mountrw “c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim” “all installed fonts”
Pg 61, Paragraph 1 should read:
There is no way to upgrade from a previous version of the Windows Server operating system to
a Server Core installation. Only a clean installation is supported.
There is no way to upgrade from a full installation of Windows Server 2008 to a Server Core
installation. Only a clean installation is supported.
There is no way to upgrade from a Server Core installation to a full installation of Windows
Server 2008. If you need the Windows® user interface or a server role that is not supported in a
Server Core installation, you will need to install a full installation of Windows Server 2008.
Pg. 66 step 4. Should read:
WMIC ComputerSystem Where name=”%computername%” call Rename Name=”MSN-SC-0XX”
Pg. 67 should read:
You can use Windows Remote Management (WinRM) to configure and manage Server Core
installations. As discussed in Chapter 1, WinRM is a suite of tools that allows you to remotely manage
your servers. WinRM, rmtshare, and other management utilities are covered in depth in Chapter 11.
Pg. 83 Should read:
Network Bridges Network bridges connect one or more networks segments. Like a switch, a bridge
uses MAC addresses for managing traffic. A bridge learns from the traffic it processes, so it can
associate a port with the specific MAC address to which it is connected. After the bridge associates a
port and an address, it sends traffic for that address only to that port. This creates more efficient traffic
on the network. Bridges work on the Layer 2 of the OSI model.
Pg 83 should read:
• The Data Link layer is responsible for communications between adjacent network nodes. Bridges
and switches operate at the Data Link layer.
Pg 94 Activity table should look like this:
Table 3-10: IPv6 address simplification
Full Address Simplified Address
Pg 103, Step 2 should read:
Click Start, Run and enter ncpa.cpl. This will launch the Network Connections console from Control
Pg 104 Activity 3-10 step 2 should read:
Preferred DNS server: 2001:xxxxxxxxxx::2 (instead of ::3)
Pg 108, Activity 3-11 should read:
1. On MSN-SC-0XX, type the following netsh command and then press Enter to check the ISATAP status
on the computer:
netsh interface isatap show state
2. At the command prompt, enter the following netsh command and then press Enter to enable
ISATAP on the computer:
netsh interface isatap set state enabled
3. Type ipconfig /all and then press Enter to verify that an ISATAP address has been added to your
network adapters. If changes do not appear promptly, wait about 30 seconds and rerun ipconfig /all.
4. 4. At the command prompt, enter the following netsh command and then press Enter to dis-able
ISATAP on the computer:
netsh interface isatap set state disable
5. Type ipconfig /all and then press Enter to verify that ISATAP has been removed.
Pg 109 should read:
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t
REG_DWORD /d 255
Pg 116 Steps should be added to open the ICMP firewall ports on both servers. The following
command will perform the task on both servers:
netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request”
protocol=icmpv4:8,any dir=in action=allow
Pg 116 step 4 should read:
tracert 192.168.100.10 >> CLI.txt
Pg 122, question 13, answer c should read:
c. 11000000.10101000. 01100100.11010100
At the Completion of this Chapter, all students should disable IPv6 on all current lab machines. The
following steps should be completed on each machine:
1. Uncheck “Internet Protocol version 6 (TCP/IPv6)” from all of your connections and adapters
and component in the list under “This connection uses the following items.” This will not be an
option on Server Core so you will just modify the registry.
2. Open Registry Editor, Regedit.exe
3. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\
4. Right click on “Parameters”, choose “New”, choose “DWORD (32-bit) Value”
5. Change the name of the key to “DisabledComponents”, set the value to ff and be sure to
choose Hexadecimal. This should resolve to a decimal of 255.
6. Restart the computer for the registry value to take effect.
Pg 134 DHCPInform should read:
If a DHCP client already has an IP address, it sends this type of message to a DHCP server …..
Activity 4-5 (page 142) should read:
10. Return to MSN-SRV-0XX, expand Scope [192.168.100.0] Partner Scope, and click Address
Leases. Verify that you see a lease for msn-sc-0XX.bentech.local of 192.168.100.201.
Activity 4-7 (page 144) should read:
10. Return to MSN-SRV-0XX, expand Scope [192.168.100.0] Partner Scope, and then click Address
Leases. Verify that you see a lease for msn-sc-0XX.bentech.local of 192.168.100.211. (Press F5 to update
Pg 145, Activity 4-8 should read:
Description: Your organization has decided to implement a DNS server on your network. This server will
provide updated name resolution for your clients. In this activity, you modify the server scope so all
scopes in your environment use the DNS server, 192.168.100.10.
1. Start Server Manager on the MSN-SRV-0XX computer.
2. In the left pane of Server Manager, expand the Roles section and the DHCP Server role and then
click MSN-SRV-0XX. The DHCP Server administration console opens.
3. In the left pane, expand IPv4 and then click Server Options.
4. Click More Actions and then click Configure Options.
5. In the Server Options dialog box, click 006 DNS Servers and then enter 192.168.100.10 in the String
Value text box.
6. Click OK to close the Server Options dialog box.
7. Verify that the server option for DNS Servers appears in the Server Options pane.
8. Log onto MSN-SC-0XX, if necessary.
9. In the Command Prompt, type ipconfig /renew.
10. Type ipconfig /all to verify the new settings. You should now receive a new DNS server of
11. Leave the DHCP console open for the next activity.
Pg 154, should read:
Windows Server 2008 performs an automated backup of the DHCP database every 60 minutes to the
%systemroot%\ dhcp\backup directory...
Pg 154 should read:
Like automatic backups, manual backups are stored in the %systemroot%\ dhcp\backup folder by
Pg 167 Activity Step 11 should read:
Open a command prompt from the Start menu and then enter the following command to change the IP
address and DNS information:
netsh int ip set address name=“Local Area Connection” static 192.168.100.10 255.255.255.0
Pg 167 Activity Step 13 should read:
At the command prompt, enter the following command to change the Internet Protocol version 4 (IPv4)
netsh int ip set address name=“Local Area Connection” static 192.168.100.20 255.255.255.0
Pg. 169 Activity Note should read:
For this activity, your server needs to have access to the Internet and be able to resolve Internet-based
Pg. 172 Activity 5-4 step 1 should read:
On the MSN-SRV-0XX computer, open a command prompt form the Start menu, type ncpa.cpl and then
press Enter to open the Network Properties windows.
Pg. 172 Activity 5-4 step 7 should read:
At the command prompt, type nslookup cengage.com and then press Enter. You should receive an error
message because you do not have DNS name resolution from 192.168.100.10.
Pg. 172 Activity 5-4 step 8 should read:
At the command prompt, type nslookup cengage.com 126.96.36.199 and then press Enter. This forces nslookup
to query the name server at 188.8.131.52 instead of your preferred DNS server. This time, you should receive a
nonauthoritative answer for cengage.com of 184.108.40.206. If the IP address is different, it simply means
that the record for cengage.com has been changed.
Pg. 185, Activity 5-9 have the following step inserted as step 11 and renumber remaining steps:
11. In the command prompt, enter the following commands. You will need to wait for each to complete
before entering the next.
Net stop DNS
Net start DNS
Pg 206 Activity 6-1 step 3 should read:
Netsh interface set interface name=”local area connection” newname=”Internet”
Pg 207 Activity 6-1 step 3 should read*:
netsh interface set interface name=”local area connection 2” newname=”bentech.local”
nets int ipv4 set address name=”bentech.local” static ……
nets int ipv4 set dns “bentech.local” static ……
*Screenshot for Figure 6-1 will need to be modified to show bentech.local.
pg 208 step 8 should read:
netsh interface set interface name=“local area connection” newname=“bentech.local”
netsh int ip set address name=“bentech.local” static 192.168.100.20 255.255.255.0
netsh int ip set dns “bentech.local” static 192.168.100.10
Suggest adding a second nslookup microsoft.com after step 8.
pg 208 step 9 should read:
Enter the following command to verify you have name resolution. After
pg 208 step 10 (new) should read:
Log off your Server Core computer by typing logoff at the command prompt and then pressing Enter.
Pg 208 Activity 6-2, step 1 (new) should read*:
Prior to beginning Activity 6-5, run the following command on MSN-SRV-0XX:
DNSCMD /CONFIG BENTECH.LOCAL /ALLOWUPDATE 1
*The existing 1-10 should be renumbered 2-11
8. At the command prompt, enter the following command to change the Internet Protocol version 4
netsh interface set interface name=“local area connection”
netsh int ip set address name=“bentech.local” static
netsh int ip set dns Error! Hyperlink reference not valid. static
9. Enter the following command to verify you have name resolution. After
10. Log off your Server Core computer by typing logoff at the command prompt and then pressing
Pg 211 Exercise 6-3 step 14.
After step 14 I believe a step needs to be added to join MSN-SC to the domain. Several upcoming lab
steps seem to indicate MSN-SC should now be part of the domain. MSN-SC needs to be joined to the
domain in order to dynamically register itself in DNS so that its name is resolvable from MSN-SRV, and
also so that it can receive Group Policies.
Pg 211 Figure 6-5
This screen shot of the DNS manager on MSN-SRV shows the zone widgets.local , this was potentially
confusing to students as they took the screen shot literally and felt they hadmissed the steps for
creating the widgets.local zone.
Pg 212 Activity 6-4 step 4 should read:
Expand the dc subdomain and the _sites subdomain and default First Site and then click _tcp. Note a
new zone folder called _msdcs is listed under the bentech.local zone. It is grayed out and represents the
delegation of the _msdcs zone. It contains the NS records point-ing to the server or servers responsible
for hosting the _msdcs.bentech.local zone.
Pg 222 Activity 6-7 Step 7 should read:
Click the Setting tab. Click the Enabled option button and then enter bentech.local,widgetsbiz.local in
the DNS Suffixes text box. You can enter multiple DNS suffixes as long as they are comma-separated
If you get an error in step 7, then skip steps 7 through 9. There is a bug in Server 2008 and the current
hotfix from Microsoft does not resolve it. To add these suffixes within the GUI, use the procedure in
Activity 5-6 on page 179. Then continue with step 10. To add these suffixes in Server Core, start the
Registry Editor(regedit) and add the list as the value for SearchList located in
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters. A Reboot is required after this registry
Pg 248 Activity 6-17 Step 2 should read:
netsh int ip set wins “bentech.local“ static 192.168.100.10 netsh
Pg 248 Activity 6-17 Step 3 should read:
netsh int ip set wins “bentech.local” static 192.168.100.10
Pg 249 should read:
DNScmd ServerName /config /EnableGlobalNamesSupport 1
Pg 251 Activity 6-20 step 2 should read:
netdom join \\MSN-SC-0XX /domain:bentech.local
shutdown /r /t 0
Activity 7-9 (page 275) Step 6, the last line should read:
Activity 7-10 (page 277)Step 5, the command should read:
Net share offline=“c:\70642\Chapter 7\scadminshare” /CACHE:Documents
Activity 7-15 (page 285)Step 1, the second command should read:
Net share SCAdminShare=“c:\70642\...
Also, if replication does not take place, you may need to add
Administrator with Full Control permissions to the offline folder on
Activity 7-16 (page 288) Add the following as Step 1:
Start and log onto MSN-SC-0XX before beginning this lab.
Activity 7-19 (page 291) Skip step 1 since this was done in Activity 7-16.
Activity 8-17 (page 323) in step 10 should read:
10. Click the Available from option button and then set the times from 6:00 PM to 5:00 AM or a time
suggested by your instructor. The time period should not overlap the time period in which this lab
activity is being completed.
Activity 9-1 (page 334) should read:
20. On MSN-SRV-1xx, open the command prompt, and enter the following command to add MSN-
SRV-1XX to the domain, bentech.local:
21. Reboot the server, and then log onto MSN-SRV-1XX as email@example.com.
Activity 9-2: (page 336) should read:
Log onto MSN-SC-0XX and enter the following command to set MSN-SC-0XX to use
MSN-SRV-0XX as a default gateway:
netsh int ipv4 set address name = “bentech.net” static
192.168.100.20 255.255.255.0 192.168.100.10
Activity 9-4 page 340) should read:
4. Open a command prompt, type route add 220.127.116.11 mask 255.255.255.255 192.168.100.10, and then
9. Open a command prompt, type route print, and then press Enter to verify the route for 18.104.22.168 is
Activity 9-5 (page 342) should read
1. On MSN-SRV-0XX, open the command prompt and enter the following commands to add a
default gateway to a scope:
Servermanagercmd.exe -install DHCP
sc config dhcpserver start= auto
net start dhcpserver
netsh dhcp server 192.168.100.10 scope 192.168.100.0
netsh dhcp add iprange 192.168.100.201 192.168.100.250 set optionvalue
003 IPADDRESS “192.168.100.10”
6.In the Actions pane, click More Actions under DHCP Relay Agent and then click New Interface. Select
bentech.local and then click OK.
12. Verify that bentech.local is using an IP address of 192.168.100.211. If you do not see the change,
you may have to issue ipconfig /release followed by ipconfig/renew or reboot the server. If you
required a server reboot, you will need to logon to MSN-SRV-1xx to complete the next step.
Activity 9-6 (page 345) Add the following note or additional Step:
1. Logon to MSN-SRV-1XX for this activity.
Activity 10-4 (page 370) Insert the following step:
14. Repeat steps 7 – 13 using c:\Program Files (x86)\Internet Explorer\iexplore.exe as the program path
in Step 9.
Activity 10-6 Add the following note prior to completing activity.
Prior to beginning this lab, remove the File Services Resource manager with the following command:
Servermanagercmd.exe –remove FS-Resource-Manager
Due to a bug in Windows Server 2008, you will receive an error when trying to create a GPO if you
did not remove the File Services Resource Manager. For more information, search Microsoft.com
Activity 10-9 (Pg 380) Add this note to Activity 11-XX:
If Server 2008 SP2 is installed, you will have issues installing the Drive Prep tool. Either remove SP2 or
perform the following steps:
1. Download the Bit Locker Preparation Tool to the C: drive.
2. Enter the following commands at the command prompt.
a. expand -f:* "C:\Windows6.0-KB933246-x86.msu" %TEMP%
b. pkgmgr.exe /n:%TEMP%\Windows6.0-KB933246-x86.xml
3. Enter “C:\Program Files\BitLocker\BdeHdCfg.exe” on the Run line. This will repartition your
drive to allow Bit Locker to work properly.