Setup Windows Firewall on a Domain Controller

If you would like to enable Windows Firewall on a domain controller, you will want to consider the following exceptions to the firewall before going live. These exceptions are necessary if you want domain authentication and file and print sharing. I would also recommend enabling these ports so only the local network is the exception. Allowing “outside” access may be hazardous to your server’s health.

Enable program exceptions for lsass.exe and ntfrs.exe.exe which are found under %windir%\system32.

Enable port exceptions for ports 53 (TCP and UDP), 88 (TCP and UDP), 123 (UDP), 135 (TCP), 137 (TCP), 389 (UDP), 464 (TCP and UDP) and 636 (TCP).

 

Did this help, leave a comment…

Network Lag…

Recently I received a call from an IS manager who described with great anguish, his local network lag time. He reported to me that his client’s access to a local file server was jaw droppingly slow. He went on to tell me that after checking the configurations of the switches and the file server, he did not see any irregularities. He could access other servers on the same network segment but for some reason he was having issues with this particular server.

Here is a visual:

As you can see I ran traces on the different network segments and I focused most of my attention on the file server/ media convert/ switch. I did not find any configuration issues with any of the network equipment and the file server seemed to be doing its job. After running the traces I did notice that packets were being dropped at the file server and runts were being detected.

In my experience physical connections/hardware or configuration is the leading cause of dropped packets. Since my customer thoroughly checked his hardware, the configuration piece could still be a problem. Looking back at my traces, there is one segment that could still be misconfigured. The inbound switch and the client computers.

…Conclusion

As you might expect, there was a configuration issue but it wasn’t as obvious as you might think. The clients were set to auto negotiate and the switch was hard-coded at Full duplex, the Windows clients could not negotiate a duplex with the switch and subsequently defaulted to half duplex, creating a mis-match.

Because of the duplex mismatch, packets were being dropped and therefore never made it to the File Server for acknowledgement.

The dropped packets caused retransmissions from the client, which resulted in huge network latency directly effecting the end-users.

To correct the issue the configuration of the client or the switch will need to be modified to allow proper duplex negotiation.

Quick Internet Troubleshooting

Troubleshooting Your Internet Connection

 

The following is a quick reference to help you troubleshoot your internet or LAN connections. This quick guide is only a general home based networking reference, specific issues may need more advanced troubleshooting techniques. This guide assumes that you have a broadband connection with a dynamically assigned ip address, if you are not sure if our ip address is dynamically or statically assigned please consult your ISP. This article addresses connection issues resulting from wired and wireless network problems.

 

1. Decide whether it is your wireless connection (router) or your internet connection (modem).

• on your wireless computer make sure your wireless signal notification icon has full signal

• on your desktop computer or a computer directly connected to your router, try to access the internet

2. If you cannot access the internet on both wireless and non-wireless machines you may have an internet (modem) problem.

• without turning anything off, unlplug the RJ45 (ethernet) cable running from your computer to your router (at the router end)

• now plug the cable in from your computer directly into your modem

• wait a few minutes (you may also need to restart your desktop computer or simply repair your internet connection), now try to access the internet

3. If you cannot access the internet directly connected to the modem, you could have a modem problem.

• unplug the power to your modem, wait 30sec and plug back in … try to access the internet

• if restarting your modem does not work, call your ISP, the network may be down

• at this point you may want to check your ip configuration, in a command prompt type “ipconfig”. If your ip address is (0.0.0.0 or starts with 169.x.x.x) then you do not have a valid ip. Your ISP will need to know this information.

4. You can access the internet directly connected to the modem OR you can access the internet from your desktop machine which is connected to the router.

• you could have a wireless communication problem between your router and your wireless enabled computer

• unplug your desktop machine from the modem and return the connection backto your router (your normal configuration)

• restart your wireless router by unpluggin it, waiting 30sec and plugging it back in, during this time restart your laptop

• try to access the internet from your laptop (through your wireless connection)

• if you are still not getting signal, you are not “associated” with the router and will need to make some changes

• navigate to Start> Control_Panel> Network_Connections> Wireless_Connection> Properties> Wireless_Networks> select your networks SSID (or name)> Properties>

• once their you will need to re-enter your password or key for the WPA-PSK/WEP encryption scheme, to Apply> hit “OK”

• wait a few moments … your connection should establish

5. You still cannot connect wirelessly.

• their maybe a problem with your wireless router configuration

• you will need to take approximately the same actions as step 4 but for your router

• from your desktop open an internet browser and type your wireless router’s IP address (i.e. 192.168.1.1) in the address bar

• you will need to login with your username and password, if you have never changed this option it will be the factory default username and password

• navigate to your wireless options where you are able to select “encryption”

• you should see options for WEP, WPA-PSK, or none, select the appropriate security method. You may now need to re-type your password or key (the same one you typed for your wireless enabled computer)

• save your settings and make sure your “SSID” is set.

Your wired and wireless network connection is now through the first and the most common steps of troubleshooting. If problems still exist at this point you may need to call a computer technician for more specialized troubleshooting.