2008年2月20日 下午 12:17
I'm using WS08 ver 6.0.6001 and I have 2 nodes in my test network:
1. Full - AD server
2. Core - Member server
Problem is that, when I add the Core server to domain then the Firewall profile stays Standard.
Could somebody please tell me how to get the profile to Domain profile? What should I check?
PS! I am using Public IP Addresses.
2008年2月20日 下午 09:39
Since the firewall in Server Core performs in the same way as the firewall in a Full Installation of Windows Server 2008 and Windows Server 2003, the following piece of text from the Windows Firewall Technical Reference on the Microsoft Web site applies:
Windows Firewall uses a network determination algorithm to determine which profile to use.
The network determination algorithm uses connection-specific DNS suffix information to determine whether a computer is connected to a managed network containing the domain in which the computer is a member. To do this, the algorithm compares the following DNS suffix information:
The last-received Group Policy update DNS name. This is stored in the HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName registry entry and represents the connection-specific DNS suffix of the connection over which the last Group Policy update was received.
The connection-specific DNS suffixes of the currently connected connections (those that are assigned an IP address) that are not Point-to-Point Protocol (PPP) or Serial Line Internet Protocol (SLIP)-based, such as dial-up or VPN network connections.
Using this DNS suffix information, the algorithm performs the following analysis:
If the computer is not a member of a domain, then the computer is always attached to another network.
If the last-received Group Policy update DNS name matches any of the connection-specific DNS suffixes of the currently connected connections on the computer that are not PPP or SLIP-based, then the computer is attached to a managed network.
If the last-received Group Policy update DNS name does not match any of the connection-specific DNS suffixes of the currently connected connections on the computer that are not PPP or SLIP-based, then the computer is attached to another network.
Windows uses this network determination process during startup and when it is informed by the Network Location Awareness service that network settings on the computer have changed. To determine which profile to use, Windows Firewall applies this network determination process as follows:
- If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based (such as an Ethernet or 802.11 wireless network adapter) matches the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the domain profile.
If the connection-specific DNS suffix of a currently connected connection on the computer that is not PPP or SLIP-based does not match the value of the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\History\NetworkName registry entry, Windows Firewall uses the standard profile.
In short: The Server Core box feels it is not connected to a network that contains the domain controllers for the domain in which its computer account resides.
2008年3月7日 下午 01:58
OK I get it
But in this case I can't see the way i can resolve my situation:
1. I have public network as serving the Hyper-V interface
2. I have a private VLAN for SAN network (192.168.0.x)
first server now has 3 NIC's:
1. DC serving DNS and DHCP
2. DHCP enabled Public Hyper-V
second and third has 2NIC's:
1. DHCP enabled Public Hyper-V serving HTTP
How could I then use the Firewall's Domain Profile to secure my connections between servers with Domain Rules and open up only HTTP connection with Public Rules.
I know that Firewalls Domain Profile is activated only when second and third servers can authenticate with my domain controller using every network interface. So is there even a way that i could solve this with available hardware?
2008年3月10日 下午 11:48擁有者
Based on my understanding of the firewall, you are going to have to simply open the ports you need. You aren't going to be able to use both domain and public.
2012年3月14日 上午 09:55
Do you know how to change a 2008 R2 Server Core's network profile from Public to Domain?
I have a remote server core DC which keeps on switching between Public and Domain on reboots.
- 已編輯 jason404 2012年3月14日 上午 10:21