Deploy the MPS DNS Client

This topic describes how to install and configure Microsoft Provisioning System (MPS) DNS provisioning.

  1. Activate the ASP.NET Extensions

  2. Register ASP.NET 2.0 as Default

  3. Install the MPS DNS Client

  4. Configure Server Certificates

The MPS DNS client requries ASP.NET to be installed. Install ASP.NET on DNS01 using Add/Remove Windows Components.

Procedure W03-DWSPV.49: To activate ASP.NET

  1. On DNS01, in Add or Remove Programs, click Add/Remove Windows Components.

  2. Select ASP.NET for Application Server settings.

  3. Follow the on-screen instructions to complete the activation of ASP.NET.

The MPS DNS client requires that ASP.NET 2.0 be registered as the default script mapping. To do this, perform the following procedure on DNS01.

Procedure W03-DWSPV.50: To register ASP.NET 2.0 as default

  1. On DNS01, at a command prompt, change the directory by running the following command:

    cd C:\Windows\Microsoft.NET\Framework\v2.0.50727.
  2. At the command prompt, run the following command:

    aspnet_regiis.exe -r

You should register ASP.NET 2.0 as the default version of ASP.NET for all sites. Note that this can be changed on a per site basis using the Internet Information Services (IIS) Manager.

Install the MPS DNS client on DNS01 using default values.

Procedure W03-DWSPV.51: To install the MPS DNS Client on DNS01

  1. On DNS01, run DNSClient.msi from the solution distribution media in the Service Provisioning\MPS\Providers\DNS directory.

To enable secure communications between the DNS Provider Web application and the DNS Provider client components using Secure Sockets Layer (SSL), you must install the Certificate Chain and request a Certificate that will be used by the DNS Provider Web Application.

Procedure W03-DWSPV.52: To install the certificate chain for your CA on DNS01

  1. On DNS01, browse to http://PKIRoot/certsrv. When prompted, log on as a member of the Domain Administrators group.

  2. Follow the on-screen instructions to download CA certificate chain and save the file on the root of the C: drive on DNS01.

  3. Start Microsoft Management Console by running mmc.exe at a command prompt.

  4. On the File menu, select Add/Remove Snap-in.

  5. Add a certificate snap-in to manage certificate for the local computer (the computer this console is running on).

  6. In the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities.

  7. Right-click Certificates, point to All Tasks, and then select Import.

  8. Follow the Import Wizard to select and open the file where you saved the certificate in step 2.

  9. Leave the default value Place all certificates in the following store and ensure Trusted Root Certification Authorities appears under the Certificate store.

  10. Follow the on-screen instructions to complete the import.

  11. Close the Microsoft Management Console (MMC) console window. If prompted to save the MMC, save it as Certificates (local Computer).

Next, request the certificate from the CA. This certificate will be used to help secure communication between the MPS server and the DNS client.

Procedure W03-DWSPV.53: To manually request a certificate for DNS01

  1. On DNS01, browse to http://PKIRoot/certsrv. Select Request a Certificate, and then select Advanced certificate request.

  2. Select Create and submit a request to this CA.

  3. Select Web Server template as the certificate template.

  4. In the Identifying Information For Offline Template section, enter the IP address of the DNS01 server for the Name field.

    The Name field must contain the IP address of the DNS01 server for DNS provisioning to work properly over SSL.

  5. Fill in other fields in the Identifying Information For Offline Template section as appropriate for your organization.

  6. In Keys Options, select the Store certificate in the local computer certificate store check box. Accept all other defaults.

  7. In the Friendly Name box (at the bottom of the form), enter the IP address of the DNS01 server.

  8. Follow the on-screen instructions to complete the certificate installation.