Deploy the MPS DNS Client

Cc526738.chm_head_left(en-us,TechNet.10).gif Cc526738.chm_head_middle(en-us,TechNet.10).gif Cc526738.chm_head_right(en-us,TechNet.10).gif

Deploy the MPS DNS Client

Configure DNS Provider components as described in the sections that follow. This topic describes how to install and configure Microsoft Provisioning System (MPS) DNS provisioning.

Tasks

  • Activate the ASP.NET Extensions
  • Register ASP.NET 2.0 as Default
  • Install the MPS DNS Client
  • Configure Server Certificates

Activate the ASP.NET Extensions

The MPS DNS client requries ASP.NET to be installed. Install ASP.NET on DNS01 using Add/Remove Windows Components.

Procedure DWSPV.49: To activate ASP.NET

  1. On DNS01, open Add or Remove Programs, and then click Add/Remove Windows Components.
  2. Select Application Server, and then click Details.
  3. Select ASP.NET.
  4. Complete the activation of ASP.NET.

Register ASP.NET 2.0 as Default

The MPS DNS client requires that ASP.NET 2.0 be registered as the default script mapping. To do so, perform the following procedure on DNS01.

Procedure DWSPV.50: To register ASP.NET 2.0 as default

  1. On DNS01, open a command window.
  2. At the command prompt, change the directory by typing cd C:\Windows\Microsoft.NET\Framework\v2.0.50727, and then pressing ENTER.
  3. At the command prompt, type the following command and press ENTER: aspnet_regiis.exe -r

You should register ASP.NET 2.0 as the default version of ASP.NET for all sites. Note that this can be changed on a per site basis using the Internet Information Services (IIS) Manager.

Install the MPS DNS Client

Install the MPS DNS client on DNS01 using default values.

Procedure DWSPV.51: To install the MPS DNS Client on DNS01

  • On DNS01, run DNSClient.msi from the Windows-based Hosting distribution disc in the Service Provisioning\MPS\Providers\DNS directory.

Configure Server Certificates

To enable secure communications between the DNS Provider Web application and the DNS Provider client components using Secure Sockets Layer (SSL), you must install the Certificate Chain and request a Certificate that will be used by the DNS Provider Web Application.

Procedure DWSPV.52: To install the certificate chain for your CA on DNS01

  1. On DNS01, browse to https://PKIRoot/certsrv
  2. When prompted, log on as a member of the Domain Administrators group.
  3. From Select a task, click Download a CA certificate, certificate chain, or CRL.
  4. Accept the default settings, and, near the bottom of the page, click Download CA certificate chain.
  5. In the File Download dialog box, click Save.
  6. Save the file on the root of the C: drive on DNS01.
  7. Close Internet Explorer.
  8. Click Start, and then click Run.
  9. Type mmc.exe, and then click OK.
  10. On the File menu, click Add/Remove Snap-in.
  11. In the Add/Remove Snap-in dialog box, click Add.
  12. In the Add Standalone Snap-Ins dialog box, select Certificates from the list of available standalone snap-ins.
  13. Click Add.
  14. Select Computer account, and then click Next.
  15. In the Select Computer dialog box, make sure Local computer: (the computer this console is running on) is selected, and then click Finish.
  16. Click Close, and then click OK.
  17. In the left pane of the Certificates console, expand Certificates (Local Computer).
  18. Expand Trusted Root Certification Authorities.
  19. Right-click Certificates, point to All Tasks, and then click Import.
  20. At the Import Wizard, click Next.
  21. Click Browse, select the file where you saved the certificate in step 6, and then click Open. You may need to select Files of type: All Files (*.*) in order to see the certificate file in the Open dialog box.
  22. Click Next.
  23. Leave the default value Place all certificates in the following store and ensure Trusted Root Certification Authorities appears under the Certificate store.
  24. Click Next, and then click Finish.
  25. At the Successful Import prompt, click OK.
  26. Close the Microsoft Management Console (MMC) console window. If prompted to save the MMC, save it as Certificates (local Computer).

Next, request the certificate from the CA. This certificate will be used to secure comminication between the MPS server and the DNS client.

Procedure DWSPV.53: To manually request a certificate for DNS01

  1. On DNS01, browse to https://PKIRoot/certsrv.

  2. Click Request a Certificate.

  3. Click Advanced certificate request.

  4. Click Create and submit a request to this CA.

  5. In Certificate Template, select the Web Server template.

  6. In the Identifying Information For Offline Template section, enter the IP address of the DNS01 machine for the Name field.

    Important

    The Name field must contain the IP address of the DNS01 machine for DNS provisioning to work properly over SSL.

  7. Fill in other fields in the Identifying Information For Offline Template section as appropriate for your organization.

  8. In Keys Options, select the Store certificate in the local computer certificate store check box. Accept all other defaults.

  9. In the Friendly Name box (at the bottom of the form), enter the IP address of the DNS01 machine, and then click Submit.

  10. In the Potential Scripting Violation dialog box, click Yes.

  11. Click Install this certificate.

  12. In the Potential Scripting Violation dialog box, click Yes.

  13. Close Internet Explorer.