Re: Secure dynamic updates on Windows 2003 DNS Server

From: Noël Danjou (noel_at_noeld.com)
Date: 05/18/04

• Next message: Dan: "RE: CCertAdmin.SetCertificateExtension"
• Previous message: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• In reply to: Rhett Gong [MSFT]: "RE: Secure dynamic updates on Windows 2003 DNS Server"
• Next in thread: Rhett Gong [MSFT]: "Re: Secure dynamic updates on Windows 2003 DNS Server"
• Reply: Rhett Gong [MSFT]: "Re: Secure dynamic updates on Windows 2003 DNS Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 18 May 2004 14:59:07 +0200

Hi Rhett,

Thanks for your reply and your information.

I did use the Windows Server 2003 Wizards to install Active Directory and
the DNS Server so all the zone types were set to "Active
Directory-Integrated" (Data is stored in Active Directory) by the wizard.

The dynamic update works fine when I attempt an unsecure update, so the DNS
server is authoritative. The problem happens during the Kerberos
negotiation i.e. before actually updating the zone itself.

Since the gssclient/gssserver example from the Platform SDK does not work
correctly either, this makes me think that there is a problem with the
Kerberos negotiation.

Since my implementation of secure dynamic updates is based on this example,
if I could get the example to work I could probably figure out what's wrong
with my own implementation.

I'd really appreciate if you could provide instructions about how to
configure the Windows Server 2003 system to get the gss example to run.
Thank you.

Best regards,

-- 
Noël

---

• Next message: Dan: "RE: CCertAdmin.SetCertificateExtension"
• Previous message: Alun Jones [MS MVP - Security]: "Re: ssl negotiation failed with Microsoft IIS"
• In reply to: Rhett Gong [MSFT]: "RE: Secure dynamic updates on Windows 2003 DNS Server"
• Next in thread: Rhett Gong [MSFT]: "Re: Secure dynamic updates on Windows 2003 DNS Server"
• Reply: Rhett Gong [MSFT]: "Re: Secure dynamic updates on Windows 2003 DNS Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: AD Domain controller replacement ... Zone Transfer: ... Create a secondary zone on the Windows Server 2003 system for the zone ... Copy the DNS zone file from the current DNS server: ... (microsoft.public.windows.server.migration) RE: 3 MUD Migration Strategy thoughts please ... Active Directory Operations Overview ... Once you have decided to implement an in-place upgrade process will go like ... you can install Exchange server and transfer mailbox etc. ... Why Upgrade from Windows NT 4.0 to Windows Server 2003 ... (microsoft.public.windows.server.migration) Re: Split-Brain DNS ... > What do I need to do to setup split-brain DNS for the company? ... > external DNS server I have setup on our DMZ, ... Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth, ... Download details Windows Server 2003 Active Directory Branch Office Guide: ... (microsoft.public.windows.server.dns) Re: Why do i need to know AD ? ... DNS Support for Active Directory Technical Reference ... Is the directory service included in the Windows Server 2000/2003 family. ... controller to interact with domain controllers in the domain running Windows ... used to configure replication between sites. ... (microsoft.public.windows.server.active_directory) Re: Forest Setup Question ... Deployment Kit, which you can purchase in hard copy form at Amazon (or ... Designing the Active Directory Logical Structure ... Enabling Advanced Windows Server 2003 Active Directory Features ... Deploying the Windows Server 2003 Forest Root Domain ... (microsoft.public.windows.server.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2004-05