We take it for granted that our network uses the TCP/IP protocol for network communications. While it might seem like second nature to use TCP/IP now, it wasn’t always this way. It’s only in the last few years that TCP/IP has reached a position as the premier networking protocol.

The primary reason TCP/IP wasn’t used more often was that it’s not easy to set up and configure. Unlike other protocols, such as NetBEUI and IPX/SPX, you can’t just install TCP/IP and let ‘er rip! To design a TCP/IP network, you must have a good understanding of the protocols and how to configure them.

In this Daily Drill Down, I’ll take a look at the Windows 2000 Professional TCP/IP configuration options. While basic TCP/IP configuration might seem easy, there are many options that are less than intuitive. It’s these options that can make or break your TCP/IP network client configuration. I’ll cover the following topics:

  • Configuring services on the local interface
  • Configuring basic TCP/IP properties
  • Configuring advanced TCP/IP properties

After you finish this Daily Drill Down, you’ll never be mystified by TCP/IP client-side configuration again.

Configuring services on the local interface
To begin configuring the Windows 2000 TCP/IP client configuration, right-click the My Network Places object on the desktop and click Properties. You’ll see the screen shown in Figure A.

Figure A
The General tab allows you to configure the network interface card (NIC) and TCP/IP components for this interface.

In the Components Checked Are Used By This Connection frame is a list of network services bound to the interface. Remember that these networking components are bound to all IP addresses on this interface. There is no way via the GUI to bind components selectively to a particular address bound to the interface.

By default, the following components are included on a Windows 2000 Professional machine:

  • Client for Microsoft Networks
  • File and Printer Sharing for Microsoft Networks
  • Internet Protocol (TCP/IP)

Selecting a component and clicking the Properties button will allow you to configure it.

Client for Microsoft Networks
The Client for Microsoft Networks component performs a number of duties; its main job is acting as the CIFS redirector. The redirector allows the machine to be a Common Internet File System (CIFS)/Server Message Block (SMB) client. Windows uses CIFS as its file-sharing protocol. When you select the Client For Microsoft Networks option and click Properties, you see the screen shown in Figure B. You can choose either the Windows Locator or DCE Cell Directory Service.

Figure B
The default is Windows Locator. You should not change this unless you are participating in a DCE Cell Directory Services environment.

File and Printer Sharing for Microsoft Networks
The File and Printer Sharing for Microsoft Networks component is the Windows CIFS Server service. You must have the server service enabled to share printers, files, and folders. The server service is implemented as a file system driver that accepts requests from the client-side redirectors.

On Windows 2000 Professional computers, this feature is not configurable. However, when you click on the File And Printer Sharing For Microsoft Networks component and click Properties on a Windows 2000 Server, you will see the screen shown in Figure C.

Figure C
Memory allocated to the server service is manipulated by selecting these options.

Configuring the NIC properties
Click the Configure button to configure the NIC. When you click this button, you’ll see the screen shown in Figure D. The configuration options for each NIC vary with the type and manufacturer of the interface.

Figure D
Be sure you keep your NIC documentation available so that you can decipher the configuration options on the Advanced tab!

Configuring basic TCP/IP properties
To configure TCP/IP properties, select Internet Protocol (TCP/IP) (see Figure A) and click the Properties button. You will see the screen shown in Figure E.

These options are available in the top frame:

  • Obtain An IP Address Automatically
  • Use The Following IP Address

The Obtain An IP Address Automatically option makes the machine a DHCP client. If there is a DHCP server available, the client will be able to obtain and use IP addressing information provided by the DHCP server without needing to reboot. The Use The Following IP Address option allows you to manually configure the IP Address, Subnet Mask, and Default Gateway. The first two entries are required.

These options are available in the lower frame:

  • Obtain DNS Server Address Automatically
  • Use The Following DNS Server Addresses

The Obtain DNS Server Address Automatically option allows the machine to obtain its DNS server address from a DHCP server. You can manually configure the DNS server address by selecting Use The Following DNS Server Addresses. The Preferred DNS Server address is used first to perform host name queries. If the Preferred DNS Server is not available, then the Alternate DNS Server is tried.

When alternate DNS servers are searched

DNS servers are searched based on their position on the DNS server search list. As soon as a DNS server returns a positive or negative answer, no other servers on the list are searched. This means that if the server at the top of the DNS server search list is available but not able to resolve the name, the alternate DNS servers are not searched.

Figure E
The Default Gateway is only required on a routed network and then only if you want the client to contact machines on remote network IDs.

Configuring advanced TCP/IP properties
Click the Advanced button to access the advanced TCP/IP properties. The IP Settings tab appears first, as seen in Figure F. In the IP Addresses frame, you can bind additional IP addresses to the physical interface. The IP address at the top of the binding order is the Primary IP address for the interface. You can add as many IP addresses as you need because there are no hard-coded limits.

The Default Gateways frame allows you to add additional default gateways. Each gateway includes an address and a metric. The metric is a way to assign preference to a particular gateway. If dead gateway detection is enabled, the client will be able to detect that a gateway is down and will move down the list of gateways.

Figure F
When a packet is destined for a remote network, it will be sent to the gateway with the lowest metric.

Advanced DNS client settings
When you click on the DNS tab, you’ll see the screen shown in Figure G. In the DNS Server Addresses, In Order Of Use dialog box, you can add DNS servers to query in the event that the Preferred and first Alternate DNS servers become unavailable. After adding more DNS servers, you can change the DNS server search order by selecting the IP address of the DNS server and clicking either the up or down arrow just to the right of the DNS server addresses.

Figure G
The DNS tab displays options to configure advanced DNS client settings.

There are two options below the DNS server addresses that control how DNS queries are formulated for unqualified requests before they are sent to the DNS server:

  • Append Primary And Connection Specific DNS Suffixes
  • Append These DNS Suffixes (In Order)

The first option will append the machine’s primary and connection specific suffixes to the DNS query. You can find the primary DNS suffix by opening the System applet in the Control Panel and clicking on the Properties button located under the Network Identification tab (Figure H).

For example, suppose you typed the URL http://fileserver1. This is an unqualified request because there is only a single label in the request. A Fully Qualified Domain Name (FQDN) must be sent to the DNS, so in this case, the tacteam.net domain name will be appended to the query. The client-side resolver will send a query for fileserver1.tacteam.net.

Figure H
Identifying the machine’s primary DNS suffix which, in this case, is tacteam.net

You can use a custom DNS suffix to be added to unqualified queries by typing in the name in the DNS Suffix For This Connection text box (Figure G). If the query with the primary connection’s suffix does not return a positive response, the client-side resolver will send a query with the connection-specific DNS suffix. This option is useful if you are using WINS Referral Zones.

The Append Parent Suffixes Of The Primary DNS Suffix option allows the DNS client-side resolver to send multiple queries by devolving the primary and connection-specific suffix. For example, if your primary DNS suffix were dev.tacteam.net, the resolver would first append the dev.tacteam.net DNS suffix to an unqualified request. If that request returned a negative response, the resolver would formulate a second query using tacteam.net for the DNS suffix. Note that the resolver will not devolve the request past the second-level domain.

The second option, Append These DNS Suffixes (In Order), allows you to fine-tune the DNS suffix search order for unqualified requests. This is often useful if you have created a WINS Referral Zone that is responsible for resolving DNS queries by sending them to a WINS server. Rather than using the primary connection’s DNS suffix, you can add a custom list of suffixes that will be sent for unqualified requests.

Put a check mark in the check box for Register This Connection’s Addresses In DNS to have the Host (A) record information for this connection entered into a Dynamic DNS server (DDNS). Note that it is a good idea to remove this check mark when you have a multihomed server that has one interface connected directly to the Internet.

The Use This Connection’s DNS Suffix In DNS Registration option allows you to register the custom DNS Suffix For This Connection. This connection is registered in addition to the primary DNS suffix, which is appended to the computer name.

Advanced WINS client configuration
Click on the WINS tab and you will see the screen shown in Figure I. In the WINS Addresses, In Order Of Use frame, you add WINS server addresses to use for NetBIOS name resolution. You can enter a total of 12 WINS servers. However, while additional WINS servers can provide fault tolerance for NetBIOS name resolution, they will also increase the total time it takes to get a negative response if all WINS servers are unable to resolve the request.

The Enable LMHOSTS Lookup option allows you to use a text file containing NetBIOS name/IP address mappings. This is the LMHOSTS file and is located at \system_root\system32\drivers\etc. If you already have an LMHOSTS file, you can click the Import LMHOSTS button to import the entries into the LMHOSTS file.

The LMHOSTS file does not have a file extension

When editing the LMHOSTS file, make sure that you do not save the file with an extension. For example, if you create an LMHOSTS file in Notepad, the default is to save the file with the .txt file extension. To prevent an application from saving the file with an extension, enclose the file name in quotes. This will save the file with the name exactly as you have typed it.

There are three options related to how NetBIOS is configured for the interface:

  • Enable NetBIOS Over TCP/IP
  • Disable NetBIOS Over TCP/IP
  • Use NetBIOS Setting From The DHCP Server

NetBIOS over TCP/IP (NetBT) is a session layer interface included with the TCP/IP protocol stack that allows NetBIOS applications to have NetBIOS names resolved to an IP address before sending the request down the protocol stack. If you have any legacy components on your network that require NetBIOS, you should use either Enable NetBIOS Over TCP/IP or Use NetBIOS Setting From The DHCP Server option.

Figure I
The overwhelming majority of networks contain NetBIOS applications and services; therefore, you should leave NetBIOS enabled.

Advanced TCP/IP options
Click the Options tab and you will see the screen shown in Figure J. There are two options:

  • IP Security
  • TCP/IP Filtering

Figure J

The IP Security option allows you to configure IPSec policies on the interface. When you click on the IP Security option and click Properties, you’ll see the screen shown in Figure K. The default setting is to not apply IPSec policy to the interface. If you select the Use This IP Security Policy option and click the down arrow, the three built-in IPSec policies are made available.

Figure K
If you create custom IPSec policies, they will show up on this list.

When you click the TCP/IP Filtering option and click Properties, you will see the screen shown in Figure L. When you put a check mark in the check box for Enable TCP/IP Filtering (All Adapters), you make TCP/IP filtering available for all adapters on the machine. Note that this does not imply that all adapters in the machine have the same settings.

TCP/IP filters allow you to configure packet filtering on the local interface. You can filter by TCP and UDP ports. You can also filter by IP protocol number. In this example, the filter allows only TCP packets destined for ports 21, 25, 53, and 80 through the network interface. All other packets will be dropped.

Figure L
You can create similar packet filters for UDP ports.

The IP protocol filters allow you to type in the number of the IP protocol. For example, if you wish to allow only Generic Routing Encapsulation (GRE) protocol packets through the interface, you could add a packet filter for IP protocol 47.

Filtering ping packets

Ping requests and responses use ICMP, which is IP protocol number 1. If you entered a packet filter that permitted only IP protocols 6 (TCP) and 17 (UDP), ICMP messages (IP protocol 1) would still make it through the filter because TCP/IP filtering does not support filtering ICMP messages. You must use the Windows 2000 RRAS service to filter ICMP messages.

In this Daily Drill Down, I covered all the client-side TCP/IP configuration parameters. I identified the three main networking components on a Windows 2000 client and broke each down to explain their main functions and attributes. I focused heavily on the TCP/IP properties since this is often the most confusing area for anyone new to networking. Armed with this knowledge, you will be able to manually configure and troubleshoot any Windows 2000 Professional computer’s IP parameters.