You need to ensure that you can use IPAM on Server1to manage DNS on DC1

Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Serverfeature installed.
On DC1, you configure Windows Firewall to allow allof the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in theexhibit.

You need to ensure that you can use IPAM on Server1to manage DNS on DC1. What should you do?

Your network contains an Active Directory domain named contoso.com.
The domain contains a domain controller named DC1 and a member server named Server1.
Server1 has the IP Address Management (IPAM) Serverfeature installed.
On DC1, you configure Windows Firewall to allow allof the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in theexhibit.

You need to ensure that you can use IPAM on Server1to manage DNS on DC1. What should you do?

A.
Modify the outbound firewall rules on Server1.

B.
Add Server1 to the Remote Management Users group.

C.
Add Server1 to the Event Log Readers group.

D.
Modify the inbound firewall rules on Server1.

Explanation:
The exhibit shows (in the details tab) that firewall rules are OK for DNS management(DNS RPC Access
Status Unblocked)
But it shows too that Event log Access Status is blocked (which by the way blocks the IPAM Access Status)
=>we should solve this by adding the Server1 computer account to the Event Log Readers group
==================
Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta (download.
microsoft.com)
[…]
Manual provisioning
For manual provisioning, ensure that the required access settings are appropriately configured on the
target server manually.
[…]
Verify Access
Verify that IPAM access status is listed as unblocked indicating that manual or GPO based provisioning
is successfully complete.
[…]
For the IPAM access status value to be allowed, all of the access sub-states shown in the details pane
should be marked as allowed. These access states are:
DNS RPC access status
DHCP RPC access status
Event log access status
DHCP audit share access status
[…]
Troubleshooting Access Issues
If any of the access sub-states for managed server roles is showing in the Blocked state, check that the
corresponding setting is enabled on the target server. For details of access setting to sub-state mapping
refer to the IPAM Access Monitoring section in thisguide. For GPO based provisioning, the GPResultcommand
line tool can be used to troubleshoot group policy update issues. The provisioning task setup by IPAM DHCP
and DNS GPOs creates a troubleshooting log in the location %windir%\temp named IpamDhcpLog.txtand
IpamDnsLog.txtrespectively.
===================
http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/c882c077-61bd-45f6-ab47-735bd728d3bc/
IPAM – Unblock access to a DC?
The process to manually (not GPO based) unblock a DNS/DC server is:
1. Enable DNS RPC accessby enabling the following inbound Firewall rules:
a) DNS Service (RPC)
b) DNS Service (RPC Endpoint Mapper)
2. Enable remote management access by enabling the following inbound Firewall rules:
a) Remote Service Management (RPC)
b) Remote Service Management (RPC-EPMAP)
3. Enable Remote Event Log Management RPC access byenabling the following inbound Firewall rules:
a) Remote Event Log Management (RPC)
b) Remote Event Log Management (RPC-EPMAP)
4. Add the IPAM machine acct to the Event Log Readers domain security group. See the example below.
This view is from Active Directory Users and Computers \ contoso.com \ Builtin \ Event Log Readers:
Also, there should be a Details tab at the bottom that summarizes whether or not the correct firewall
ports and the Event Log Access status are unblocked.



Leave a Reply 1

Your email address will not be published. Required fields are marked *