Recent content by ITPangaeaArchitect

puclic facing = signed cert from someone like verisign internal/employee only access = private ca chain =the best user experience and highest security factor... - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)

Ok so here's the deal. If your websites that wwill be encrypted are public facing, you will want to go with a certificate from someone like verisign to secure the site (downside being, no client side cert reqs can be implemented). however, for internal/employee only sites, in other words, those...

Just find a good password encryption software and install it on a machine that has whole disk encryption on it, and if possible, EFS running on top of it as well (if it wont cause corruption of the files), then restrict access to that system to only a few trusted individuals (if using windows...

that is very true, but my point was that you never know when youre gonna have some schmuck running Windows 98 out there in the world trying to get in...for instance....and a decision needs to made whether that will be accepted or not (but it is applicable more to public facing websites since...

ok so here's the deal. if you are using MS DNS in an AD domain, then it is recommended to point clients to DCs for DNS. This is because ONLY DCs can take part in AD replication, which includes the replication of DNS records to other DCs. This, in a nutshell, is why you are supposed to point...

ok so here's the deal (and I am going off assumption of Microsoft technology being used, but it applies either way): first off, yes, you can host as many websites as you'd like named anything you like and have the zones hosted on one DNS server. i will give an example in a sec... second, I am...

there are considerations you need to make before being so rash. The primary consideration is the OS and potential IE level of any clients that connect to your site.....along with potential other browser types that may access the site (firefox, mozilla, etc.). if you are certain that all browser...

yea what your seeing is a subsequent verification of netbios name after dns resolution. if you look at a trace taken from the client and server, on the client you would see dns calls going out (and if the client faces the dc for dns and trace is taken from there, youd see incoming calls), then...

DNS doesnt work that way. You are forgetting to put a forwarder to your ISPs DNS server. Do that, you'll get out...or create a new root hint (forwarders are easier and mroe readily configurable though) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT...

Agreed. The easiest solution to this is to create two separate subnets off of each of these cable modems by either sticking a router in the middle, or an RRAS server. With an RRAS server, you can install a second and third NIC to connect to each network segment as well. But this is definitely...

anytime buddy :) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)

k glad to hear its working right now though :) - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)

actually the multihoming can still be the problem. If it writes the wrong SOA into the zone, even for a short time, then in that short time it is quite possible for clients to get an error such as that.... next time you get the error, grab netdiag /v results on the problem server and post...

do a query through ldp, adsi script, or adsiedit.msc against "CN=ForestDnsZones,DC=domain,DC=com" and against "CN=DomainDnsZones,DC=domain,DC=com" See which one has records in it. - Brandon Wilson MCSE:Security00/03; MCSA:Security03 MCSA:Messaging00; MCP; A+ IT Pangaea (http://it-pangaea.com)

you should have DNS installed on all DCs. from there, the PDCe should face itself and itself only for DNS. all replica DCs in the same site as the PDCe should face the PDCe for preferred DNS, and themselves as alternate DNS. One DC in remote sites should point to the PDCe as the preferred DNS...