Prepare the MPS Engine
In this section, you install Microsoft Windows Server 2003 and Internet Information Services (IIS), to the Provisioning Engine (MPS01). You restrict network access to this server and then move it to the Provisioning back-end servers OU.
To complete this task you will perform the following procedures:
| • | Install and Prepare Windows Server 2003 R2 on MPS01. |
| • | Install IIS on MPS01. |
| • | Enable network DTC and network COM+ access. |
| • | Ensure inbound and outbound DTC access are enabled on MPS01. |
| • | Delegate impersonation to the Provisioning Engine server. |
| • | Disable the external metwork interface for MPS01. |
Prepare the MPS01 Server
The Provisioning Engine requires Windows Server 2003 R2 and must be a member of the fabrikam domain.
Procedure DWSPV.1: To install Windows Server 2003 R2 on MPS01
| • | Insert Disc 1 into your CD-ROM drive, and then restart the computer. |
1. | Follow the instructions in your computer's startup routine to start the computer from the CD. |
2. | Perform a default installation of Windows Server 2003, Standard Edition (with Service Pack 1 Integrated), by using the CD boot method. Install the Support Tools from the Windows Server 2003 CD. Use appropriate naming conventions for your environment.  NoteYou can install Windows Server 2003 by using Automated Deployment Services (ADS) to deploy an image as described in Use Server Purposing. |
3. | After Setup for Windows Server 2003 with SP1 is complete, log on to the computer as an administrator. Insert Disc 2 into your CD-ROM drive. Setup for Disc 2 should start automatically. If it does not start automatically, browse to Disk 2 (or the shared folder that contains the Setup files) and in the \Cmpnents\R2 folder, click Setup2.exe. Follow the instructions on your screen to upgrade to R2. |
Procedure DWSPV.2: To prepare MPS01
| • | Enable an internal-facing (BackNet) network interface. Assign this interface a BackNet IP address and Subnet Mask and set the DNS server to the BackNet IP address of AD01. |
1. | Enable an external-facing network interface. Assign this interface an external IP address, Subnet Mask, Gateway, and DNS server. NoteThe external-facing network interface will be disabled at a later time. This is a temporary interface used primarily to download software updates. |
2. | Click Start, point to Control Panel, click System, and then click the Remote tab. |
3. | Select the Enable Remote Desktop on this computer check box. In the warning dialog box, click Yes. |
4. | Click Start, point to Control Panel, and then click Add or Remove Programs. |
5. | Click Add/Remove Windows Components, and select the check box to install the Microsoft .NET Framework 2.0, and then click Next. |
6. | After installation completes, click Finish. |
7. | Install Support Tools from the Windows 2003 CD. Browse to the Support Tools directory and run SupTools.msi. Follow the instructions on your screen to install the Support Tools. |
8. | Set the Application, Security, and System event logs to 20 megabytes (MB) and configure them to overwrite as needed. |
9. | Apply any released updates to Windows Server 2003 by using Windows Update. |
Join MPS01 to the Fabrikam Domain
After you have finished building and preparing your Provisioning Engine Server, add the server to the Fabrikam domain.
Procedure DWSPV.3: To add MPS01 to the Fabrikam domain and log on as the domain administrator
| • | Join the server to the fabrikam domain. NoteJoining a new domain will require you to restart the server. |
1. | At the logon screen, ensure that the Log on To box displays FABRIKAM. NoteIf you do not see the Log on To box, click Options to display this box. |
2. | Log on as Administrator of the FABRIKAM domain. |
Next, verify that you are logged on as the domain administrator for the Fabrikam domain.
Procedure DWSPV.4: To verify that you are logged on to MPS01 as the domain administrator
| • | After logging on to the server, press CTRL + ALT + DEL. |
1. | In the Logon Information dialog box, ensure that you are logged on as FABRIKAM\Administrator or as another member of the Fabrikam domain administrators group. |
Install IIS on MPS01
You must install Internet Information Services (IIS) on MPS01 as a prerequisite for provisioning Web sites and other services.
Procedure DWSPV.5: To install IIS on MPS01
1. | Log on to MPS01 using an account that is a member of the Domain Administrators group. | ||||||||
2. | Click Start, open Control Panel, and then click Add or Remove Programs. | ||||||||
3. | On the Add or Remove Programs page, click Add/Remove Windows Components. | ||||||||
4. | On the Windows Components Wizard page, select Application Server, click Details, and then select Internet Information Services (IIS). | ||||||||
5. | Click Details, and then verify that only the following components are selected:
| ||||||||
6. | Click OK, and then click OK again. | ||||||||
7. | Click Next to begin the installation. | ||||||||
8. | On the Completing the Windows Components Wizard page, click Finish. | ||||||||
9. | Close Add/Remove Windows Components. |
Enable Network DTC and Network COM+ Access
Now, enable Network Distibuted Transaction Coordinator (DTC) and Network COM+ Access on MPS01. The following procedure is required in order to enable network access for the Microsoft Distributed Transaction Coordinator (MSDTC) service on the Provisioning Engine server.
Procedure DWSPV.6: To enable network DTC and network COM+ access
1. | Click Start, click Control Panel, and then click Add or Remove Programs. |
2. | Click Add/Remove Windows Components. |
3. | Click Application Server, and then click Details. |
4. | Select the Enable Network COM+ access check box. |
5. | Select the Enable Network DTC access check box, and then click OK. |
6. | Click Next. |
7. | When the Windows Components Wizard completes, click Finish. |
Ensure Inbound and Outbound DTC Access on MPS01 are Enabled on MPS01
In this section, you restrict network access to MPS01.
Procedure DWSPV.7: To ensure inbound and outbound DTC access are enabled on MPS01
1. | Click Start, point to All Programs, point to Administrative Tools, and then click Component Services. |
2. | Click and expand Component Services, and then expand Computers. |
3. | Right-click My Computer, and then select Properties. |
4. | Click the MSDTC tab. |
5. | Click Security Configuration. |
6. | Ensure that Network DTC Access is enabled. Then, in the Transaction Manager Communication section, ensure that the Allow Inbound and Allow Outbound options are selected. Leave all other options as default. |
7. | Click OK to save the settings. Click Yes if you are prompted to restart the service. |
Delegate Impersonation to the Provisioning Engine Server
Next, grant Kerberos services delegation to the Provisioning Engine server, MPS01.
Procedure DWSPV.8: To delegate impersonation to the Provisioning Engine server
1. | Log on to AD01 as a member of the domain administrators group. |
2. | Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers. |
3. | Expand the domain (fabrikam.com) and click Computers. |
4. | Double-click MPS01. |
5. | Select the Trust Computer for Delegation check box, and then click OK. NoteIf your Active Directory service has already been configured for Native Mode, then the Trust Computer for Delegation check box does not display. Instead, you must click the Delegation tab, and select Trust this computer for delegation to any service (Kerberos only). |
6. | At the Active Directory message, click OK, and then click OK again. |
7. | Restart MPS01. |
Disable the External Network Interface for MPS01
Procedure DWSPV.9: To disable the external network interface for MPS01
1. | Enable only an internal-facing, or private, interface that will be on the same Ethernet segment (BackNet) as the private interface of your front-end servers. |
