This topic describes how to install and configure Microsoft Provisioning System (MPS) DNS provisioning
- Install IIS and ASP.NET
- Install the MPS DNS Client
- Configure Server Certificates
Install IIS and ASP.NET on DNS01
Install Internet Information Services (IIS) with ASP.NET on DNS01.
Procedure W08-DWSPV.49: To install IIS and ASP.NET on DNS01
Log on to DNS01 as the local Administrator and open the Server Manager console.
Add the Web Server (IIS) role. Add the features required for Web Server (Windows Process Activation Service) when prompted.
In addition to the default web server roles, select additional services according to the following table:
Note: Add features required for ASP.NET when prompted.
- Basic Authentication
- Windows Authentication
- Request Filtering
- IP and Domain Restrictions
- IIS 6 Management Compatibility
Confirm your selections and start the installation.
Install the MPS DNS Client on DNS01
Procedure W08-DWSPV.50: To install the MPS DNS Client on DNS01
On DNS01, run DNSClient.msi from the solution distribution media in the Service Provisioning\MPS\Providers\DNS directory.
Accept the default values for Website Name and Virtual Directory Name.
Perform a complete installation.
Configure Server Certificates
To enable secure communications between the DNS Provider Web application and the DNS Provider client components using Secure Sockets Layer (SSL), you must install the Certificate Chain and request a Certificate that will be used by the DNS Provider Web Application.
Add Hosts File Entry for the PKIRoot Server
Because the DNS01 server is not using AD01 for DNS name resolution, it must have a hosts file entry to locate pkiroot.fabrikam.com by name.
Procedure W08-DWSPV.51: To add hosts file entry for the PKIRoot server
On DNS01, edit the C:\Windows\system32\drivers\etc\hosts file for PKIROOT.
Add entries for both the Netbios name and the fully qualified domain name (FQDN). For example:
10.0.3.12 pkiroot.fabrikam.com 10.0.3.12 pkiroot
Download and Install the Certificate Chain for Your CA onto DNS01
Procedure W08-DWSPV.52: To download and install the certificate chain for your CA onto DNS01
On DNS01, browse to https://PKIRoot.fabrikam.com/certsrv. When prompted, log on as FABRIKAM\Administrator.
Note: Internet Explorer may warn you that Intranet settings are currently disabled. You should enable Intranet settings before you can proceed.
Follow the on-screen instructions to download CA certificate chain and save the file on the root of the C: drive on DNS01.
Start Microsoft Management Console by running mmc.exe at a command prompt.
On the File menu, select Add/Remove Snap-in.
Add a certificate snap-in to manage certificate for the local computer (the computer this console is running on).
In the console tree, expand Certificates (Local Computer), expand Trusted Root Certification Authorities.
Right-click Certificates, point to All Tasks, and then select Import.
Follow the Import Wizard to select and open the file where you saved the certificate in step 2.
Leave the default value Place all certificates in the following store and ensure Trusted Root Certification Authorities appears under the Certificate store.
Follow the on-screen instructions to complete the import.
Create a Certificate Request on DNS01
Procedure W08-DWSPV.53: To create a certificate request on DNS01
On DNS01, open Internet Information Services (IIS) Manager and expand DNS01.
Create a certificate request with the following information:
- Common name: The IP address of DNS01. If DNS01 has more than
one IP address, specify the IP that the MPS Provisioning Server
will connect to when provisioning DNS records.
Note: The Name field must contain the IP address of the DNS01 server for DNS provisioning to work properly over SSL.
- Organization: fabrikam
- Organizational Unit: Hosting
- Common name: The IP address of DNS01. If DNS01 has more than one IP address, specify the IP that the MPS Provisioning Server will connect to when provisioning DNS records.
Accept the default Cryptographic Service Provider Properties. Specify the filename C:\DNS01-Cert-Request.txt.
Request and Install the Web Server Certificate onto DNS01
Procedure W08-DWSPV.54: To request and install the Web server certificate onto DNS01
On DNS01, browse to https://PKIRoot.fabrikam.com/certsrv. When prompted for credentials, log on as FABRIKAM\Administrator.
Select Request a Certificate, and then select Advanced certificate request.
Select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
Enter the contents of your saved certificate request (C:\DNS01-Cert-Request.txt) into the Saved Request field.
Select Web Server template as the certificate template, and then submit the request.
Select Base 64 encoded certificate; download the certificate and save the file as C:\Certnew.cer.
Install the Web Server Certificate into the Local Computer certificate store
Procedure W08-DWSPV.55: To install the Web server certificate into the local computer certificate store
Open the Certificates (local computer) MMC snap-in and navigate to the Personal folder.
Import the web server certificate file (C:\Certnew.cer) to the Personal folder.