Errata

For
MCTS Guide to Microsoft Windows Server 2008 Network
Configuration
Exam 70-642
By
Michael Bender
This erratum contains errors, corrections, and omissions from the current text along
with suggested changes for future editions of the book. If you come across
additional errors or have suggestions for future releases, please email the author at
mbender@matcmadison.edu.
The author would like to thank the following instructors for their comments which
help to complete this document:

Mike Fuszner, St. Charles Community College

Randy Graves,

Note on Operating System updates: The text and all activities are based on the
RTM version of Windows Server 2008, not SP1, SP2, or Windows Server 2008 R2
RTM. There are known issues with specific activities such as BitLocker when
working with SP2. It is recommended that you run the RTM version of Windows. If
you choose to apply any available service packs and/or updates, you may
experience issues or functionality change compared with the textbook. Also,
additions of the software such as WSUS and Network Monitor specified in the text
may not be available from Microsoft. Please provide your students with the current
software version you wish for them to use. Keep in mind that newer versions of
software may have different functionality and appearance so some steps in
activities may change.

Chapter 1
Chapter 1 - p. 3 should read
Trusts between Active Directory domains in a forest are created automatically when
you create domains in Windows Server 2008. These are called transitive trusts.
In Windows NT domains prior to Windows 2000, administrators created all trusts
manually.
Pg. 8, Step 5 should read:
Enter your product key if you have one and are required to enter the key. You can
install Windows Server 2008 without a product key.

Chapter 2
Pg. 46 Should Read:
Out-of-Box Experience The most common cleanup action with Sysprep is to use the
system OOBE when generalizing images. This combination will remove the
computer security identifier (SID), reset the computer activation, and boot the
computer into Windows Welcome.
Pg. 50 title should read:
Installing Windows Server 2008
Pg. 50 should read:
This section explores the three installation methods available for Windows Server
2008. Each of the following methods has a purpose and place within a network:

DVD/USB boot installation

Network distribution share installation

Image-based installation

DVD/USB Boot Installation Probably the most familiar of the installation methods
is using physical installation media. Windows Server 2008 can be installed via
optical drive (that is a DVD drive) or via USB flash drive. This type of installation is
called a DVD boot installation and is the most common media-based type.
Installing with a USB flash drive is new and not yet as popular as using a DVD.
However, with the advent of USB 2.0 and servers that can boot from the drives in
their USB ports, USB flash drives are the perfect media for installing Windows

Server 2008. Whether using optical or flash media, this installation method requires
you to be present at the server. Activity 1-1, where you installed Windows Server
2008, is an example of a DVD installation.
Page 52 Activity 2-4 should read:
1. Log onto your server.
2. Click Start, type Windows PE Command Prompt in the Start Search box.
When it Windows PE Command Prompt appears, select it and press enter to
launch.
3. Type md c:\MCTS_70642\Ch2\ImageFolder and then press Enter to create
a new directory called ImageFolder in the folder created for this chapter. This
represents a distribution point to contain the .wim file created with ImageX.
4. Change to the directory containing ImageX by using the following cd
command:
cd \Program Files\Windows AIK\Tools\x86\
5. Next, run the following ImageX command to create an image of the
c:\windows\fonts

direc

tory from the command prompt:

imagex /capture c:\Windows\fonts
c:\MCTS_70642\Ch2\imagefolder\Server2008Fonts.wim All
Installed Fonts
6. Leave the command prompt window open for the next exercise.
Pg 53 should read:
Consider an example of this command:
imagex /mount c:\Images\Server2008.wim Standard c:\imagefolder\
In this command, you are using ImageX to mount the image named Standard from the
Server2008.wim file to c:\imagefolder\. Remember that the image is read-only. If you want to write to this
image, use /mountrw instead of /mount, as shown in the following command:
imagex /mountrw c:\Images\Server2008.wim
Standard_RW c:\imagefolder\

Pg 53 Activity 2-5 should read:

1. Open the Windows PE Command Prompt from the start menu, if necessary.
2. Type md c:\MCTS_70642\Ch2\ImageMountFolder to create a new directory
called ImageMountFolder. This is the mount point for your image within the file
system.
3. Next, run the following ImageX command to mount the image
Server2008Fonts.wim to the c:\MCTS_40642\Ch2\ImageMountFolder directory
from the command prompt:
imagex /mount
c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim All
Installed Ionts c:\MCTS_70642\Ch2\imagemountfolder
4. Open
Windows
Explorer
and
browse
to
c:\MCTS_70642\Ch2\ImageMountFolder.5.
Create a file named
Server2008SuperFont.txt by right-clicking a blank spot in the folder window,
pointing to New on the shortcut menu, and then clicking Text Document. Use
Server2008SuperFont.txt as the file name. Note that access is denied
because you did not mount the image as read/write.
5. Before mounting the image as read/write, unmount the current image as
follows:
imagex /unmount
c:\MCTS_70642\Ch2\imagemountfolder
6. Rerun the ImageX command as follows using the /mountrw option:
imagex /mountrw
c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim
All Installed Fonts
c:\MCTS_70642\Ch2\imagemountfolder
7. Create a file named Server2008SuperFont.txt and leave Windows Explorer
open. This time you should be successful.
8. Commit and dismount the image using the following command:
imagex /unmount /commit
c:\MCTS_70642\Ch2\imagemountfolder
9. In your Windows Explorer window, press F5 to refresh the screen. You should
no longer have any files listed in c:\MCTS_70642\Ch2\ImageMountFolder.
10.Close the Command Prompt.
Pg. 54 step 9 should read:
Imagex /mountrw c:\MCTS_70642\Ch2\imagefolder\Server2008fonts.wim all
installed fonts C:\MCTS_70642\Ch2\imagemountfolder

Pg 61, Paragraph 1 should read:

There is no way to upgrade from a previous version of the Windows Server
operating system to a Server Core installation. Only a clean installation is
supported.

There is no way to upgrade from a full installation of Windows Server 2008 to

a Server Core installation. Only a clean installation is supported.

There is no way to upgrade from a Server Core installation to a full

installation of Windows Server 2008. If you need the Windows user
interface or a server role that is not supported in a Server Core installation,
you will need to install a full installation of Windows Server 2008.

Pg. 66 Should read:

If you want to install the DHCP services role and the BitLocker Drive Encryption feature on a Server
Core installation, use the following commands:
Pg. 66 step 4. Should read:
WMIC ComputerSystem Where name=%computername% call Rename
Name=MSN-SC-0XX
Pg. 67 should read:
You can use Windows Remote Management (WinRM) to configure and manage
Server Core installations. As discussed in Chapter 1, WinRM is a suite of tools that
allows you to remotely manage your servers. WinRM, rmtshare, and other
management utilities are covered in depth in Chapter 11.

Chapter 3
Pg. 83 Should read:
Network Bridges Network bridges connect one or more networks segments. Like a
switch, a bridge uses MAC addresses for managing traffic. A bridge learns from the
traffic it processes, so it can associate a port with the specific MAC address to which
it is connected. After the bridge associates a port and an address, it sends traffic for
that address only to that port. This creates more efficient traffic on the network.
Bridges work on the Layer 2 of the OSI model.

Pg 83 should read:
The Data Link layer is responsible for communications between adjacent
network nodes. Bridges and switches operate at the Data Link layer.

Pg 94 Activity table should look like this:

Table 3-10: IPv6 address simplification

Full Address

Simplified Address

1075:0000:0000:0000:0005:0600:300c:422d
ff06::d5
1055:0000:0000:0000:000b:1bda:0041:25ab
abcd:12bc::34:1a
50ab:0353:2003:0001:0000:0000:abaf:0003
Pg 97 should read:
In cases where you cannot contact a DHCP server, even though the client is configured for dynamic
addressing, Windows uses Automatic Private IP Addressing (APIPA) to assign a unique random IP
address from the usable address range of 169.254.0.1 to 169.254.255.254.
Pg 103, Step 2 should read:
Click Start, Run and enter ncpa.cpl. This will launch the Network Connections
console from Control Panel.
Pg 104 Activity 3-10 step 2 should read:
Preferred DNS server: 2001:db8:8765:4321:2 (instead of ::3)
Pg 104 Activity 3-10 step 4 should read:
Netsh interface ipv6 add dnsserver local area connection 2001:db8:8765:4321:2
Pg 108, Activity 3-11 should read:
1. On MSN-SC-0XX, type the following netsh command and then press Enter to
check the ISATAP status on the computer:
netsh interface isatap show state
2. At the command prompt, enter the following netsh command and then press
Enter
to
enable
ISATAP on the computer:
netsh interface isatap set state enabled
3.
Type ipconfig /all and then press Enter to verify that an ISATAP address has
been added to your network adapters. If changes do not appear promptly, wait
about 30 seconds and rerun ipconfig /all.
4. 4. At the command prompt, enter the following netsh command and then press
Enter to dis-able ISATAP on the computer:
netsh interface isatap set state disable

5. Type ipconfig /all and then press Enter to verify that ISATAP has been removed.
Pg 109 should read:
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v
DisabledComponents /t REG_DWORD /d 255
Pg 116 Steps should be added to open the ICMP firewall ports on both
servers. The following command will perform the task on both servers:
netsh advfirewall firewall add rule name=ICMP Allow incoming V4 echo request
protocol=icmpv4:8,any dir=in action=allow

Pg 116 step 4 should read:

tracert 192.168.100.10 >> CLI.txt
Pg 122, question 13, answer c should read:
c. 11000000.10101000. 01100100.11010100
At the Completion of this Chapter, all students should disable IPv6 on all current
lab machines. The following steps should be completed on each machine:
Disable TCP/IPv6
1. Uncheck Internet Protocol version 6 (TCP/IPv6) from all of your
connections and adapters and component in the list under This connection
uses the following items. This will not be an option on Server Core so you
will just modify the registry.
2. Open Registry Editor, Regedit.exe
3. Browse to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameter
s\
4. Right click on Parameters, choose New, choose DWORD (32-bit)
Value
5. Change the name of the key to DisabledComponents, set the value to ff
and be sure to choose Hexadecimal. This should resolve to a decimal of 255.
6. Restart the computer for the registry value to take effect.

Chapter 4
Pg 134 DHCPInform should read:

If a DHCP client already has an IP address, it sends this type of message to a DHCP
server ..
Activity 4-5 (page 142) should read:
10. Return to MSN-SRV-0XX, expand Scope [192.168.100.0] Partner Scope, and click Address
Leases. Verify that you see a lease for msn-sc-0XX.bentech.local of 192.168.100.201.
Activity 4-7 (page 144) should read:
10. Return to MSN-SRV-0XX, expand Scope [192.168.100.0] Partner Scope, and then
click Address Leases. Verify that you see a lease for msn-sc-0XX.bentech.local of
192.168.100.211. (Press F5 to update the display.)
Pg 145, Activity 4-8 should read:
Description: Your organization has decided to implement a DNS server on your
network. This server will provide updated name resolution for your clients. In this
activity, you modify the server scope so all scopes in your environment use the DNS
server, 192.168.100.10.
1. Start Server Manager on the MSN-SRV-0XX computer.
2. In the left pane of Server Manager, expand the Roles section and the DHCP
Server role and then click MSN-SRV-0XX. The DHCP Server administration
console opens.
3. In the left pane, expand IPv4 and then click Server Options.
4. Click More Actions and then click Configure Options.
5. In the Server Options dialog box, click 006 DNS Servers and then enter
192.168.100.10 in the String Value text box.
6. Click OK to close the Server Options dialog box.
7. Verify that the server option for DNS Servers appears in the Server Options pane.
8. Log onto MSN-SC-0XX, if necessary.
9. In the Command Prompt, type ipconfig /renew.
10.Type ipconfig /all to verify the new settings. You should now receive a new DNS
server of 192.168.100.10.
11.Leave the DHCP console open for the next activity.
Pg 154, should read:
Windows Server 2008 performs an automated backup of the DHCP database every
60 minutes to the %systemroot%\ dhcp\backup directory...
Pg 154 should read:
Like automatic backups, manual backups are stored in the %systemroot%\
dhcp\backup folder by default.

Chapter 5
Pg 167 Activity 5-1, Step 11 should read:
Open a command prompt from the Start menu and then enter the following command to change the IP
address and DNS information:
netsh int ip set address name=Local Area Connection static
192.168.100.10 255.255.255.0
Pg 167 Activity 5-1, Step 13 should read:
At the command prompt, enter the following command to change the Internet Protocol version 4 (IPv4)
address:
netsh int ip set address name=Local Area Connection static
192.168.100.20 255.255.255.0
Pg. 169 Activity5-2 Note should read:
For this activity, your server needs to have access to the Internet and be able to resolve Internet-based
DNS zones.
Pg. 172 Activity 5-4 step 1 should read:
On the MSN-SRV-0XX computer, open a command prompt form the Start menu, type
ncpa.cpl and then press Enter to open the Network Properties windows.
Pg. 172 Activity 5-4 step 7 should read:
At the command prompt, type nslookup cengage.com and then press Enter. You should receive an error
message because you do not have DNS name resolution from 192.168.100.10.
Pg. 172 Activity 5-4 step 8 should read:
At the command prompt, type nslookup cengage.com 4.2.2.1 and then press Enter. This forces nslookup
to query the name server at 4.2.2.1 instead of your preferred DNS server. This time, you should receive a
nonauthoritative answer for cengage.com of 69.32.133.79. If the IP address is different, it simply means
that the record for cengage.com has been changed.
Pg. 185, Activity 5-9 have the following step inserted as step 11 and
renumber remaining steps:
11. In the command prompt, enter the following commands. You will need to wait for each to complete
before entering the next.
Net stop DNS
Net start DNS

Chapter 6
Pg 206 Activity 6-1 step 3 should read:
Netsh interface set interface name=local area connection
newname=Internet
Pg 207 Activity 6-1 step 3 should read*:
netsh interface set interface name=local area connection 2
newname=bentech.local
nets int ipv4 set address name=bentech.local static
nets int ipv4 set dns bentech.local static
*Screenshot for Figure 6-1 will need to be modified to show bentech.local.
pg 208 step 8 should read:
netsh interface set interface name=local area connection
newname=bentech.local
netsh int ip set address name=bentech.local static 192.168.100.20
255.255.255.0
netsh int ip set dns bentech.local static 192.168.100.10
pg 208 step 9 should read:
Enter the following command to verify you have name resolution. After
nslookup microsoft.com
pg 208 step 10 (new) should read:
Log off your Server Core computer by typing logoff at the command prompt and
then pressing Enter.
Pg 208 Activity 6-2, step 1 (new) should read*:
Prior to beginning Activity 6-5, run the following command on MSN-SRV-0XX:
DNSCMD /CONFIG BENTECH.LOCAL /ALLOWUPDATE 1
*The existing 1-10 should be renumbered 2-11
8. At the command prompt, enter the following command to change the Internet
Protocol version 4 (IPv4) address:
netsh interface set interface name=local area connection
newname=bentech.local
netsh int ip set address name=bentech.local static
192.168.100.20 255.255.255.0

netsh int ip set dns bentech.local static 192.168.100.10

9. Enter the following command to verify you have name resolution. After
nslookup microsoft.com
10. Log off your Server Core computer by typing logoff at the command prompt
and then pressing Enter.

Pg 212 Activity 6-4 step 4 should read:

Expand the dc subdomain and the _sites subdomain and default First Site and
then click _tcp. Note a new zone folder called _msdcs is listed under the
bentech.local zone. It is grayed out and represents the delegation of the _msdcs
zone. It contains the NS records point-ing to the server or servers responsible for
hosting the _msdcs.bentech.local zone.
Pg 222 Activity 6-7 Step 7 should read:
Click the Setting tab. Click the Enabled option button and then enter
bentech.local,widgetsbiz.local in the DNS Suffixes text box. You can enter
multiple DNS suffixes as long as they are comma-separated values.
If you get an error in step 7, then skip steps 7 through 9. There is a bug in Server
2008 and the current hotfix from Microsoft does not resolve it. To add these suffixes
within the GUI, use the procedure in Activity 5-6 on page 179. Then continue with
step 10. To add these suffixes in Server Core, start the Registry Editor(regedit) and
add the list as the value for SearchList located in
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters. A Reboot is
required after this registry change.
Pg 245 Activity 6-16 Step 7 should read:
Type set type=all and then press Enter. This tells nslookup to query for all DNS
records.
Pg 248 Activity 6-17 Step 2 should read:
netsh int ip set wins bentech.local static 192.168.100.10 netsh
Pg 248 Activity 6-17 Step 3 should read:
netsh int ip set wins bentech.local static 192.168.100.10
Pg 249 should read:

DNScmd ServerName /config /EnableGlobalNamesSupport 1

Pg 251 Activity 6-20 step 2 should read:

netdom join \\MSN-SC-0XX /domain:bentech.local
/UserD:bentech.local\administrator /PasswordD:P@ssw0rd
shutdown /r /t 0

Chapter 7
On page 263, Remove Activity 7-1 and renumber remaining Activities.

Page 267 should read:

By default, this share maps to the %systemroot%\System32\spool\drivers
directory.
Activity 7-9 (page 275) Step 6, the last line should read:
Net share NewData=c:\70642\chapter 7\NewData /Users:1
/Remark:this is the NewData Share

Activity 7-9 (page 276) Step 8, the last two lines should read:
This displays the shares available on MSN-SC-0XX. If you are prompted for credentials, enter the
administrator account name and pass-word for MSN-SC-0XX.

Activity 7-10 (page 277)Step 5, the command should read:

Net share offline=c:\70642\Chapter 7\scadminshare /CACHE:Documents
Activity 7-15 (page 285)Step 1, the second command should read:
Net share SCAdminShare=c:\70642\...
Also, if replication does not take place, you may need to add
Administrator with Full Control permissions to the offline folder on
MSN-SC-0XX.
Activity 7-16 (page 288) Add the following as Step 1:
Start and log onto MSN-SC-0XX before beginning this lab.
Activity 7-16 (page 288) Step 1 command should be:
Servermanagercmd.exe install FS-Resource-Manager (This is correct in
author files, but the it is formatted incorrectly in printed text)

In Step 1 of Activity 7-17, do not include the comma within the quotes for
the md command. The command below is correct.
md "c:\70642\Chapter 7\Quotas"
Activity 7-19 (page 291) Skip step 1 since this was done in Activity 7-16.

Activity 7-19 (page 291)Step 7, should read:

Browse to c:\StorageReports\Interactive. This is the default location for
interactive reports.

Chapter 8
Beginning of Activity 8-2 should read:

Activity 8-2: Adding a network printer

Time Required: 15 minutes.
Objective: Adding a printer through the Print Management console.
Description:

Your

company

decided

it

needs

to

centralize

its

printing

administration. To facili-tate this, you need to configure a printer using previously

implemented print services on MSN-SRV-0XX. In this activity, you will create a new
network printer, Printer02.
Note: Print Services were installed previously in Activity 1-6.
Activity 8-17 (page 323) in step 10 should read:
10. Click the Available from option button and then set the times from 6:00 PM to
5:00 AM or a time suggested by your instructor. The time period should not
overlap the time period in which this lab activity is being completed.

Chapter 9
Activity 9-1 (page 334) should read:
20.
On MSN-SRV-1xx, open the command prompt, and enter the following
command to add MSN-SRV-1XX to the domain, bentech.local:

21.
Reboot the server, and then log onto MSN-SRV-1XX as
administrator@bentech.local.
Activity 9-2: (page 336) should read:
Log onto MSN-SC-0XX and enter the following command to set MSN-SC-0XX to use
MSN-SRV-0XX as a default gateway:
netsh int ipv4 set address name = bentech.net static
192.168.100.20 255.255.255.0 192.168.100.10

Activity 9-4 page 340) should read:

4. Open a command prompt, type route add 4.2.2.1 mask 255.255.255.255
192.168.100.10, and then press Enter.
9. Open a command prompt, type route print, and then press Enter to verify the
route for 4.2.2.1 is listed.
Activity 9-5 (page 342) should read
1. On MSN-SRV-0XX, open the command prompt and enter the following commands
to add a
default gateway to a scope:
Servermanagercmd.exe -install DHCP
sc config dhcpserver start= auto
net start dhcpserver
netsh dhcp server 192.168.100.10 scope 192.168.100.0
netsh dhcp add iprange 192.168.100.201 192.168.100.250 set optionvalue
003 IPADDRESS 192.168.100.10

6.In the Actions pane, click More Actions under DHCP Relay Agent and then click
New Interface. Select bentech.local and then click OK.
12.Verify that bentech.local is using an IP address of 192.168.100.211. If you do not
see the change, you may have to issue ipconfig /release followed by
ipconfig/renew or reboot the server. If you required a server reboot, you will
need to logon to MSN-SRV-1xx to complete the next step.
Activity 9-6 (page 345) Add the following note or additional Step:
1. Logon to MSN-SRV-0XX for this activity.
Activity 9-7 (page 347) All references to MSN-SRV-1XX should be changed
to MSN-SRV-0XX

Activity 9-8 (page 350) All references to MSN-SRV-1XX should be changed

to MSN-SRV-0XX
Activity 9-9 (page 350) All references to MSN-SRV-1XX should be changed
to MSN-SRV-0XX

Chapter 10
Activity 10-4 (page 370) Insert the following step:
14. Repeat steps 7 13 using c:\Program Files (x86)\Internet Explorer\iexplore.exe
as the program path in Step 9.
Activity 10-6 Add the following note prior to completing activity.
Prior to beginning this lab, remove the File Services Resource manager with the
following command:
Servermanagercmd.exe remove FS-Resource-Manager

Due to a bug in Windows Server 2008, you will receive an error when trying to
create a GPO if you did not remove the File Services Resource Manager. For
more information, search Microsoft.com for KB967358.
Activity 10-9 (Pg 380) Add this note to Activity 10-9:
If Server 2008 SP2 is installed, you will have issues installing the Drive Prep tool.
Either remove SP2 or perform the following steps:
1. Download the Bit Locker Preparation Tool to the C: drive.
2. Enter the following commands at the command prompt.
a. expand -f:* "C:\Windows6.0-KB933246-x86.msu" %TEMP%
b. pkgmgr.exe /n:%TEMP%\Windows6.0-KB933246-x86.xml
3. Enter C:\Program Files\BitLocker\BdeHdCfg.exe on the Run line. This will
repartition your drive to allow Bit Locker to work properly.

Chapter 11
Activity 11-1 (page 405) Insert the following Note:
Note: MSN-SRV-1XX will need to have its Firewall rules modified in order
to complete this and future activitivies. Enter the following command
through the command prompt on MSN-SRV-1XX:
Netsh advfirewall firewall set rule group=remote administration new
enable=yes

Activity 11-10 (page 424) the command in Step 4 should read:

Mbsacli.exe > C:\70642\chapter 11\MBSAcli.txt

Activity 11-16 (page 434) Insert the following Note:

Note: Ask your instructor if a newer version of Network Monitor is
available and should be used for this activity.
Activity 11-19 (page 442) the command in Step 6 should read:
Net share RemoteBackup=c:\70642\Chapter
11\RemoteBackup /Grant:Everyone,Change