How to speed up IDENTIKEY DNS lookup of the Windows Logon DAWL client on Windows 7?



Similar documents
DIGIPASS Authentication for Windows Logon Product Guide 1.1

Step by step guide for connecting PC to wired LAN at dormitories of University of Pardubice

Move a VM 3.0 with AD Integration to a new server. Creation date: 17/06/2008 Last Review: 26/06/2008 Revision number: 1

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

How to move an IDENTIKEY Authentication Server with embedded PostgreSQL DB to a new machine with new IP address?

a) Network connection problems (check these for existing installations)

How to connect your new virtual machine to the Internet

Configuration Notes 0215

Guide to Setting up Internet Connection Sharing for Windows

Lab - Observing DNS Resolution

Configuration of Microsoft Time Server

Installing and Trouble-Shooting SmartSystems

Understand Troubleshooting Methodology

Authenticate vsftpd (a secure FTP server for UNIXlike systems) with IDENTIKEY Authentication Sever

Before reading this manual

DC Agent Troubleshooting

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

Corporate I.T. Services Limited Updating your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3)

Self Help Guide. Please read the following carefully; Synopsis: Requirements: A Computer with a working RJ45 LAN Port All Belkin Modem Routers

If you never used nor intend to use the wired-connection, then please disregard the following info.

REMOTE INFRASTRUCTURE MANAGEMENT COURSE CURRICULUM

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

70-685: Enterprise Desktop Support Technician

Using DC Agent for Transparent User Identification

Department of Software Engineering

Installing and Setting up Microsoft DNS Server

Windows 7, Enterprise Desktop Support Technician

Defender EAP Agent Installation and Configuration Guide

Other documents in this series are available at: servernotes.wazmac.com

Introduction. Versions Used Windows Server 2003

Windows Vista: Connecting to the wireless network at Hood College

How-to configure Auditing for IDENTIKEY Authentication Server 3.2 to a remote Oracle Database on a standalone Microsoft machine.

TestElite - Troubleshooting

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

OneStop Reporting 3.7 Installation Guide. Updated:

Lab PC Network TCP/IP Configuration

Implementing Domain Name Service (DNS)

Understanding Windows Server 2003 Networking p. 1 The OSI Model p. 2 Protocol Stacks p. 4 Communication between Stacks p. 13 Microsoft's Network

IT-Pruefungen.de. Hochwertige Qualität, neueste Prüfungsunterlagen.

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Configuring Outlook for Windows to use your Exchange

SSSD DNS Improvements in AD Environment

Lesson Plans Managing a Windows 2003 Network Infrastructure

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

McAfee Vulnerability Manager 7.5.1

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

LAN TCP/IP and DHCP Setup

Troubleshooting and Supporting Windows 7 in the Enterprise

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (5 days)

How to Restore a Windows System to Bare Metal

SecureVault Online Backup Service Client Installation Guide

Default configuration for the Workstation service and the Server service

Global Knowledge MEA Remote Labs. Remote Lab Access Procedure

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

Audit account logon events

Windows Firewall must be enabled on each host to allow Remote Administration. This option is not enabled by default

ReadyNAS Remote Troubleshooting Guide NETGEAR

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Using Logon Agent for Transparent User Identification

20410: Installing and Configuring Windows Server 2012

Internet Guide. Prepared for 55 John Street

Active Directory. Users & Computers. Group Policies

Installation Guide - Client. Rev 1.5.0

Configuring Sponsor Authentication

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Windows 7 Core Services: Application Experience. Application Information. Background Intelligent Transfer. Base Filtering Engine.

Using LifeSize Systems with Microsoft Office Communications Server 2007

Configuring Advanced Windows Server 2012 Services MOC 20412

Practice Test CompTIA A Domain 1 - Operating Systems

Lab Conducting a Network Capture with Wireshark

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Internet for Everyone In-Room Instructions January 2011 Version 1.3

Version 1.3 April IPv6 Supplement: Configure IP Settings and IP Filtering

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Course Outline: Course Installing and Configuring Windows Server 2012

Acronis Backup & Recovery 11.5 Quick Start Guide

Agency Pre Migration Tasks

Send document comments to

Hack DNS for lightning-fast Web browsing

Internetworking Microsoft TCP/IP on Microsoft Windows NT 4.0

DNS Server Operation & Configuration

DNS Server Operation & Configuration

Delphi+ System Requirements

How to make a VPN connection to our servers from Windows XP

Active Directory Domain Migration Checklist ADUM Active Directory Migrator

KB Windows 2000 DNS Event Messages 1 Through 1614

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Windows Boston. Group Policy Group Policy Basics. Published 2007 Clyde G. Johnson, MCSE, A+

Configuring Windows Server 2008 Network Infrastructure

Quick Start Guide for Parallels Virtuozzo

Remote Desktop How-To. How to log into your computer remotely using Windows XP, etc.

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

Configuring Advanced Windows Server 2012 Services

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

Installing and Configuring Windows Server 2012

Virtual Desktop Infrastructure in

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Wireless Network Configuration Guide

Transcription:

KB 150103 How to speed up IDENTIKEY DNS lookup of the Windows Logon DAWL client on Windows 7? Creation date: 27/05/2013 Last Review: 28/06/2013 Revision number: 2 Document type: How To Security status: EXTERNAL Summary This article will explain how DNS lookup is used in the DIGIPASS Authentication Windows Logon (DAWL) client and how the lookup can be improved for Windows 7. Details. When configuring IDENTIKEY Server for use with DAWL, the default DAWL configuration will resolve the IDENTIKEY Server using DNS Lookup. IDENTIKEY Server can be configured to register itself (at startup) in the AD DNS server, so that it can be resolved by the DAWL clients. Below, you can see IDENTIKEY Server can be found in the DNS server: In this example: _ikeyserver-seal._tcp.vdsi.local Page 1 of 5

When DAWL needs to find IDENTIKEY Server, it will use the following mechanisms in this order: 1. Send the unqualified Multi-label name to the Microsoft DNS Client 2. Send the qualified Multi-label name to the Microsoft DNS Client 3. Use the Primary and Backup IP Address of the IDENTIKEY Server 1. DAWL sends the unqualified Multi-label name to the Microsoft DNS Client. The DAWL client will add._tcp to the DNS server service name (configured in the DAWL client) and pass the DNS Request to the Microsoft DNS client. Depending on the OS, the Microsoft DNS Client will handle the DNS request a bit different. 1.1. On Windows XP. When a Windows XP machine attempts to resolve an unqualified multi-label name, the DNS client will attempt to resolve the name as specified. If this DNS Query fails, it will append the domains that are listed in the DNS suffix search order. So the DNS queries that are sent are: _ikserver-seal._tcp _ikserver-seal._tcp.vasco.local (supposing that the DNS Suffix search list is Vasco.local) In XP we should see something like this if we do a wireshark trace: 1.2. On Windows 7 and Vista. When a Windows 7 (Vista) machine attempts to resolve an unqualified multilabel name, the DNS client will attempt to resolve the name as specified. The DNS suffix search order will NOT be used. So the DNS querie that is sent is: _ikserver-seal._tcp Remarks: o When the IDENTIKEY Server cannot be found (DNS query fails), the DAWL client will try this mechanism a second time (DAWL will send the same unqualified Multi-label name a second time to the Microsoft DNS Client) o The DNS Suffix Search List can be seen when you do a ipconfig /all in a DOS window: Page 2 of 5

When DHCP is used, the DNS Suffix Search List is filled in automatically. When a fixed IP/DNS is used, the DNS Suffix Search List is configured in the advanced internet protocol properties: 2. DAWL sends the qualified Multi-label name to the Microsoft DNS Client. If IDENTIKEY Server is not found after step 1 described above, the DAWL client will start his back-up plan. The DAWL client will combine the Suffix of the PC name with DNS server service name from the DAWL configuration and pass this DNS request to the Microsoft DNS Client/ In our example: _ikeyserver-seal._tcp.vdsi.local In case the PC is located in a sub domain DAWL will also try to find IDENTIKEY Page 3 of 5

Server in the different domains of the domain tree. Eg: if the the PC is W7PC.sub2.sub1.mydomain.local, then DAWL will try: _ikeyserver-seal._tcp.sub2.sub1.mydomain.local _ikeyserver-seal. _tcp.sub1.mydomain.local _ikeyserver-seal. _tcp.mydomain.local _ikeyserver-seal. _tcp.local 3. Use the Primary and Backup IP Address of the IDENTIKEY Server If the IDENTIKEY Server cannot be resolved via DNS (step 1 and 2 have failed), DAWL will use the IP Addresses filled in in the DAWL configuration. Problem Solution. As explained above the DNS Resolving of IDENTIKEY Server will fail in step 1 on a Windows 7 machine. To speed up DNS discovery on a Windows 7 machine we can apply: http://blogs.technet.com/b/networking/archive/2009/04/16/dns-client-nameresolution-behavior-in-windows-vista-vs-windows-xp.aspx As explained in the article, run gpedit.msc, then enable: Computer Configuration -> Administrative Templates -> Network -> DNS Client -> Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries In regedit you should see: Page 4 of 5

When this Registry key is set, IDENTIKEY Server should also be resolved in step 1 and not by the DAWL Back-up plan (Step 2) as explained above. This can also be set in the group policy on the domain level: Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information