Microsoft KB Archive/889712

= How to enable Remote Installation Services when Internet Connection Firewall is enabled in Windows Server 2003 =

Article ID: 889712

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





INTRODUCTION
This article discusses how to enable Remote Installation Services (RIS) when Internet Connection Firewall (ICF) is enabled in Microsoft Windows Server 2003.



MORE INFORMATION
You can use RIS to install Microsoft Windows Server 2003, Microsoft Windows XP, and Microsoft Windows 2000 on Pre-Boot Execution Environment (PXE) client computers that can start remotely.

The Boot Information Negotiation Layer (BINL) service is the primary component of RIS. The BINL service answers PXE client requests, validates clients by using Active Directory, and passes client information to and from the server.

Trivial FTP (TFTP) supports setting up a computer that has no disk drives. TFTP is a part of RIS environments.

RIS environments frequently require a Dynamic Host Configuration Protocol (DHCP) server. You can install the DHCP server on the same server as RIS, or you can install the DHCP server on a separate server.

To enable RIS when you enable ICF in your environment, see the following tables. Then, follow the steps that are described later to open ports on your servers.

When DHCP and RIS are installed on separate servers
To enable RIS when DHCP and RIS are installed on separate servers, open the following ports on the DHCP server where ICF is enabled.

Open the following ports on the RIS server where ICF is enabled.

When DHCP and RIS are installed on the same server
To enable RIS when DHCP and RIS are installed on the same server, open the following ports on the server where ICF is enabled.

Opening a UDP port or a TCP port for the ICF
To open a port when ICF is enabled, follow these steps on the server where you want to open ports:
 * 1) Click Start, click Run, type ncpa.cpl in the Open box, and then press ENTER.
 * 2) Right-click the connection that you use to connect your RIS server to the network. Then, click Properties.
 * 3) Click the Advanced tab, and then click Settings.

Note If Settings is unavailable, ICF is not enabled on this connection. You do not have to open any ports, because they are all already open.
 * 1) Click Add to open a new port.
 * 2) In the Description box, type a name.

For example, type File Sharing (SMB): Port 445.
 * 1) In the Name or IP address of the computer hosting this service on your network box, type 127.0.0.1.

Note Although you can specify the NetBIOS name of the server or the IP address of the server, we recommend that you use 127.0.0.1.
 * 1) In the External port box and in the Internal port box, type the port number. Typically, these numbers are the same.
 * 2) Click TCP or UDP, and then click OK.
 * 3) Repeat steps 1 through 8 for each port that you want to open.

