Answered by:
How to make private network to be defined as private?

Question
-
Hello, I have Windows HPC Server 2008 R2 cluster with topology 2 - All nodes in enterprise and private network. The problem is that on the compute nodes network connected to NIC2 and supposed to be private is shown as "Undefined". And by default "Undefined" networks are Public. I found out that it is Undefined because there is no gateway, but there is no option in HPC Manager to set gateway for private network (my headnode acts as DHCP server for it).
I found 2 workarounds here:
1. On the nodes press WinKey+R, type "secpol.msc" without quotes. Then click Network List Manager Policies on the left, and then you should be able to change it from there. There is an option what to do with Undefined networks, you can make them Private.
2. Basically the same solution but with script. It is for Windows 7 but also works here. http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx
Is there any other way to make private network in 2nd topology to be defined as private on the nodes?
Friday, April 22, 2011 6:34 AM
Answers
-
Your HPC 'Private' network is Unidentified by the OS because the network lacks identifiable characteristics. The default network profile for unidentified networks is "Public" for security reasons. However, if you chose to disable the firewall for your cluster's private network then it doesn't really matter what network profile the interface is using because the firewall will be disabled on the interface regardless of it's profile setting.
If you really wanted to change the network profile for unidentified networks from 'Public' to 'Private', you could do this by running the powershell script found at http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx.
--Brian
- Proposed as answer by Mark Staveley Wednesday, May 4, 2011 1:38 AM
- Marked as answer by Nikita Tropin Wednesday, May 4, 2011 2:46 AM
Tuesday, May 3, 2011 7:52 PM
All replies
-
Dear Nikita,
I would like to understand your question better - Could you please copy the information from your network configuration report on your head node.
Also with your private network settings - in the network wizard there is a step "Private Network Configuration"
You should be able to set the IP Address Range, the Gateway and the DNS server for your private network there.
There are some assumptions made if you have NAT selected but you shouldn't need NAT with a Topology 2 cluster.
Hope this helps,
Mark
Friday, April 22, 2011 4:30 PM -
Mark, the problem with Private Network Configuration is that without NAT enabled you can't set the gateway, this field is not available. Here is the screenshot:
And that is the report from the headnode:
Network Configurations Report
Test Result: Complete
Failed nodes list
(0)
No nodes failed this test.Test result details
Result Summary
This table summarizes the test results for the nodes.
Results No. of Nodes Complete 1
Test results by node
BATNOVSRV01
(Complete)
Private
This table shows the details about the network configuration of this node.
Setting Value Description Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2 ID {49534D62-0D28-42DF-979F-9B8CB5588967} Interface Type Ethernet Is Online Online Mac Address 00-22-19-88-C1-78 Domain IP Addresses { Address="192.168.0.1", Mask="255.255.255.0" } DNSServers DhcpServer Gateway 0.0.0.0 DhcpEnabled No Speed 1000000000
Enterprise
This table shows the details about the network configuration of this node.
Setting Value Description Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) ID {638693C1-FEAE-4194-AA62-3CDB3FC803F3} Interface Type Ethernet Is Online Online Mac Address 00-22-19-88-C1-76 Domain IP Addresses { Address="10.44.12.160", Mask="255.255.255.0" } DNSServers 10.44.12.201 , 147.108.109.231 DhcpServer Gateway 10.44.12.254 DhcpEnabled No Speed 1000000000
Loopback Pseudo-Interface 1
This table shows the details about the network configuration of this node.
Setting Value Description Software Loopback Interface 1 ID {7ECFEE4D-C6C1-11DF-AC27-806E6F6E6963} Interface Type Loopback Is Online Online Mac Address Domain IP Addresses { Address="127.0.0.1" } DNSServers fec0:0:0:ffff::1%1 , fec0:0:0:ffff::2%1 , fec0:0:0:ffff::3%1 DhcpServer Gateway Speed 1073741824
isatap.{49534D62-0D28-42DF-979F-9B8CB5588967}
This table shows the details about the network configuration of this node.
Setting Value Description Microsoft ISATAP Adapter ID {01A69D68-311B-403A-AC4D-80B4F1CDE46F} Interface Type Tunnel Is Online Offline Mac Address 00-00-00-00-00-00-00-E0 Domain
isatap.{638693C1-FEAE-4194-AA62-3CDB3FC803F3}
This table shows the details about the network configuration of this node.
Setting Value Description Microsoft ISATAP Adapter #2 ID {CD30218E-B615-4691-B00A-4A2099277757} Interface Type Tunnel Is Online Offline Mac Address 00-00-00-00-00-00-00-E0 Domain Monday, April 25, 2011 7:42 AM -
Just to be clear - are you using a Topology1 or Topology2 setup?
In going through the Topology 1 Network Configuration - the difference with enabling / disabling NAT is that
- When NAT is enabled - the gateway is set to be the HN (the DNS server can be edited but not the Gateway)
- with NAT disableed - the gateway can be set (both the Gateway and the DNS Server can be edited).
If I go through the Topology 2 Network Configuration - then the gateway cannot be set in either case when NAT is enabled.
Your screenshot would indicate that you are selecting the Topology1 setting but in your original posting you said that you had a Topology 2 cluster.
Also you may want to try configuring your network through Powershell - that might give you the level of customization that you require:
Set-HpcNetwork [[-Topology] <String>] [-Application <String>] [-ApplicationDHCP <Boolean>] [-ApplicationDHCPClient [<SwitchParameter>]] [-ApplicationDHCPDns <String>] [-ApplicationDHCPEndAddress <String>] [-ApplicationDHCPGateway <String>] [-ApplicationDHCPStartAddress <String>] [-ApplicationDnsRegistrationType <HpcDnsRegistrationType>] [-ApplicationFirewall <Nullable`1>][-ApplicationIpAddress <String>] [-ApplicationNat <Boolean>] [-ApplicationSubnetMask <String>] [-Enterprise <String>] [-EnterpriseDnsRegistrationType<HpcDnsRegistrationType>] [-EnterpriseFirewall <Nullable`1>] [-Private <String>] [-PrivateDHCP <Boolean>] [-PrivateDHCPClient [<SwitchParameter>]] [-PrivateDHCPDns <String>] [-PrivateDHCPEndAddress <String>] [-PrivateDHCPGateway <String>] [-PrivateDHCPStartAddress <String>] [-PrivateDnsRegistrationType<HpcDnsRegistrationType>] [-PrivateFirewall <Nullable`1>] [-PrivateIpAddress <String>] [-PrivateNat <Boolean>] [-PrivateSubnetMask <String>] [-Scheduler <String>] [<CommonParameters>]
Monday, April 25, 2011 4:54 PM -
Could you also please include an ipconfig /all from one of your compute nodes.
In talking with with colleagues - on a topology 2 cluster, your private network should not have a gateway. There is some problem with how the NIC2 adapter is being identified as a the Private Network Adapter. This is done through using the IP address that is assigned as well as looking at the scope of the Private Network.
If your network adapter on your compute nodes is not getting a valid IP address (e.g. 169, self assigned address) then this could indicate problems with
1) DHCP Server
2) Network Drivers
Hope this helps.
Mark
Monday, April 25, 2011 5:30 PM -
I definitely use Topology 2 - All nodes in enterprise and private networks. The options are:
- When NAT is enabled - the gateway is set to be the private IP of HN (the DNS server can be edited but not the Gateway)
- with NAT disabled - the gateway can't be set (DNS Server can be optionally set), as on my screenshot.
I've googled a couple of messages that say that Windows 7 define the network as private if it has a gateway. Like for example:
http://superuser.com/questions/37355/windows-7-cant-identify-network/37422
http://serverfault.com/questions/9376/is-it-possible-to-change-an-unidentified-network-into-a-home-or-work-networ
If it is not the case for Windows HPC Server 2008 R2, please tell me how to make it. Here is another screenshot where you can see that network that is supposed to be private is Undefined.
Here is the result of ipconfig from the same node as on the screenshot. IP address of Private network is ok, 192.168.0.* just as configured on headnode acting as DHCP server.
BATNOVCL1N1 -> Finished
------------------------------------------------------------------------------------------------------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : BATNOVCL1N1
Primary Dns Suffix . . . . . . . : ent.bhicorp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ent.bhicorp.com
unix.bhicorp.com
Ethernet adapter Private:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II GigE (NDIS VBD Client) #2
Physical Address. . . . . . . . . : 00-22-19-7B-03-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4579:54b3:7334:e054%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:36:50 AM
Lease Expires . . . . . . . . . . : Wednesday, April 27, 2011 9:37:11 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255
DHCPv6 IAID . . . . . . . . . . . : 285221401
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2B-27-BF-00-22-19-7B-03-E9
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Enterprise:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-22-19-7B-03-E9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.44.12.161(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.44.12.254
DNS Servers . . . . . . . . . . . : 10.44.12.201
147.108.109.231
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{BD35E0EF-3518-4B03-83D2-B0105604D734}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{DE0C8631-5EF2-4A22-8ECF-32382621D0FA}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
------------------------------------------------------------------------------------------------------------------------
Tuesday, April 26, 2011 8:38 AM -
I misunderstood your question... I thought the private network adapter wasn't getting named private, but instead it is the network profile that is unidentified.
Do you have any policy rules that impact the different profiles (domain, public, private) ?
What are your firewall settings when configuring your Private Network (are you turning the firewall on, off, or not having HPC manage the firewall?)
Thanks,
Mark
Tuesday, April 26, 2011 4:10 PM -
All my custom firewall rules are applied to all profiles, however I have some rules such as "McAfee Framework Service" that are applied only to Domain or Public profiles.
On the headnode in network configuration I choose firewall ON for Enterprise and OFF for Private network. On the nodes I still see that Firewall in ON for Private profile, but as I understand it doesn't matter because "After a network adapter is excluded from Windows Firewall, communication to and from the node is completely open through that adapter, independently of the Windows Firewall rules that are enabled or disabled on the node."
Do you think that can be the reason that my Private network is Undefined?
Friday, April 29, 2011 10:18 AM -
Your HPC 'Private' network is Unidentified by the OS because the network lacks identifiable characteristics. The default network profile for unidentified networks is "Public" for security reasons. However, if you chose to disable the firewall for your cluster's private network then it doesn't really matter what network profile the interface is using because the firewall will be disabled on the interface regardless of it's profile setting.
If you really wanted to change the network profile for unidentified networks from 'Public' to 'Private', you could do this by running the powershell script found at http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx.
--Brian
- Proposed as answer by Mark Staveley Wednesday, May 4, 2011 1:38 AM
- Marked as answer by Nikita Tropin Wednesday, May 4, 2011 2:46 AM
Tuesday, May 3, 2011 7:52 PM -
That is exactly the same link as I proposed in my first message, but thank you for explanation.Wednesday, May 4, 2011 2:46 AM