Sign in
Microsoft.com
 
Microsoft
 
 
 

none
How to make private network to be defined as private?

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello, I have Windows HPC Server 2008 R2 cluster with topology 2 - All nodes in enterprise and private network. The problem is that on the compute nodes network connected to NIC2 and supposed to be private is shown as "Undefined". And by default "Undefined" networks are Public. I found out that it is Undefined because there is no gateway, but there is no option in HPC Manager  to set gateway for private network (my headnode acts as DHCP server for it).

    I found 2 workarounds here:

    1. On the nodes press WinKey+R, type "secpol.msc" without quotes. Then click Network List Manager Policies on the left, and then you should be able to change it from there. There is an option what to do with Undefined networks, you can make them Private.

    2. Basically the same solution but with script. It is for Windows 7 but also works here. http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx

    Is there any other way to make private network in 2nd topology to be defined as private on the nodes?


    Friday, April 22, 2011 6:34 AM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Your HPC 'Private' network is Unidentified by the OS because the network lacks identifiable characteristics.  The default network profile for unidentified networks is "Public" for security reasons.  However, if you chose to disable the firewall for your cluster's private network then it doesn't really matter what network profile the interface is using because the firewall will be disabled on the interface regardless of it's profile setting.

    If you really wanted to change the network profile for unidentified networks from 'Public' to 'Private', you could do this by running the powershell script found at http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx.

    --Brian


    • Proposed as answer by Mark Staveley Wednesday, May 04, 2011 1:38 AM
    • Marked as answer by Nikita Tropin Wednesday, May 04, 2011 2:46 AM
    Tuesday, May 03, 2011 7:52 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Dear Nikita,

     

     I would like to understand your question better - Could you please copy the information from your network configuration report on your head node.

     

     Also with your private network settings - in the network wizard there is a step "Private Network Configuration"

     

     You should be able to set the IP Address Range, the Gateway and the DNS server for your private network there.

     

      There are some assumptions made if you have NAT selected but you shouldn't need NAT with a Topology 2 cluster.

     

    Hope this helps,

    Mark

     

    Friday, April 22, 2011 4:30 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Mark, the problem with Private Network Configuration is that without NAT enabled you can't set the gateway, this field is not available. Here is the screenshot:

    Gateway

    And that is the report from the headnode:

    Network Configurations Report

    Test Result: Complete

    Failed nodes list

    (0)

    No nodes failed this test.

    Test result details

    Result Summary
    This table summarizes the test results for the nodes.
     
    Results No. of Nodes
    Complete 1

    Test results by node


    BATNOVSRV01

    (Complete)

    Private
    This table shows the details about the network configuration of this node.
     
    Setting Value
    Description Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
    ID {49534D62-0D28-42DF-979F-9B8CB5588967}
    Interface Type Ethernet
    Is Online Online
    Mac Address 00-22-19-88-C1-78
    Domain  
    IP Addresses { Address="192.168.0.1", Mask="255.255.255.0" }
    DNSServers  
    DhcpServer  
    Gateway 0.0.0.0
    DhcpEnabled No
    Speed 1000000000

    Enterprise
    This table shows the details about the network configuration of this node.
     
    Setting Value
    Description Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    ID {638693C1-FEAE-4194-AA62-3CDB3FC803F3}
    Interface Type Ethernet
    Is Online Online
    Mac Address 00-22-19-88-C1-76
    Domain  
    IP Addresses { Address="10.44.12.160", Mask="255.255.255.0" }
    DNSServers 10.44.12.201 , 147.108.109.231
    DhcpServer  
    Gateway 10.44.12.254
    DhcpEnabled No
    Speed 1000000000

    Loopback Pseudo-Interface 1
    This table shows the details about the network configuration of this node.
     
    Setting Value
    Description Software Loopback Interface 1
    ID {7ECFEE4D-C6C1-11DF-AC27-806E6F6E6963}
    Interface Type Loopback
    Is Online Online
    Mac Address  
    Domain  
    IP Addresses { Address="127.0.0.1" }
    DNSServers fec0:0:0:ffff::1%1 , fec0:0:0:ffff::2%1 , fec0:0:0:ffff::3%1
    DhcpServer  
    Gateway  
    Speed 1073741824

    isatap.{49534D62-0D28-42DF-979F-9B8CB5588967}
    This table shows the details about the network configuration of this node.
     
    Setting Value
    Description Microsoft ISATAP Adapter
    ID {01A69D68-311B-403A-AC4D-80B4F1CDE46F}
    Interface Type Tunnel
    Is Online Offline
    Mac Address 00-00-00-00-00-00-00-E0
    Domain  

    isatap.{638693C1-FEAE-4194-AA62-3CDB3FC803F3}
    This table shows the details about the network configuration of this node.
     
    Setting Value
    Description Microsoft ISATAP Adapter #2
    ID {CD30218E-B615-4691-B00A-4A2099277757}
    Interface Type Tunnel
    Is Online Offline
    Mac Address 00-00-00-00-00-00-00-E0
    Domain  

    Monday, April 25, 2011 7:42 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Just to be clear - are you using a Topology1 or Topology2 setup? 

     

    In going through the Topology 1 Network Configuration - the difference with enabling / disabling NAT is that

    - When NAT is enabled - the gateway is set to be the HN (the DNS server can be edited but not the Gateway)

    - with NAT disableed - the gateway can be set (both the Gateway and the DNS Server can be edited).

     

    If I go through the Topology 2 Network Configuration - then the gateway cannot be set in either case when NAT is enabled.

     

    Your screenshot would indicate that you are selecting the Topology1 setting but in your original posting you said that you had a Topology 2 cluster.

     

    Also you may want to try configuring your network through Powershell - that might give you the level of customization that you require:

    Set-HpcNetwork [[-Topology] <String>] [-Application <String>] [-ApplicationDHCP <Boolean>] [-ApplicationDHCPClient [<SwitchParameter>]] [-ApplicationDHCPDns <String>] [-ApplicationDHCPEndAddress <String>] [-ApplicationDHCPGateway <String>] [-ApplicationDHCPStartAddress <String>] [-ApplicationDnsRegistrationType <HpcDnsRegistrationType>] [-ApplicationFirewall <Nullable`1>][-ApplicationIpAddress <String>] [-ApplicationNat <Boolean>] [-ApplicationSubnetMask <String>] [-Enterprise <String>] [-EnterpriseDnsRegistrationType<HpcDnsRegistrationType>] [-EnterpriseFirewall <Nullable`1>] [-Private <String>] [-PrivateDHCP <Boolean>] [-PrivateDHCPClient [<SwitchParameter>]] [-PrivateDHCPDns <String>] [-PrivateDHCPEndAddress <String>] [-PrivateDHCPGateway <String>] [-PrivateDHCPStartAddress <String>] [-PrivateDnsRegistrationType<HpcDnsRegistrationType>] [-PrivateFirewall <Nullable`1>] [-PrivateIpAddress <String>] [-PrivateNat <Boolean>] [-PrivateSubnetMask <String>] [-Scheduler <String>] [<CommonParameters>]

    Monday, April 25, 2011 4:54 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Could you also please include an ipconfig /all from one of your compute nodes.

     

    In talking with with colleagues - on a topology 2 cluster, your private network should not have a gateway.  There is some problem with how the NIC2 adapter is being identified as a the Private Network Adapter.  This is done through using the IP address that is assigned as well as looking at the scope of the Private Network.

    If your network adapter on your compute nodes is not getting a valid IP address (e.g. 169, self assigned address) then this could indicate problems with

    1) DHCP Server

    2) Network Drivers

     

    Hope this helps.

    Mark

     

    Monday, April 25, 2011 5:30 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I definitely use Topology 2 - All nodes in enterprise and private networks. The options are:

    - When NAT is enabled - the gateway is set to be the private IP of HN (the DNS server can be edited but not the Gateway)

    - with NAT disabled - the gateway can't be set (DNS Server can be optionally set), as on my screenshot.

    I've googled a couple of messages that say that Windows 7 define the network as private if it has a gateway. Like for example:

    http://superuser.com/questions/37355/windows-7-cant-identify-network/37422

    http://serverfault.com/questions/9376/is-it-possible-to-change-an-unidentified-network-into-a-home-or-work-networ

    If it is not the case for Windows HPC Server 2008 R2, please tell me how to make it. Here is another screenshot where you can see that network that is supposed to be private is Undefined.

    Here is the result of ipconfig from the same node as on the screenshot. IP address of Private network is ok, 192.168.0.* just as configured on headnode acting as DHCP server.

    BATNOVCL1N1 -> Finished
    ------------------------------------------------------------------------------------------------------------------------

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : BATNOVCL1N1
       Primary Dns Suffix  . . . . . . . : ent.bhicorp.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ent.bhicorp.com
                                           unix.bhicorp.com

    Ethernet adapter Private:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II GigE (NDIS VBD Client) #2
       Physical Address. . . . . . . . . : 00-22-19-7B-03-EB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::4579:54b3:7334:e054%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.0.10(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Wednesday, April 20, 2011 9:36:50 AM
       Lease Expires . . . . . . . . . . : Wednesday, April 27, 2011 9:37:11 AM
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 255.255.255.255
       DHCPv6 IAID . . . . . . . . . . . : 285221401
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-2B-27-BF-00-22-19-7B-03-E9
       DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                           fec0:0:0:ffff::2%1
                                           fec0:0:0:ffff::3%1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Enterprise:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II GigE (NDIS VBD Client)
       Physical Address. . . . . . . . . : 00-22-19-7B-03-E9
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.44.12.161(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.44.12.254
       DNS Servers . . . . . . . . . . . : 10.44.12.201
                                           147.108.109.231
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{BD35E0EF-3518-4B03-83D2-B0105604D734}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{DE0C8631-5EF2-4A22-8ECF-32382621D0FA}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    ------------------------------------------------------------------------------------------------------------------------




    Tuesday, April 26, 2011 8:38 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    I misunderstood your question... I thought the private network adapter wasn't getting named private, but instead it is the network profile that is unidentified.

    Do you have any policy rules that impact the different profiles (domain, public, private) ?

    What are your firewall settings when configuring your Private Network (are you turning the firewall on, off, or not having HPC manage the firewall?)

     

    Thanks,

    Mark

     

    Tuesday, April 26, 2011 4:10 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    All my custom firewall rules are applied to all profiles, however I have some rules such as "McAfee Framework Service" that are applied only to Domain or Public profiles.

    On the headnode in network configuration I choose firewall ON for Enterprise and OFF for Private network. On the nodes I still see that Firewall in ON for Private profile, but as I understand  it doesn't matter because "After a network adapter is excluded from Windows Firewall, communication to and from the node is completely open through that adapter, independently of the Windows Firewall rules that are enabled or disabled on the node."

    Do you think that can be the reason that my Private network is Undefined?

    Friday, April 29, 2011 10:18 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Your HPC 'Private' network is Unidentified by the OS because the network lacks identifiable characteristics.  The default network profile for unidentified networks is "Public" for security reasons.  However, if you chose to disable the firewall for your cluster's private network then it doesn't really matter what network profile the interface is using because the firewall will be disabled on the interface regardless of it's profile setting.

    If you really wanted to change the network profile for unidentified networks from 'Public' to 'Private', you could do this by running the powershell script found at http://blogs.msdn.com/b/dimeby8/archive/2009/06/10/change-unidentified-network-from-public-to-work-in-windows-7.aspx.

    --Brian


    • Proposed as answer by Mark Staveley Wednesday, May 04, 2011 1:38 AM
    • Marked as answer by Nikita Tropin Wednesday, May 04, 2011 2:46 AM
    Tuesday, May 03, 2011 7:52 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    That is exactly the same link as I proposed in my first message, but thank you for explanation.
    Wednesday, May 04, 2011 2:46 AM
    |