Exam 70-417 topic 1 question 89 discussion

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 and a member server named
Server1. Server1 has the IP Address Management (IPAM) Server feature installed.
On DC1, you configure Windows Firewall to allow all of the necessary inbound ports for IPAM.
On Server1, you open Server Manager as shown in the exhibit. (Click the Exhibit button.)


You need to ensure that you can use IPAM on Server1 to manage DNS on DC1.
What should you do?

Suggested Answer: C 🗳️

The exhibit shows (in the details tab) that firewall rules are OK for DNS management (DNS RPC Access Status Unblocked) But it shows too that Event log Access
Status is blocked (which by the way blocks the IPAM Access Status) => We should solve this by adding the Server1 computer account to the Event Log Readers group Understand and Troubleshoot IP Address Management (IPAM) in Windows Server 8 Beta (download.microsoft.com) IPAM Access Monitoring


IPAM Access Settings -


Manual provisioning -

For manual -
provisioning, ensure that the required access settings are appropriately configured on the target server manually.
Verify Access Verify that IPAM access status is listed as unblocked indicating that manual or GPO based provisioning is successfully complete.
For the IPAM access status value to be allowed, all of the access sub-states shown in the details pane should be marked as allowed. These access states are:

DNS RPC access status -

DHCP RPC access status -

Event log access status -

DHCP audit share access status -
[...]

Troubleshooting Access Issues -
If any of the access sub-states for managed server roles is showing in the Blocked state, check that the corresponding setting is enabled on the target server. For details of access setting to sub-state mapping refer to the IPAM Access Monitoring section in this guide. For GPO based provisioning, the GPResult command line tool can be used to troubleshoot group policy update issues. The provisioning task setup by IPAM DHCP and DNS GPOs creates a troubleshooting log in the location%windir%\temp named IpamDhcpLog.txt and IpamDnsLog.txt respectively. http://social.technet.microsoft.com/Forums/en-US/winserver8gen/thread/c882c077
-61bd45f6-ab47-735bd728d3bc/

IPAM -
-Unblock access to a DC?
The process to manually (not GPO based) unblock a DNS/DC server is:
1. Enable DNS RPC access by enabling the following inbound Firewall rules: a) DNS Service (RPC) b) DNS Service (RPC Endpoint Mapper)
2. Enable remote management access by enabling the following inbound Firewall rules: a) Remote b) Service Management (RPC) b) Remote Service Management (RPC-EPMAP)
3. Enable Remote Event Log Management RPC access by enabling the following inbound
Firewall rules:
a) Remote Event Log Management (RPC)
b) Remote Event Log Management (RPC-EPMAP)
4. Add the IPAM machine acct to the Event Log Readers domain security group. See the example below.
This view is from Active Directory Users and Computers \contoso.com \Builtin \Event Log Readers:


Also, there should be a Details tab at the bottom that summarizes whether or not the correct firewall ports and the Event Log Access status are unblocked
References:
http://technet.microsoft.com/en-us/library/jj878313.aspx