聯盟伺服器 Proxy 做周邊網路 DNS 區域中的設定的名稱解析Configure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Only the Perimeter Network

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

這樣的名稱解析可以順利聯盟伺服器一或多個網域名稱系統 (DNS) 區提供服務周邊網路 Active Directory 同盟服務 (AD FS) 案例中,必須完成以下工作:So that name resolution can work successfully for a federation server in an Active Directory Federation Services (AD FS) scenario in which one or more Domain Name System (DNS) zones serve only the perimeter network, the following tasks must be completed:

  • 必須更新主機上的檔案聯盟 proxy 伺服器新增聯盟伺服器的 IP 位址。The hosts file on the federation server proxy must be updated to add the IP address of a federation server.

  • 必須設定周邊網路的 DNS 解析所有 AD FS client 要求主機聯盟 proxy 伺服器的名稱。DNS in the perimeter network must be configured to resolve all client requests for the AD FS host name to the federation server proxy. 若要這樣做,您加入主機 (A) 資源記錄周邊 DNS 聯盟 proxy 伺服器。To do this, you add a host (A) resource record to perimeter DNS for the federation server proxy.

注意

下列程序假設的主機 (A) 資源建立一筆資料聯盟伺服器已被 DNS 公司網路中。These procedures assume that a host (A) resource record for the federation server has already been created in the corporate network DNS. 如果這個記錄還不存在,建立這個記錄,,然後執行下列程序。If this record does not yet exist, create this record, and then perform these procedures. 如需如何建立主機 (A) 資源記錄聯盟伺服器,查看新增主機和 #40;A 與 #41;企業的 DNS 伺服器聯盟資源記錄For more information about how to create the host (A) resource record for the federation server, see Add a Host (A) Resource Record to Corporate DNS for a Federation Server.

聯盟伺服器的 IP 位址新增到主控檔案Add the IP address of a federation server to the hosts file

使聯盟 proxy 伺服器能如預期般 account 協力廠商周邊網路中,您必須將項目新增至主機上的檔案聯盟伺服器 proxy 指向聯盟伺服器的主機的 DNS 名稱 \ (例如,fs.fabrikam.com) 及 IP 位址 \ (例如,192.168.1.4) 中的 account 合作夥伴公司網路。So that a federation server proxy can work as expected in the perimeter network of an account partner, you must add an entry to the hosts file on that federation server proxy that points to a federation server's DNS host name (for example, fs.fabrikam.com) and IP address (for example, 192.168.1.4) in the corporate network of the account partner. 將此項目新增至主機的檔案會防止聯盟 proxy 伺服器連絡本身解析 client\ 車載機起始呼叫到聯盟 account 合作夥伴的伺服器。Adding this entry to the hosts file prevents the federation server proxy from contacting itself to resolve a client-initiated call to a federation server in the account partner.

資格在系統管理員,或相當於、在本機電腦上的最低需求完成此程序。Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

若要新增聯盟伺服器的 IP 位址主控檔案To add the IP address of a federation server to the hosts file

  1. 瀏覽到 %systemroot%\Winnt\System32\Drivers directory 資料夾,並找出主機檔案。Navigate to the %systemroot%\Winnt\System32\Drivers directory folder and locate the hosts file.

  2. 在「記事本」,[開始],然後打開主機檔案。Start Notepad, and then open the hosts file.

  3. 在 [account 合作夥伴中加入的 IP 位址和主機聯盟伺服器的名稱主機檔案,以下的範例所示:Add the IP address and the host name of a federation server in the account partner to the hosts file, as shown in the following example:

    192.168.1.4fs.fabrikam.com192.168.1.4fs.fabrikam.com

  4. 儲存,並關閉檔案。Save and close the file.

新增至周邊 DNS 主機 (A) 資源記錄聯盟 proxy 伺服器Add a host (A) resource record to perimeter DNS for a federation server proxy

這樣戶端在網際網路上已成功可以存取聯盟伺服器透過部署新聯盟 proxy 伺服器,您必須先建立主機 (A) 資源記錄 DNS 周邊設備中。So that clients on the Internet can successfully access a federation server through a newly deployed federation server proxy, you must first create a host (A) resource record in the perimeter DNS. 此資源記錄解析主機伺服器的名稱 account 聯盟 \ (例如,fs.fabrikam.com) proxy account 聯盟伺服器的 IP 位址 \ (例如,131.107.27.68) 周邊網路中。This resource record resolves the host name of the account federation server (for example, fs.fabrikam.com) to the IP address of the account federation server proxy (for example, 131.107.27.68) in the perimeter network.

注意

假設您使用 DNS 伺服器,使用 DNS 伺服器,服務執行的 Windows 2000 Server、Windows Server 2003 或 Windows Server 2008 控制周邊 DNS 區域。It is assumed that you are using a DNS server, running Windows 2000 Server, Windows Server 2003, or Windows Server 2008 with the DNS Server service, to control the perimeter DNS zone.

資格在系統管理員,或相當於,才能完成此程序最小值。Membership in Administrators, or equivalent, is the minimum required to complete this procedure. 檢視詳細資料使用適當的帳號,並群組成員資格,本機和網域預設群組Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

新增至周邊 DNS 主機 (A) 資源記錄聯盟 proxy 伺服器To add a host (A) resource record to perimeter DNS for a federation server proxy

  1. 在周邊網路的 DNS 伺服器,開放 DNS snap\ 中。On a DNS server for the perimeter network, open the DNS snap-in. 按一下[開始],指向 [系統管理工具],然後按一下 [ DNSClick Start, point to Administrative Tools, and then click DNS.

  2. 在主機中樹狀結構 right\ 按一下適用的正向對應區域,,然後按一下新主機 (A or AAAA)In the console tree, right-click the applicable forward lookup zone, and then click New Host (A or AAAA).

  3. 名稱,輸入只聯盟伺服器的電腦名稱。In Name, type only the computer name of the federation server. 例如的完整網域名稱 (FQDN) fs.fabrikam.com,輸入fsFor example, for the fully qualified domain name (FQDN) fs.fabrikam.com, type fs.

  4. 的 IP 位址,例如,輸入 IP 位址新聯盟伺服器 proxy 131.107.27.68In IP address, type the IP address for the new federation server proxy, for example, 131.107.27.68.

  5. 按一下新增主機Click Add Host.

其他參考資料Additional references

檢查清單︰ 聯盟 Proxy 伺服器設定Checklist: Setting Up a Federation Server Proxy

聯盟的 Proxy 伺服器的名稱解析需求Name Resolution Requirements for Federation Server Proxies