Install MLC on a Windows 2012 R2 Domain Controller for Demo

**Note: This is not a supported production configuration. This was implemented for a PoC where there
were limited resources available and no other option to install MLC on a dedicated member server.

Quick steps:

1. Install .NET 3.5 Framework before running the MLC install. This can be done by launching Server
Manager, Add Roles and Features. Hit next through the first few screens until you see the option
to check the box for .NET 3.5. By default, 2012 R2 comes without this installed and only has
default support for .NET 4.5.
2. Create a Domain Admin account in AD to use as a service account (mlcadmin)
3. Download MLC 3.0 and extract contents
4. Run the SQLEXPR directly from the <MLC_INSTALL_DIR/SQL2K8Express directory:

5. Choose New installation:

6. During Feature Selection, install just the Database Engine Services:

7. For Instance Configuration, give it a unique name:

8. Under Server Configuration, specify the username created in AD with password. Set SQL Server
Browser to Automatic:

9. Under Database Engine Configuration, add the admin account created (mlcadmin) below:
10. Finish install. Open SQL Server Configuration Manager, expand “SQL Server Network
Configuration” and Protocols:

11. Right click “TCP/IP” and go to Properties. On the Protocol tab, set “Enabled” to Yes:

12. Click the IP Addresses tab, find the IP of the domain controller and set the “Active” and
“Enabled” fields to Yes:
 13. Restart the SQL instance. This will create a listener for a random TCP port which will be static
between restarts:

14. Go back to SQL Configuration Manager and click “SQL Server Services” to get the PID for the
server process (we’ll use this to get the port) – PID 1604:

15. Open a DOS window and run: ‘netstat –na –o | find “1604”.
In this case, port 52453:

That completes the SQL Express 2008 install.

16. Go back to the MLC directory and run the MLC Setup.exe:
When you get to the “SQL Express Option” page, select “Use existing Microsoft SQL server in
your environment:
 17. When you get to the Database Information page, select the SQL instance running on the local DC,
use the correct domain, AD account credential created in #2 and specified in #9 above, and put
the correct port number for the SQL instance (#15 above):

Finish the install. Almost done.

18. Log in to the MLC and configure the Monitored Domain as normal. I used the same “mlcadmin”
account defined elsewhere in this doc.
You’ll notice that the ID Manager and Login Acquisition Manager components will stay in a red
state.
This appears to be related to how Microsoft handles communicates over Kerberos when running
on the same box (using named pipes vs. TCP sockets over the network):

19. To resolve this, navigate to the Login Collector folder under the MLC installation directory and
find the utility “wmiconfig”:

20. Run wmiconfig and change the “DC Connection” setting from Kerberos to NTLM:
Hit OK.
In about 30 or so seconds, you should see the collection services go green:
Double check to make sure you now have identities in the Logon Report:

Everything else on NGFW is set up as normal.

**Last note: it is supported to use an external SQL database for storage versus the SQL Express 2008
database.