[isalist] Re: ISA Server 2006 Intra-Array Communication

  • From: Steve Moffat <steve@xxxxxxxxxx>
  • To: ISA Mailing List <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 23 Oct 2008 13:02:35 -0300

You haven't exported the private key along with the cert.

S

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Thursday, October 23, 2008 12:39 PM
To: ISA Mailing List
Subject: [isalist] Re: ISA Server 2006 Intra-Array Communication

So... this is what I see (see attachment) after I import the SSL cert received 
from VeriSign on both servers and attempt to assign it to a listener.  It's 
driving me nuts. :(

Thoughts?
On Thu, Oct 23, 2008 at 10:54 AM, Jim Harrison 
<Jim@xxxxxxxxxxxx<mailto:Jim@xxxxxxxxxxxx>> wrote:
http://www.ISAserver.org<http://www.isaserver.org/>
-------------------------------------------------------

This is set in the "Communication" tab of each server properties.
You tell ISA what IP address to use and the interface is selected on that basis.
Er..
Why do you want them to communicate with each other via the external interface?
There can be no web proxy listener operating there an so no intra-array 
communications can take place.
Do the certs exist on all array members?  They must if you want to assign them 
to a VIP.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Jerry Young
Sent: Thursday, October 23, 2008 7:18 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] ISA Server 2006 Intra-Array Communication

All,

I seem to recall reading something that talked about a Registry entry that can 
be used to tell ISA Server which interface to use for intra-array 
communication.  This is not the same as the UnicastInterHostCommSupport 
Registry value.

Right now, I'm in the process of standing up a pair of ISA Servers in an array 
but am waiting for the network engineers to properly configure the switch port 
to which the external interface on one the servers is connected.  Until that 
time, the two servers can't communicate with each other over the external 
interfaces.  I'm running into some strange behavior (machine certs sometimes 
show as installed correctly, not installed correctly, or can't be found) when 
attempting to assign a certificate (different from the machine cert) to a 
listener that runs on top of an NLB VIP on the external interfaces and I'd like 
to rule out network connectivity between the two as a potential cause.

Does anyone know of which I write or did I somehow muddle and morph something I 
read into something that doesn't exist?
--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com<http://www.techgenix.com/>
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx<mailto:listadmin@xxxxxxxxxxxxx>



--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer

Other related posts: