RE: Suggestion for setup and backup, question of using SP4 on WIN2K
- From: Jim Prato <jprato@xxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 25 Jul 2003 11:07:19 -0500
Tom,
Can it be concluded that SVC pack 4 (on WIN 2k) is not recommended for
production ISA server? Or just for a backup system?
Thanks.
jp
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, July 22, 2003 9:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Suggestion for setup and backup
http://www.ISAserver.org
http://www.ISAserver.org
BM_000000tsingh
Junior Member
Member # 1496
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496>
Rate Member <http://forums.isaserver.org/ubb/icons/icon1.gif> posted
July 19, 2003 04:33 AM
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_profile;u=00001496>
Profile for tsingh
<http://forums.isaserver.org/ultimatebb.cgi?ubb=private_message;u=00001496>
Send New Private Message
<http://forums.isaserver.org/ultimatebb.cgi?ubb=edit_post;f=1;t=002364;reply
_num=000000;u=00001496> Edit/Delete Post
<http://forums.isaserver.org/ultimatebb.cgi?ubb=reply;f=1;t=002364;replyto=0
00000> Reply With Quote
_____
ISAS2000 Configuration Guideline
This config is what I used to ready a backup ISA server in case of disaster.
Thought it would be worthwhile sharing ....
Windows 2000 server with sp3+ (not sp4)
join domain
create c:\systemlogs\rras, \isa\webproxy, \isa\firewall, \isa\packetfilters
configure interfaces south and north
fake south ip and correct public ips
LAT better be right.
install windows 2000 support tools (.ocx
required for Import/Export tool)
install pstools
install isa server and configure basic info
change logging locations
change intra array address
add LDT - *.yourlocaldomail.com
change HTTP Redirector filter option to send direct to website if local
proxy is not available
disable h.323 application filter
create one server or web publishing rule to test isa as well
run the vpn wizard and restart to complete rras startup
configure rras settings
ensure that north/south interface have correct primary ips
change dhcp settings to static pool of 150.64.12.61 - 150.64.12.80 (20 ips)
also change ras adapter to South to search for dhcp servers
change logging locations as above
delete default dial-in policy
add ISA Dial In Users policy as follows
conditions - windowsgroup - ISA Dial In Users
encryption changes to strong and strongest
idle disconnect set to 120mins and total time to 600mins
test vpn access for yourself
test web/server publishing rules as well
GHOST THIS IMAGE WHEN WORKING WELL.
isa configuration - complete
apply SP1, FP1
apply HF176 - for shoutcast streaming fault (mem leak) - this was a problem
i had
apply HF260 - for FTP PASV connections dropping (uses multiple ext IPs for
connections) - this was a problem i had
change Incoming Web Requests - add all webfacing IPs on the external
interface (80/443)
export the latest settings from isa server to .isa files -
<http://www.isatools.org/> www.isatools.org
note: protocol rules and site/content rules need "machine-specific settings"
checked
import in the following order
content groups
custom protocol definitions
client address sets
destination sets
schedules
ip packet filters
protocol rules - (needs machine-specific properties set)
site and content rules - (needs machine-specific properties set)
add all web publising rules manually from isainfo.txt file
run the secure mail wizard and publish smtp in, smtp out, pop3 services
enable alerts for startup, shutdown, initialization failure, no response and
misconfig
create weekly (6pm) and daily (8pm) reports
run the ISAInfo.vbs file to compile ISA system profile
GHOST THIS IMAGE WHEN WORKING WELL.
Right. So, to bring to bad boy live, first change the local or South IP
address to the same as the live server, and switch the server network cables
(North and South) and restart the backup (to be live) server. Note that the
IntraArryaddress problem must be solved as mentioned on (if you have this
stupid problem). look it up..
also, to manage this bad boy remotely, you need to do this ...
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984>
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=2;t=006984
CHEERS, TSINGH.
[ July 19, 2003, 04:38 AM: Message edited by: tsingh ]
_____
Posts: 17 | From: Toronto, On, Canada | Registered: Jun 2001 | IP:
<http://forums.isaserver.org/ultimatebb.cgi?ubb=get_ip;f=1;t=002364;reply_nu
m=000000> Logged
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jprato@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jprato@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
