General discussion

Locked

ISA in SBS

By amy ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

40 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

ISA in SBS

by amy In reply to ISA in SBS

How to's and other configurations relevent to using ISA on an SBS server.

Collapse -

ISA2004 Installation Fails during SBS 2003 SP1 Install

by amy In reply to ISA in SBS

Subtitle: In which Amy spends 5+ hours on the phone with PSS on a Service Pack installation problem and the issue doesn't get resolved. Or, in which after 3 days and 5 different support specialists the problem is mostly resolved.<br /><br />Here's the situation:<br /><br />It was a dark but otherwise lovely week night evening and the SBS 2003 SP1 installation was humming along. I was only 3 hours into the installation and ready to install ISA2004. Record time! 27 PC's already had the old ISA2000 client removed and were awaiting the new client. Then it happened. <insert here music erie><br /><br />"The wizard cannot install ISA Server 2004. Try to install it again by restarting this wizard. If the problem persists, see http://www.microsoft.com/windowsserver2003/sbs/support for additional help and support." <br /><br />From the sbsisa2k log:<br /><br />SBSISA2K4SETUP: CreateProcess returned OK<br />SBSISA2K4SETUP: ISA2k4 setup completed before post config<br />SBSISA2K4SETUP: *** WaitingForMultipleObjects returned ERROR 0x80004005<br />SBSISA2K4SETUP: *** LaunchISA2k4NativeSetup returned ERROR 0x80004005<br />SBSISA2K4SETUP: *** Running ISA2k4 setup unattended returned ERROR 0x80004005<br />SBSISA2K4SETUP: Entering IsISA2k4Installed<br />IsISA2k4Installed returned FALSE<br />SBSISA2K4SETUP: ISA2k4 is NOT installed<br />SBSISA2K4SETUP: *** CSbsIsa2k4SetupCommit::CommitEx returned ERROR 0x80004005<br />SBSISA2K4SETUP: *** CommitEx returned ERROR 0x80004005<br />SBSISA2K4SETUP: Committer failed<br />SBSISA2K4SETUP: (error message is generic.)<br />SBSISA2K4SETUP: *** Commit returned ERROR 0x80004005<br />SBSISA2K4SETUP: *** Commit returned ERROR 0x80004005<br />SBSISA2K4SETUP: Setting the event to signal post setup<br />SBSISA2K4SETUP: *** InstallISA2k4 returned ERROR 0x80004005<br />SBSISA2K4SETUP: *** Installing ISA2k4 returned ERROR 0x80004005<br />SBSISA2K4SETUP: Exiting<br /><br />This story could go on and on for about 3 days but I'll keep it short and to the point. The problem was that the ISA setup couldn't load the performace monitor counters. This resulted in MSDE not be able to load and although the base of ISA installed the failures were noted and the install rolled back and rebooted the server with having removed ISA2000 but failed to install ISA2004. When this happened I thought, oh no, my ISA2000 settings! I wasn't smart enough to have made a backup of ISA2000 first. The complancy of many successful upgrades had gotten the best of me. So PSS directed me to go to C:\program files\Microsoft Small Business Server\Support\Premium and save the .xml file that the upgrade process had created of my ISA2000 settings. This particular client had a few that I didn't want to have to recreate. The thought was that we could import this xml file later.<br /><br />This is where the first 2 support specialists left me. The next day I emailed the most helpful Jim Harrison and he said what do the ISA detailed install logs say? Where are they, says I? The detail ISA install logs live in C:\windows\temp and are called ISAWRAP_number.log, ISAMDSE_number.og and ISAFWSV_number.log. The installation process uses verbose logging so there are a lot of log files with a lot of text in them. I pulled out this error message: Setup failed. Error returned: 0x643<br />MSDE Installation failed, hr=80070643 and then emailed it to the support technician. He passed it on to yet another technician who got an MSDE support specialist on the line and he solved the problem.<br /><br />Here's how to resolve this problem. If you are getting this error message, open up Performance Monitor on the server. Click the + sign to add a new counter. If your counters are numbers rather than friendly descriptions, then you have corrupt performance counters, just like this server did.<br /><br />Open a command prompt and running the following:<br /><br />lodctr /r:perfstringbackup.ini <br /><br />Now go back into Performance Monitor and verify that the counters have friendly names and descriptions. Commence to install ISA2004.<br /><br />Unfortunately this story has no ending as I've not yet been able to import the xml file with my ISA2000 settings in it. Apparently the unattended install of ISA2004 uses a password to protect this file and no one has been able to tell me what that password is.<br /><br />Good news: ISA2004 is installed and working. <br />Bad news: My ISA2000 settings are locked in a password protected file...<br /><br /><br /><br /><strong>A solution to the missing password has been found! Thanks, yet again to Jim Harrison and the SBS Team.<br /><br />..and the answer is:<br /><br />%programfiles%\microsoft windows small business server\support\sbsisa2k4setuplog.txt<br /><br />..has the password embedded in it.</strong><br /><br />This log file and it's associated XML file give anyone a complete view of your Firewall configuration. Leaving this information exposed for anyone to view is not recommended. Take care not to change any of the security settings on these files. The SBS team as protected this information by setting the ACLs on this resource to admin / system by default. Be sure to keep it that way.
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/10/isa2004-installation-fails-during-sbs.html">This post originally appeared on an external website</a></div>

Collapse -

The missing xml password has been found!

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">The post titled ISA2004 Installation Fails during SBS 2003 SP1 Install has been amended to include the solution to the missing password. Thanks once again to Jim Harrison for digging this information up, when PSS was unable to.<br /><br />..and the answer is:<br /><br />%programfiles%\microsoft windows small business server\support\sbsisa2k4setuplog.txt<br /><br />..has the password embedded in it.</div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/10/missing-xml-password-has-been-found.html">This post originally appeared on an external website</a></div>

Collapse -

ISA2004 and Macintosh Computers

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">Eriq Neale has written a couple of nice blog entries recently on issues involved in connecting MAC's through ISA2004. <br /><br />Instructions on how to allow Macintosh computers to work through ISA2004 as securenat clients. A securenat client is a non-Windows operating system client computer that wishes to access the Internet while not having ISA 2004 act as a Proxy for them. <br /><br /><a href="http://simultaneouspancakes.com/Lessons/archives/2005/11/internet_access_1.shtml">Internet Access for Macintoshes behind ISA 2004</a> <br /><br /><em>Comment: I'd prefer that the Macintosh computers be configured as Web Proxy Clients and use a browser that supports proxy settings. Any other apps on the Mac that do not support proxy can be handled as any non-authenticating application. </em><br /><br /><br />How to Publish Timbuktu to one Internal Client:<br /><a href="http://simultaneouspancakes.com/Lessons/archives/2005/10/publishing_timb.shtml">Publishing Timbuktu through ISA 2004</a> </div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/11/isa2004-and-macintosh-computers.html">This post originally appeared on an external website</a></div>

Collapse -

Silent Install of ISA2004 Firewall Client

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">In his blog, Tom Shinder makes note of and expands upon an excellent isaserver.org Member Board post from Ben on how to install the ISA2004 Firewall Client without user interaction. Pair this with WPAD and you've got a real nice way to automatically deploy and configure the Firewall Client on all of your workstations.<br /><br /><br /><a href="http://spaces.msn.com/members/drisa/Blog/cns!1p9yz6owxXl-uIlyqIZXkCrg!310.entry">Tom's Blog</a> </div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/11/silent-install-of-isa2004-firewall.html">This post originally appeared on an external website</a></div>

Collapse -

Allowing the HP Indigo Press to Phone Home

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">Clients that own the HP Indigo printing press are billed by Hewlett Packard on a per page basis. Maintenance costs and print costs are based on usage. To get this information up to HP so they can bill the client a software package runs several times a day and phones (or rather Internets) home how much the press has printed. This traffic occurs on a specific range of ports. Fortunately for me, HP provided good documentation on which ports their software requires. <br /><br />Ports Required: 40000-40199 out and 6055 out. <br /><br />Before beginning I started live logging on ISA and watched the packets get denied. I really didn't want to enable such a large grouping of ports so I watched to see what the software was actually trying to do. As it turns out the software sends a small packet of information over a large number of ports simultaneously. <br /><br />We have a limitation in that the HP press can't join the domain and it won't authenticate. The HP tech set it up as a SecureNat client on the network, in a workgroup called workgroup. Being a SecureNat client really limits our ability to control access. Since the HP press isn't capable of telling us who it is, we'll have to allow these ports out for everyone. At least we don't have to allow access to any additional ports in to make this work.<br /><br />Here's how I did it. Open ISA Management. Click on Firewall Policy. Click Create New Access Rule. Name the rule HP Indigo 40000-41999. Click Next. Choose Allow. Click Next. Leave This Rule Applies to Outbound Traffic and click the Ports button. Click on Limit Traffic to This range of Source Ports and enter 40000 in the From box and 40199 in the To box. Click OK. Click Next. Click the Add button, expand Networks and choose Internal. Click Close. Click Next. Leave this rule applies to All Users and click Next. Click Finish. Follow the same procedure to allow outbound traffic over port 6055. <br /><br />Apply the rule and fire up live logging and have the press operator send data to HP. You should now see only successful packets in the log.</div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/11/allowing-hp-indigo-press-to-phone-home.html">This post originally appeared on an external website</a></div>

Collapse -

MSDE Loggging Memory Use KB

by amy In reply to ISA in SBS

<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;909636&sd=rss&spid=2108">You may experience high memory usage on an ISA Server 2004-based computer that logs messages to an MSDE database</a> <br /><br />This information has been around for a while in the newsgroups. Now it's available as a knowledgebase article. Interestingly of all of the ISA servers that I manage, only 1 has come down with this problem. I be interested to know what triggers it.
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/11/msde-loggging-memory-use-kb.html">This post originally appeared on an external website</a></div>

Collapse -

ISA2004 Recorded Live Meeting Available

by amy In reply to ISA in SBS

On Saturday morning I gave a presentation via Live Meeting to the San Antonio geeks. These guys have been getting together for years on Saturday morning to each tacos, study for exams or just plain IT knowledge and eat more tacos. Pretty cool concept. We all need time to just sit and learn something new and having a group of friends/collegues that you can do it with would make it all the more fun. So they've been studying ISA 2004 for a few months now and asked if I would do a presentation for them. So I did; lingering cold and all. <br /><br />My presentation was recorded for your viewing pleasure. It can be accessed by the public for the next month or so <a href="https://www120.livemeeting.com/cc/winserver_usergroup/view?id=Q78FXW&pw=SqPq4%60P">here</a>. After that it'll only be available to SBS User Group Leads for use at the local SBS User Group Meetings. <br /><br />It's not exactly an introduction. It's not exactly advanced. I'd put it somewhere in the middle. It assumes that you've at least seen the Management console and have been poking around in a bit. <br /><br />As this is the first live meeting recording done for the user groups, the beginning is a little rough and sometimes the sounds isn't the best. But I listened to it and it works. Enjoy!
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/11/isa2004-recorded-live-meeting.html">This post originally appeared on an external website</a></div>

Collapse -

Interesting PodCasts

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">Here are a couple of interesting podcasts:<br /><br />Eriq Neale knows how to run a show. Each is less than 15 minutes long, very professional sound, just plain excellent. <br /><br /><strong>What it's like to write a technical book (specifically SBS 2003 Unleashed)</strong> <br /><a href="http://www.eoncall.com/Portals/0/eonCall1207Show_1st1a.mp3">Part 1</a> <br /><a href="http://www.eoncall.com/Portals/0/eonCall1207Show_2nd1a.mp3">Part 2</a> <br /><br /><strong>SBS CSS Team will Podcast on ISA 2004 on Friday.</strong> The podcast will be <a href="http://sbspod.libsyn.com/index.php?post_category=podcasts">here</a> once recorded. Unlike Eriq's, these podcasts are rough through and through and will soak you for an hour of your time. Still there's bound to be good content from the guru's at CSS.</div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/12/interesting-podcasts.html">This post originally appeared on an external website</a></div>

Collapse -

Article: Basic ISA 2004 Troubleshooting

by amy In reply to ISA in SBS

<div xmlns="http://www.w3.org/1999/xhtml">I've written a new article for <a href="http://www.isaserver.org">ISAServer.org</a> titled <a href="http://www.isaserver.org/articles/Basic-ISA-2004-Troubleshooting.html">Basic ISA 2004 Troubleshooting</a>. It's an introduction to configuring ISA logs and using the log information to determine whether or not ISA is blocking traffic that you might need to allow. <br /><br />Enjoy! Feedback on the article can be posted on<a href="http://forums.isaserver.org/ISA_2004_SBS/forumid_46/tt.htm"> the ISA 2004 SBS forum.</a> </div>
<p>
<div class="blogdisclaim"><a href="http://isainsbs.blogspot.com/2005/12/article-basic-isa-2004-troubleshooting.html">This post originally appeared on an external website</a></div>

Back to After Hours Forum
40 total posts (Page 1 of 4)   01 | 02 | 03 | 04   Next

Related Discussions

Related Forums