Re: Installing ISA Server for first time
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Tue, 27 Mar 2007 04:41:48 GMT
Hello Mike,
Thank you for kind update.
The ISA server 2004 is a security product. It will help you to improve
system and network safety factor. After you install the ISA 2004 on your
SBS server, the SBS and your internal network will safer than before.
Therefore, the NAT before ISA is not indispensable.
Of course, add a NAT router or firewall before SBS will further improve
your SBS and internal network safety factor. If you decide to do that,
please ensure you have correct configure your router forward necessary TCP
ports to SBS. For example: 25 (SMTP), 1723 (VPN), 4125 (RWW), 443 (SSL),
444 (sharepoint SSL), 80 (HTTP), 3389 (RDP) etc, it is depend on the
services running on SBS. Please contact your router vendor to confirm the
detail steps to configure NAT and port forwarding.
If you plan to add NAT before SBS, you'd better install ISA 2004 after you
finish the configuration of the router and ensure your network work fine.
Hope these steps will give you some help.
Thanks and have a nice day!
Best regards,
Terence Liu(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
| Subject: Re: Installing ISA Server for first time
| User-Agent: 40tude_Dialog/2.0.15.1 (3783c79a.106.389)
| MIME-Version: 1.0
| Content-Type: text/plain; charset="us-ascii"
| Content-Transfer-Encoding: 7bit
| References: <OUfZenobHHA.4544@xxxxxxxxxxxxxxxxxxxx>
<0jpc035emm56dv1h55llsfleln0bueknrd@xxxxxxx>
<ONL56i0bHHA.588@xxxxxxxxxxxxxxxxxxxx>
<hZLa1O3bHHA.2248@xxxxxxxxxxxxxxxxxxxxxx>
| Date: Mon, 26 Mar 2007 15:26:27 -0700
| Message-ID: <O1nGMX$bHHA.1220@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: adsl-71-144-115-66.dsl.renocs.sbcglobal.net
71.144.115.66
| Lines: 1
| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:25449
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| While I familiarize myself with the steps you have put down, Terrence,
| let me ask a question:
|
| I mentioned that my router is passing the WAN IP through to the server.
| So, the WAN-facing NIC in the server has a public IP. This has appeared
| to be fine so far. I do see some attempts from outsiders to try to
| access Exchange Server but they don't seem heavy and as far as I know no
| one has succeeded.
|
| Nevertheless, do I want to consider NAT somewhere ahead of the server?
| If so, do I want to do that before installing ISA Server 2003?
|
| On Mon, 26 Mar 2007 06:55:07 GMT, Terence Liu [MSFT] wrote:
|
| > Hello Mike,
| >
| > Thank you for posting here. And thanks for Jim's inputs.
| >
| > According to your description, I understand that you want to install
ISA
| > server on your SBS 2003. If I have misunderstood the problem, please
don't
| > hesitate to let me know.
| >
| > Based on my research, since you have SBS 2003 sp1 media, you can refer
to
| > the following steps to achieve your goal:
| >
| > 1. Please perform the following steps to install ISA 2004 on SBS 2003
sp1:
| >
| > Installation Instructions for Service Pack 1 for Windows Small Business
| > Server 2003, Premium Technologies
| >
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
| > 356b6/SP1Setup_prem.htm
| >
| > Note: the step three is Install ISA Server 2004.
| >
| > 2. Download and install ISA 2004 sp2:
| >
| > You can download ISA server sp2 from the following page:
| >
http://www.microsoft.com/downloads/details.aspx?familyid=88350ABA-D09E-44B5-
| > 8002-96590ABFA148&displaylang=en
| >
| > 3. After you install ISA 2004 on SBS, please rerun the CEICW to make
sure
| > your SBS 2003 server have right network configuration and make Exchange
to
| > work fine.
| >
| > Go through the follow KB and Rerun CEICW again carefully.
| >
| > How to configure Internet access in Windows Small Business Server 2003
| > http://support.microsoft.com/kb/825763/en-us
| >
| > If you want to publish your OWA, RWW, VPN service etc, please perform
the
| > following steps:
| >
| > a. On the SBS 2003 Server open the Server Management console. Go to
| > Standard Management\To Do List.
| >
| > b. Click the "Connect to the Internet" link.
| >
| > c. When navigating to the Firewall page, select "Enable firewall" and
click
| > Next (I suppose you have 2 network adapters in SBS 2003).
| >
| > d. On the "Services Configuration" page, select all the items and then
| > click Next.
| >
| > e. On the "Web Services Configuration" page, make sure "Allow access to
the
| > entire Web site from the Internet" is selected. If you select "Allow
access
| > to only the following Web site services from the Internet", make sure
all
| > item in the list are selected. Click Next.
| >
| > f. On the "Web Server Certificate" page, choose to create a new Web
server
| > certificate and then type the public FQDN (your new DNS name) that you
will
| > use to access OWA and RWW (for example, if your public FQDN that you
use to
| > access the sites is www.xyz.com, you should type www.xyz.com as the new
| > certificate name).
| >
| > g. Go through the remaining steps.
| >
| > 4. Please perform the following steps to install ISA 2004 firewall
client
| > on all workstations:
| >
| > Installation Instructions for Service Pack 1 for Windows Small Business
| > Server 2003, Premium Technologies
| >
http://download.microsoft.com/download/2/e/9/2e902d14-da2e-43ba-8bd6-6d258f5
| > 356b6/SP1Setup_prem.htm
| >
| > Note: the step four is Install Firewall Client.
| >
| > After you install firewall client on workstation the workstation can
access
| > Internet as normal.
| >
| > Note: Ensure all workstations are all logon SBS domain.
| >
| > Hope these steps will give you some help.
| >
| > Thanks and have a nice day!
| >
| > Best regards,
| >
| > Terence Liu(MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| >| From: Mike H <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx>
| >| Subject: Re: Installing ISA Server for first time
| >| User-Agent: 40tude_Dialog/2.0.15.1 (54cfd483.119.408)
| >| MIME-Version: 1.0
| >| Content-Type: text/plain; charset="us-ascii"
| >| Content-Transfer-Encoding: 7bit
| >| References: <OUfZenobHHA.4544@xxxxxxxxxxxxxxxxxxxx>
| > <0jpc035emm56dv1h55llsfleln0bueknrd@xxxxxxx>
| >| Date: Sun, 25 Mar 2007 18:47:41 -0700
| >| Message-ID: <ONL56i0bHHA.588@xxxxxxxxxxxxxxxxxxxx>
| >| Newsgroups: microsoft.public.windows.server.sbs
| >| NNTP-Posting-Host: adsl-71-144-115-66.dsl.renocs.sbcglobal.net
| > 71.144.115.66
| >| Lines: 1
| >| Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
| >| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:25341
| >| X-Tomcat-NG: microsoft.public.windows.server.sbs
| >|
| >| Okay, posts read from the 13th to date. I see two general sets of
| >| problems, but, probably, they don't apply.
| >|
| >| I see a problem with the RPC handler for pre-SP1 installations (N/A;
| >| Original install on this machine was at SP1). BUT-IT LOOKS LIKE I'LL
| >| NEED AN IMMEDIATE UPDATE TO ISA 2004 SP2. (According to E-Bitz)
| >|
| >| I see multiple problems when R2 is thrown into the mix (N/A; I don't
| >| have R2).
| >|
| >| Oh, I saw some problems where Exchange Server had not been installed
| >| first, but again, N/A (Exchange Server is installed and a huge hit with
| >| the fans).
| >|
| >| I see problems where ISA Server 2000 is installed. N/A; I don't have
any
| >| flavor or ISA Server.
| >|
| >| I think the framework is in place here to continue planning an ISA
| >| Server 2004 rollout.
| >|
| >| I'm back to the original questions (at the end of this post).
| >|
| >| -- Mike
| >|
| >| On Sun, 25 Mar 2007 12:13:18 GMT, Jim Behning SBS MVP wrote:
| >|
| >|> Read all the posts about Server 2003 SP2 problems in this group before
| >|> you do anything else. Make sure everything works on your server. I
| >|> believe but it could be blind faith, but ISA 2004 is not real happy
| >|> with Server 2003 SP2.
| >|>
| >|> Second thing is you need to have your SBS SP1 media that you orderd a
| >|> year ago to install the proper version of ISA 2004. You don't want to
| >|> install old ISA 2000 that came with SBS 2003. If your media you
| >|> installed SBS with says SBS 2003 SP1 then you should have ISA 2004 on
| >|> the Premium Technologies disk. ISA 2004 for SBS was not a download. It
| >|> was a special order.
| >|>
| >|> On Sat, 24 Mar 2007 20:01:20 -0700, Mike H
| >|> <mkREMOVEhuskeyALL@xxxxxxxxxxxxxxxxxxx> wrote:
| >|>
| >|>>I want to consider installing the ISA Server on my existing SBS 2003
| >|>>Premium server.
| >|>>
| >|>>I installed SBS 2003 Premium perhaps a year and a half ago and only
| >|>>later did I discover that ISA Server required a separate installation
| >|>>process. I didn't have time then.
| >|>>
| >|>>Of course, I've installed all "routine" updates. Furthermore, I
recently
| >|>>installed Exchange Server 2003 SP2, and even more recently, Server
2003
| >|>>SP2.
| >|>>
| >|>>For a firewall, I'm using only the RRAS firewall. My server has a
public
| >|>>IP address - it is not behind a NAT router.
| >|>>
| >|>>I understand that ISA Server 2000 was shipped on my CDs and I
understand
| >|>>that I may want to skip to 2003? 2004?
| >|>>
| >|>>Where might I want to start with this process?
| >|>>
| >|>>What kind of trouble might I expect?
| >|>>
| >|>>Will I be getting a lot of complaints and pressure from workstation
| >|>>users because their web browsing or internet applications might cease
| >|>>functioning?
| >|>>
| >|>>AND...about that router - since we're happy here ( the server has
NEVER
| >|>>stopped or caused trouble in 18 months) do I want to consider enabling
| >|>>its NAT capabilities before installing ISA Server?
| >|>>
| >|>>I have to admit, I'm very worried about breaking our public domain for
| >|>>receiving e-mail. It's been much more reliable than our ISP's.
|
.
- Follow-Ups:
- Re: Installing ISA Server for first time
- From: Mike H
- Re: Installing ISA Server for first time
- References:
- Installing ISA Server for first time
- From: Mike H
- Re: Installing ISA Server for first time
- From: Jim Behning SBS MVP
- Re: Installing ISA Server for first time
- From: Mike H
- Re: Installing ISA Server for first time
- From: Terence Liu [MSFT]
- Re: Installing ISA Server for first time
- From: Mike H
- Installing ISA Server for first time
- Prev by Date: Re: SBS & 2003R2 pdc help
- Next by Date: Re: ConnectComputer Mystery
- Previous by thread: Re: Installing ISA Server for first time
- Next by thread: Re: Installing ISA Server for first time
- Index(es):
Relevant Pages
|
