Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
1 CSS 2 Arrays 2 sites - not possible?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
1 CSS 2 Arrays 2 sites - not possible? - 29.Sep.2006 11:07:19 PM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi all,
I've just come a phone call with MS PSS, and apparently, I can't have the following scenario:
1 CSS server at the Main site
1 Array member in Array #1 in Main site
1 Array member in Array #2 in Remote site
Apparently, this is because "by design"... the Array members are not allowed to synch with a CSS over any interface except the Internal interface. Because I was hoping to rely on a Site-to-site VPN to synch, the machines would never synch.
I worked around the problem initially, by installing the remote server locally, then making it remote. But apparently, this will only provide a read-only copy of the CSS on the remote machine. If I make additional changes, they will never be synched.
This all started because I wanted to be able to install an ISA server remotely, AND, take advantage of the Enterprise capabilities (common CSS etc...).
It would appear to me that much of the value of having a common CSS is lost if I can't synch.
The MS solution was to install a CSS in the remote site as well. But now, I will no longer be able to manage the remote site with the same enterprise rules. Or am I missing something here?
Has anyone tried a similar setup? Any suggestions?
Best Regards, and thanks for any input!
Oliver
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 30.Sep.2006 5:18:28 PM
|
|
|
tshinder
Posts: 47644
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Oliver,
The problem isn't the placement of the CSS, the problem is the array configuration.
All array members must be on the same site. You can't have array members that have their external interfaces on different network IDs and their internal interfaces on different network IDs.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 30.Sep.2006 7:00:27 PM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi Tom,
Thanks for the reply. So what you are saying is that I need to have a separate CSS in every site, and there is no way around this?
If that's so, is there any way to have each site managed centrally? Ideally, I would like to be able to set common rules as Enterprise rules, once. Not one time for each CSS.
Just to be clear though, I have 2 arrays. Each array is dedicated to a different site. Within each array, lives one ISA server (the only ISA server in that array). So if I read what you wrote correctly, all my array members (within each array) are in fact, in the same site.
Also, do you have a good document that outlines exactly how ISA works in these multi-site scenarios? I would love to drill down as deep as possible to make sure I understand what the software is expecting so that I don't run into a similar problem at a later date.
Thanks again, I appreciate the help.
Oliver
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 30.Sep.2006 9:40:21 PM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi Tom, thanks again for the reply.
So then I've got the basics for what I need.
I have one CSS at the main site, and I have 1 array at the main site, with one server in it. I also have a second array at the remote site with one server in it. Both array's use the CSS at the main site.
Why can't I get the remote site server to synch?
Thanks,
Oliver
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 2.Oct.2006 5:59:10 PM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi Tom,
So I tried to install SP2 on the remote site (the one without a CSS) and the installation failed miserably. This could be because the server wasn't synched.
If you know how to get around the synching issue, I'd love to hear about it :).
Thanks,
Oliver
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 2.Oct.2006 9:25:12 PM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi Tom,
I gave up on installing SP2, and tried to focus on getting the machines to sync. I managed to trick the remote site into thinking it had an interface on the same Internal network as the main server by giving it's internal NIC a secondary address, and adding that address to the Networks config for the remote Internal network. This made the remote machine sync with the main site machine. However, it did not cause the main site machine to recognize the sync, and the remote machine lost knolwedge of the sync after each reboot.
After creating a site-to-site vpn, the machines would not sync at all, in this scenario.
So, unless you have any suggestions, I'm going to give up and install a second CSS in my remote site, tomorrow morning. This really sucks.
Any ideas would be appreciated, before I re-install the remote site, if you can :)
If you are equally as stumped, thanks anyway for your help, I appreciate it.
Oliver
|
|
|
|
|
RE: 1 CSS 2 Arrays 2 sites - not possible? - 4.Oct.2006 1:11:04 AM
|
|
|
olivero
Posts: 42
Joined: 23.Oct.2003
Status: offline
|
Hi Tom,
I found this document:
http://www.microsoft.com/technet/isa/2004/plan/intro_to_branch_deployment_ee.mspx#_Installing_the_Configuration_Storag
and tried installing a replica CSS by publishing the main CSS. It all goes well until it tries to install ADAM in replica mode, then I get an error. I tried to paste the popup screen shot here, but can't, and it's large, so I can't type it all, but it basically says:
Setup failed to install ADAM in replica mode. AD could not create the NTDS Settings object for this directory server **very long name that point to the NTDS Settings object under my replica server's name under the Sites container ** on the remote directory server <my main firewall's FQDN:2171> Ensure the provided network credentials have sufficient permissions.
Error code: 0x800706be
The remote procedure call failed.
I tried installing as an Enterprise Admin (the doc asked me to), and there doesn't seem to be any mention of RPC publishing in the doc.
So far MS PSS is stumped...
Any ideas? I managed to wangle another day out of the project.
Thanks,
Oliver
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
