Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Using ISA 2006 with SCE 2007

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Using ISA 2006 with SCE 2007 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Using ISA 2006 with SCE 2007 - 22.Mar.2008 11:26:06 AM   
myrtwebb

 

Posts: 8
Joined: 3.May2005
From: Montana
Status: offline 		I have installed the new MS management system, System Center Essentials 2007 (SCE)in my Windows 2003 domain. I use ISA 2006 as my edge server.

Problem is that I cannot get my ISA server recognized by SCE so I can manage it using SCE tools. I have installed the SCE agent on ISA and opened ports, 51906, 5723, 8530 and 8531 between the local host and the internal net. I also placed the SCE server in the allowed sites in system policy.

None of the above has helped. I am missing something but I cannot think what it is.
Post #: 1
RE: Using ISA 2006 with SCE 2007 - 22.Mar.2008 12:35:55 PM   
elmajdal

 

Posts: 5103
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		I'm peparing this in an article to be published soon on my site, but as you need it now here it is :

Essentials agent needs to be manually installed on a server with ISA 2004/2006

Follow these step to manually install the agent and configure the needed rules on the ISA server.

Configure manual agent installs settings in Essentials 2007
1.     In the Essentials Console, click the Administration button.
2.     In the Administration pane, expand Administration, and then click Settings.
3.     In the Settings pane, expand Type: Server, right-click Security, and then click Properties.
4.     In the Global Management Server Settings - Security dialog box, on the General tab, click Review new manual agent installations in pending management view, and then click OK.
5.     After completing the manual agent installation process and configuring the appropriate firewall rules on the ISA server below, you will need to approve the agent for installation in the Pending Actions view in the Administration space.
Manually install an agent on the ISA server
1.     On the computer on which you want to install the agent, from the Essentials 2007 Setup media, start SetupSCE.exe.
2.     Click Agent to install an agent.
3.     In the Agent Setup wizard, select the Specify Management Group Information check box.
4.     On the Management Group Configuration page, specify the following:
o    In Management Group Name box, enter <Management Server netbios name>_MG.
o    In Management Server name box, enter the fully qualified domain name (FQDN) of the Essentials 2007 Management Server.
5.     Select either Local System or specify a domain user account for the agent action account.
6.     Complete the Agent Setup wizard.

7.     If you are using local policy to configure managed computers, create a new directory in the installation dir named "Certificates”.  Copy the WSUSSSLCert.cer and WSUSCodeSigningCert.cer to the new directory from the System Center Essentials 2007\Certificates directory on the Essentials management server.  Run the following utility, specifying the same settings submitted to the Feature Configuration Wizard on the Essentials 2007 Management Server (brackets indicate placeholders where you must supply a value

[InstallDirectory]\SCECertPolicyConfigUtil.exe /PolicyType local /ManagementGroup [Essentials Management Server netbios name]_MG /SCEServer SCEServer.FQDN /AEMFileShare \\SCESERVER.FQDN\[AEMPATH] /AEMPort [port] /ConfigureRemoteControl [true/false] /ConfigureAEM [true/false]


Create a new access rule for the Essentials agent in ISA
1.     Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2.     Expand the Firewall Policy node under the desired computer in the navigation pane, and click Create Access Rule in the tasks pane.
1.     Name the access rule Essentials Agent, and click Next.
2.     On the Rule Action page, select Allow and click Next.
3.     In This rules applies to, select Selected protocols and click Add.
4.     In the Add Protocols dialog box, click New, and then click Protocol.
5.     In the New Protocol Definition Wizard, enter TCP 5723 (HealthService).
6.     On the Primary Connection Information page, click New.
7.     On the New/Edit Protocol Information page, enter 5723 both in the From and To boxes, and click OK.
8.     On the Secondary Connections page, click Next and then click Finish.
9.     In the Add Protocols dialog box, click New, and then click Protocol.
10.  In the New Protocol Definition Wizard, enter TCP 8530 (UpdateServices).
11.  On the Primary Connection Information page, click New.
12.  On the New/Edit Protocol Information page, enter 8530 both in the From and To boxes, and click OK.
13.  On the Secondary Connections page, click Next and then click Finish.
14.  In the Add Protocols dialog box, click New, and then click Protocol.
15.  In the New Protocol Definition Wizard, enter TCP 8531 (UpdateServices).
16.  On the Primary Connection Information page, click New.
17.  On the New/Edit Protocol Information page, enter 8531 both in the From and To boxes, and click OK.
18.  On the Secondary Connections page, click Next and then click Finish.
19.  In the Add Protocols dialog box, click New, and then click Protocol.
20.  In the New Protocol Definition Wizard, enter TCP 51906 (AEM).
21.  On the Primary Connection Information page, click New.
22.  On the New/Edit Protocol Information page, enter 51906 both in the From and To boxes, and click OK.
23.  On the Secondary Connections page, click Next and then click Finish.
24.  On the Primary Connection Information page, click Next.
25.  On the Secondary Connections page, click Next.
26.  On the Completing the New Protocol Definition Wizard page, click Finish.
27.  In the Add Protocols dialog box, expand the User-Defined folder, select TCP 5723 (HealthService), TCP 8530 (UpdateServices), TCP 8531 (UpdateServices) and TCP 51906 (AEM), and click Add.
28.  Click Close to close the Add Protocols dialog box.
29.  On the Protocols page of the New Access Rule wizard, click Next.
30.  In the Access Rule Sources dialog box, click Add.
31.  In the Add Protocols dialog box, expand the Networks folder, select Local Host, and click Add and then click Close.
32.  On the Access Rule Destinations page of the New Access Rule wizard, click Next.
33.  In the Add Network Entities dialog box, expand the Networks folder, select Internal and click Add and then click Close.
34.  On the Access Rule Destinations page of the New Access Rule wizard, click Next.
35.  In the User Sets dialog box, click Next.
36.  On the Completing the New Access Rule Wizard page, click Finish.
37.  Click Apply to save changes and update the configuration.

< Message edited by elmajdal -- 22.Mar.2008 12:38:21 PM >

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to myrtwebb)
Post #: 2
RE: Using ISA 2006 with SCE 2007 - 22.Mar.2008 1:12:48 PM   
myrtwebb

 

Posts: 8
Joined: 3.May2005
From: Montana
Status: offline 		Thank you. I will let you know how it works.

(in reply to elmajdal)
Post #: 3
RE: Using ISA 2006 with SCE 2007 - 25.Mar.2008 10:38:38 AM   
myrtwebb

 

Posts: 8
Joined: 3.May2005
From: Montana
Status: offline 		Your directions worked. Thanks a bunch!!!

(in reply to elmajdal)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Using ISA 2006 with SCE 2007 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts