Iím aware of the general consensus on this site to have the array joined to domain, but Iím not looking to discuss that here. That being said, I'm attempting to install ISA array in a workgroup, but the install fails to connect to CSS (in domain). There is a firewall between CSS and array.
I can resolve all servers each way and I've successfully imported root and server certs. My main question is what ports are required to/from CSS and array members. I currently have open, -port 2172 from array to CSS -port 636 from array to DC -port 80 from array to CA (I was having problem with CRL lookup). May move replica CRL and close this port
Do I need port 2171 from CSS to array open for this scenario or does 2172 need to be open both ways?
I appreciate your responses, but I figured out the answer to my question. Port 2171 is required open on firewall, one way from array to CSS, for install to complete. I don't believe you need this port open after the install is complete as ISA should be using 2172 going forward (have not verified this) in a workgroup scenario. Iíll verify and close port if true. Thanks.