• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

One Server Show (all ON one)

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> One Server Show (all ON one) Page: [1]
Message << Older Topic   Newer Topic >>
One Server Show (all ON one) - 31.Oct.2004 1:55:00 AM   


Posts: 38
Joined: 31.Oct.2004
From: Riyadh - KSA
Status: offline
Hi All,
Did anyone discussed how to install and configure E2K3 on the same server with ISA2K4 here?
I have very nice client who has one H/W with two NICs and want to install DC,E2K3, and ISA2K4 on it. And it has a public static IP, so he wish to use OWA as will. I know this is hard (stupid "[Smile]" ) but lets do the chalange, I've finished the DC and E2K3 part, any ideas how to install ISA2K4 on the same box??

[ November 01, 2004, 12:11 PM: Message edited by: Kinan Akel ]
Post #: 1
RE: One Server Show (all ON one) - 31.Oct.2004 5:37:00 PM   


Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kinan,

It might be possible, but it's not supported.

I haven't figure out the scenairo because it would take many, many hours to troubleshoot and do the regression testing to see what we're breaking by doing this, and what security holes we create.


(in reply to kinan)
Post #: 2
RE: One Server Show (all ON one) - 1.Nov.2004 9:30:00 AM   


Posts: 38
Joined: 31.Oct.2004
From: Riyadh - KSA
Status: offline
Hi Tom,
Thanks for passing by. Okay, for that I'll use this thread as a referance for my self and (hopefuly) for others, I'll document every thing I'm going to do during this try.

See you later with the first part [Wink]

(in reply to kinan)
Post #: 3
RE: One Server Show (all ON one) - 1.Nov.2004 12:36:00 PM   


Posts: 38
Joined: 31.Oct.2004
From: Riyadh - KSA
Status: offline
I've changed the title cause the new one is more real [Wink] SO here we go:
An HP Proliant ML370 with:
Dual Xeon CPUs
2.0 GB of RAM
3x36 GB RAID 5 HDD
Two NICs
External NIC:
IP: 82.x.x.x / 24
GW: 82.x.x.1 / 24
DNS: (strange huh)
Internal NIC:
IP: / 24
GW: (what? Am I crazy to set more than one gateway on Windows system?)
Windows 2003 Standard Edition
Latest updates and patches
IIS 6.0 (including ASP.NET, SMTP, NNTP, and WWW services)
Remote Access Serives
Additional System Tools are installed (found on Win CD)
AntiVirus Installed
Installed and configured local DNS service with both forward and reverse zones. In reverse zones, I've created both 10.x.x.x and 82.x.x.x zones
Configured DNS server to accept calls from internal IP only. And configured forwarders to point to the two DNS servers of my ISP, this is the only way I found to prevent the external interface from disappearing from the vertual SMTP server in Exchange.
Installed and configured local DHCP server, and confugred and activated a scope.
Installed and configured WINS (it's needed for some clients).
Run "DCPromo" and build new forest/tree/domain. MyCompany.com, NetBIOS name MYCOMPANY.
Use NetDiag and DCDiag for health check. This is important [Razz]
Install SQL 2000 with SP3 (For ISA logging and SPS later)
Install Windows CA services as Stand-Alone Root.
They don't wanna buy one [Big Grin]

Now... wait for the next step please....
On hold................................................................................................................................................................................ ....................................... [Cool]

(in reply to kinan)
Post #: 4
RE: One Server Show (all ON one) - 2.Nov.2004 12:23:00 PM   


Posts: 38
Joined: 31.Oct.2004
From: Riyadh - KSA
Status: offline
So, the OS is now ready with AD installed on it. Clients can get an IP address with all additional information including the (252 - WPAD) for autoconfig proxy.
Who's next?
Ofcourse the Exchange server.
So I've installed the Exchange 2003 server, there was no much configuration there.
Tested the SMTP/POP3/OWA on both interfaces and they are working just fine.
To secure the traffic, generated an SSL certifcate from the local CA and imported it to the IIS.
Created an ASP page (default.asp) at the wwwroot folder with the following content:
============Code start============
^%@ LANGUAGE="VBScript" %^
^% Response.Redirect ("https://mycompany.com/exchange") %^
============Code End============
((CHANGE all ^ with parentheses as needed))
Again test the secure OWA, and the redirecting from http://mail.mycompany.com to https://mycompany.com/exchange and it works just fine.
Set the Exchange limitations and other SMTP needed addresses.

On hold... ... . .. . . .. ... .... .. .. .. . .

(in reply to kinan)
Post #: 5
RE: One Server Show (all ON one) - 3.Nov.2004 10:38:00 AM   


Posts: 38
Joined: 31.Oct.2004
From: Riyadh - KSA
Status: offline
Hi Again [Wink]
Now, all up and running, start installing ISA.
During installation, nothing special except, I've removed the MSDE because I have already the SQL there. And I didn't install the message screener, although I know I'll use it later, but just for a while I need less components to work.
As Tom said in his replay, it's very hard to trubleshoot the problems in such case.
Configuring ISA (The Real War)
The first noticable issue, is the clients are not receiving DHCP,DNS information any more. Okay, first rule should allow DHCP and DNS, but wait, I need more than these two ports. So basically, and till I found all needed ports, I've opend all the traffic between "local host" and "internal". [Big Grin]
Yes, I've lost the firewall functionality for internal, but do you really think someone from inside a company, which cannot afford additional server, will attack this system? [Wink] I HOPE not [Razz]
Okay, now open incoming and outgoing SMTP on the external interface.
The same for POP3 and finally the HTTP/HTTPS. Don't ask why I didn't use the OWA wizard, cause it scrwed the situation every time I tried it.
It was much easier to allow incoming "HTTP Server/HTTPS Server "(as it will be already handeled by the local IIS) and allow outgoing HTTP/HTTPS.
Finally, this works fine, but still not satisfied, I don't want the internal interface to be opened the way it's now.
I'm working on this right now.
So till then, on hooooooooldddd . ........... ... ..... . .. ... . .... ... .. .. . .... ....... ... .... .... ... .... ... [Big Grin]

(in reply to kinan)
Post #: 6
RE: One Server Show (all ON one) - 10.Nov.2004 2:57:00 PM   

I have successfully ran a single machine with Windows 2000 Server, ISA Server 2000 & Exchange Server 2000 with IIS enabled with multi-homed websites as well as OWA, DNS, FTP server, Terminal Server for about 3 years now... has worked flawlessly! Now on the other hand we have installed a new computer with Windows 2003 Server, ISA Server 2004, Exchange Server 2003 and exported the AD to the new server but we have problems this time, hopefully the problems occur due to something which is misconfigured or some bug somwhere (look at this thread; http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=20;t=000664).
When SBS Server (Windows 2000 Server, Exchange 2000 & ISA Server 2000) used to contain ISA Server it sure has have to been the idea from Microsoft that it would and should be compatible on the same machine and I at least do not see any reason why it shouldn't work with the newer versions if set up properly, or?

(in reply to kinan)
  Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> One Server Show (all ON one) Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts