Hi All, Did anyone discussed how to install and configure E2K3 on the same server with ISA2K4 here? I have very nice client who has one H/W with two NICs and want to install DC,E2K3, and ISA2K4 on it. And it has a public static IP, so he wish to use OWA as will. I know this is hard (stupid ) but lets do the chalange, I've finished the DC and E2K3 part, any ideas how to install ISA2K4 on the same box??
I haven't figure out the scenairo because it would take many, many hours to troubleshoot and do the regression testing to see what we're breaking by doing this, and what security holes we create.
Hi Tom, Thanks for passing by. Okay, for that I'll use this thread as a referance for my self and (hopefuly) for others, I'll document every thing I'm going to do during this try.
Hi, I've changed the title cause the new one is more real SO here we go: ====== An HP Proliant ML370 with: Dual Xeon CPUs 2.0 GB of RAM 3x36 GB RAID 5 HDD Two NICs ====== External NIC: IP: 82.x.x.x / 24 GW: 82.x.x.1 / 24 DNS: 10.20.30.40 (strange huh) ====== Internal NIC: IP: 10.20.30.40 / 24 GW: (what? Am I crazy to set more than one gateway on Windows system?) DNS: 10.20.30.40 ====== Windows 2003 Standard Edition Latest updates and patches IIS 6.0 (including ASP.NET, SMTP, NNTP, and WWW services) DNS, DHCP, SNMP, and WINS Remote Access Serives Additional System Tools are installed (found on Win CD) AntiVirus Installed ====== Installed and configured local DNS service with both forward and reverse zones. In reverse zones, I've created both 10.x.x.x and 82.x.x.x zones Configured DNS server to accept calls from internal IP only. And configured forwarders to point to the two DNS servers of my ISP, this is the only way I found to prevent the external interface from disappearing from the vertual SMTP server in Exchange. ====== Installed and configured local DHCP server, and confugred and activated a scope. ====== Installed and configured WINS (it's needed for some clients). ====== Run "DCPromo" and build new forest/tree/domain. MyCompany.com, NetBIOS name MYCOMPANY. Use NetDiag and DCDiag for health check. This is important ====== Install SQL 2000 with SP3 (For ISA logging and SPS later) ====== Install Windows CA services as Stand-Alone Root. They don't wanna buy one ======
Now... wait for the next step please.... On hold................................................................................................................................................................................ .......................................
So, the OS is now ready with AD installed on it. Clients can get an IP address with all additional information including the (252 - WPAD) for autoconfig proxy. ================= Who's next? Ofcourse the Exchange server. So I've installed the Exchange 2003 server, there was no much configuration there. Tested the SMTP/POP3/OWA on both interfaces and they are working just fine. To secure the traffic, generated an SSL certifcate from the local CA and imported it to the IIS. Created an ASP page (default.asp) at the wwwroot folder with the following content: ============Code start============ ^%@ LANGUAGE="VBScript" %^ ^% Response.Redirect ("https://mycompany.com/exchange") %^ ============Code End============ ((CHANGE all ^ with parentheses as needed)) Again test the secure OWA, and the redirecting from http://mail.mycompany.com to https://mycompany.com/exchange and it works just fine. Set the Exchange limitations and other SMTP needed addresses.
Hi Again ===================== Now, all up and running, start installing ISA. During installation, nothing special except, I've removed the MSDE because I have already the SQL there. And I didn't install the message screener, although I know I'll use it later, but just for a while I need less components to work. As Tom said in his replay, it's very hard to trubleshoot the problems in such case. ==================== Configuring ISA (The Real War) The first noticable issue, is the clients are not receiving DHCP,DNS information any more. Okay, first rule should allow DHCP and DNS, but wait, I need more than these two ports. So basically, and till I found all needed ports, I've opend all the traffic between "local host" and "internal". Yes, I've lost the firewall functionality for internal, but do you really think someone from inside a company, which cannot afford additional server, will attack this system? I HOPE not Okay, now open incoming and outgoing SMTP on the external interface. The same for POP3 and finally the HTTP/HTTPS. Don't ask why I didn't use the OWA wizard, cause it scrwed the situation every time I tried it. It was much easier to allow incoming "HTTP Server/HTTPS Server "(as it will be already handeled by the local IIS) and allow outgoing HTTP/HTTPS. Finally, this works fine, but still not satisfied, I don't want the internal interface to be opened the way it's now. I'm working on this right now. So till then, on hooooooooldddd . ........... ... ..... . .. ... . .... ... .. .. . .... ....... ... .... .... ... .... ...
RE: One Server Show (all ON one) - 10.Nov.2004 2:57:00 PM
Guest
Kinan!
I have successfully ran a single machine with Windows 2000 Server, ISA Server 2000 & Exchange Server 2000 with IIS enabled with multi-homed websites as well as OWA, DNS, FTP server, Terminal Server for about 3 years now... has worked flawlessly! Now on the other hand we have installed a new computer with Windows 2003 Server, ISA Server 2004, Exchange Server 2003 and exported the AD to the new server but we have problems this time, hopefully the problems occur due to something which is misconfigured or some bug somwhere (look at this thread; http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=20;t=000664). When SBS Server (Windows 2000 Server, Exchange 2000 & ISA Server 2000) used to contain ISA Server it sure has have to been the idea from Microsoft that it would and should be compatible on the same machine and I at least do not see any reason why it shouldn't work with the newer versions if set up properly, or?