Remote Management in ISA Server 2006

Remote Desktop Connection is a tool that most administrator used to remote the servers in the Datacenter.

Scenario:

“Alicia is a server administrator. She would like to implement and install ISA Server 2006 in their network infrastructe. Usually, all servers she’s handle can be remote by her in her desk only. After she installed ISA Server 2006, the remote deskop connection fails.. She suspects that she failed to remote all servers after she installed the ISA Server 2006”.

Possible Solution:

By default, after she finished installing and running the ISA Server in the organization, ISA started to block the remote desktops. Also, the ISA Server also cannot be managed remotely.

The solution is that Alicia must configure the Remote Management Computer properties in the ISA Server Management.

Open the ISA Server Managment and go to the toolbox on the right pane.

Search for the Computer Sets in the network objects. Then choose Remote Management Computer. In the properties, she may add what servers she needs to remote. She can add the ip address range and also subnet that the servers run.

Click Apply for saving the changes.

That’s all…

ISA Server: Create New rule

I would like to show you on how to create new rule to allow all users in the ogranization can connect to the Internet by allowing all outbound traffic. The reason I do this, is to make sure that the users can browse to the internet. After succeed, you may filter or make new rules to deny outbound traffics that comfort to your organization’s needs.

Allowing All user to connect to the internet. Firstly, Go to the Firewall Policy and right-click -> Access Rule

Figure 1

Second step, give a name for the new rule. In my case, i create the rule named “Permit All Outbund Traffic”. .Then, click Next

 Figure 2

In the Rule Action, choose “Allow” -> Click Next

In Protocols, I select “All outbound traffic”. -> Click Next (figure 3)

Figure 3

Next step is to select the Internal network which is a source that access the Internet.So, in Access Rules Source, you click on Add button ->Click on (-ve sign) Network and select Internal and click Add. (just like in Figure 4).

Figure 4

In a destination, you may have to add the external network so that the traffic may going out to the external or to the gateway just like in Figure 5

Figure 5

For a further step, leave as default at the user sets and click next. and finally finish.

please don’t forget to click Apply to save changes in the ISA so that ISA may take the effect for the new rule. For few seconds, all users in the internal network would be able to browse internet.

In my conclusion, it’s not a good idea to allow all users to have access on all outbound traffics. In ISA server, you can make some changes such as to deny AOL or MSN Messenger in your internal LAN.

Part 2: What to know about ISA Server 2004/2006 after installation

Hello, back to ISA server. ISA Server 2006 is not much different with ISA Server 2004. In ISA 2006, there are few features are new if you can see such as publishing on OWA web..

if you succeed with the installation on part 1 that I’ve showed you, you are good to go with part 2..

Let’s say that your network infrastructure is simple like below:

 Figure 1

I can see that ISA server becomes your gateway in the internal network.

After installation of ISA Server in your LAN, your client and other server that tried to connect to the Internet will not work.

 In ISA Server 2000, after we installed the ISA, the internet starts working and it’s just like Internet Connection Sharing.

However, in ISA Server 2004 and 2006 environment, BY DEFAULT after the installation, the default rule in Firewall Policy denying all traffic in all network to connect to the Internet. this is a predefined deny access that was created by default.

To make sure that your LAN can or able to connect to the Internet, you have to create new rule in firewall policy to allow the all outbound traffic in the internal network.

If your clients/users still can’t connect to the internet, check the default gateway on the external network where in this figure 1 above, router’s IP address would be your default gateway.

if the problem still persists, check your internal network of  TCP/IP configuration where you put an IP address for DNS server.

addition, if you already put the IP address of DNS server (Internal Network), you have to go to DNS Server. In this case, my DNS server is 192.168.0.4 (hostname DNS). Go to DNS in administrative tools and select the dns server – right click and select properties. What we have to add in the properties, is to add ISP DNS server at the Forwarders tab. Then, ping your ISP DNS server’s IP address. this should be work right now.

see you for the next topics.. Thank you.. 🙂

ISA SERVER 2006: Installation part 1

Hi, I like to show you on a way simply to install ISA Server 2006.

Run the CD of the ISA Server 2006

                    Figure 1

               move your cursor to click on “Instal ISA Server 2006”

              Then, the initial component starts running to check your server. If the warning  pops up…it would be your windows server 2003 does not get the latest service pack. To run ISA Server 2006, it must be at least Windows 2003 SP1 or later.

If your windows server 2003 SP1 or later, that would be no problem, and it will run smoothly on this installation.

Figure 2

The above figure would be a next step. Just simply click Next to proceed.

Then, the License Agreement will be appeared. Please select “I accept the agrrement” like figure below.

Figure 3

Enter a serial key for next step

Figure 4

 

For a next step, is to set up the scenario on how you want your ISA server should be.

In my condition, I would install ISA server together with Configuration Storage Server. This is because, I have no Configuration Storage Server installed before.

Figure 5

Then, click Next. You will be asked what component should you install in Component selection. Just keep the default setting and click next.

Then, since I install the first ISA server, i would select on  creating a new isa server like figure below.

 Figure 6.

On New Enterprise Warning will be appeard after you click Next on figure 6. Proceed on Next step.

 

 

Figure 7

Fill in the username and password. Since we join the ISA server into a domain controller, do insert the administrator username and password for proceeding to the next step.

figure 8

figure 9

 

Figure 8 and 9 is a continous step to add the network ip address for your LAN. In my way, I choose to create the range of my IP address. Let’s say my range is 192.168.0.0 to 192.168.0.255. For your ease of configuration, you may choose to add “Adapter” and it will automatically add the IP range based on what your IP for internal network.

*Please be careful on above step (Figure 8 & 9). once you have made mistake on this configuration, your ISA server would not configure properly and not functional especially in internet and firewall service.

For further step, after finishing on adding the address, it will ask about the firewall client connection tab. leave it as default and click Next.

In Services Warning tab, it will tells or inform you the services that would be stopped till it ready to install.

Figure 10.

Finally, Figure 10 would ready to install. click to Install. On this last step, server needs to be restarted as we’ve finished installation….

Then, I will continue to write about ISA Server 2006 what will happened after you are ready to manage such firewall policy and so on.. see you all for next chapter on ISA Server 2006, configuring.

 

 

System Requirement : ISA Server 2004 & ISA Server 2006

I’ve been reading the getting started topic on ISA server 2006 before i was doing any thing on installation. the system requirement is important..I’ve been doing ISA server since ISA server 2000 and ISA Server 2004.

On ISA Server 2004, the system requirements are as follow below:

-> computer that has processor with 550MHz or higher.

-> we can install it in windows server 2000 or 2003

-> Memory: 256MB

-> I need 2 Netwokr Card
1 card is for connecting to external network (internet, router)
1 card is for connecting internal network ( our LAN structure)

-> hard disk should be formatted in NTFS partition.
it would be better a larger hard disk capacity for caching if you install as web caching / web proxy..

On the other hand, ISA Server 2006’s system requirement

-> a processor more than 733MHz pentium 3 / 4

-> Memory: 512 MB

-> NTFS hard disk parition with 150MB available space

-> Network Adapater must have 2 or 3 depending on how we design such as for NLB, perimeter network or DMZ, and another network should be connected to Internet and another network should be connected to Internal Network.

see ya later for next installation or configuration..

configuring outlook anywhere RPC office 2007 in Windows 7

so many weeks, i’ve been searching solutions in configuring outlook using outlook anywhere in windows 7.

some build version of windows 7, did not work with very well in outlook configuration…

I still have no solutions for this.

What I’ve done.

– > I install Microsoft Office 2007 suite until it completes.

-> I install certificates which based on what we set on server certificate for outlook web access (OWA) in the internet.

    for example: owa.netoverme.abc

    put it into Trusted Root Certification.

-> then, go to “Mail” in Control Panel -> Create Profile ->Click OK.

-> it will proceed to outlook mail configuration. just tick the checkbox for manual setting. go to connection tab and you  will see the outlook anywhere.

-> there you will see rpc proxy setting

then click ok. it will return to earlier configuration. see figure below:

 

in my case, my exchange server in internal is “exchange.netoverme.xxx” and put the email address of user to be configured. then click “Check Name”.

then, what happen? for first time configuration, you will panic. it will pop up the credential.ooo… the credential ask you to put your user name and password… not the Administrator credential…it is the user.

How do you know it’s successful or not? it’s simply easy. your email address you entered in the user’s input box, will automatically changed to your full name and it’s been underlined together with the exchange server.

if it is unsuccessful, the warning should be appeared and on the username, your name is not appeared with underline.

Usually, the warning would be like this.. “the action cannot be completed. the connection of exchange server and outlook is unvailable….etc”..

if you think your configuration is correct, try to deactivate your windows firewall, and check the router if you used in the network..

try it… have fun.. but i am not..hehehe