Announcement

Collapse
No announcement yet.

To use ISA or not to use ISA.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • To use ISA or not to use ISA.

    I am in a production environment. I am in a small government agency with 2
    servers, one being SBS 2003 Premium. (Other Windows 2000 member server.)

    Exchange is up and running. I will be using an external service
    (ExchangeDefender.com) as my front-end. This is for emails not other Exchange
    features.

    I want to give my external users OWA access as well as RPC over HTTP for
    their Outlook 2003.

    It seems the only way to do this is via ISA. Is that correct?

    I look at:
    http://download.microsoft.com/downlo...Setup_prem.htm

    and I start getting concerned what will happen to my server running the
    config wizard. My server has two NICS but I don't want to use the firewall on
    them. They are load balanced. I have another firewall at our Internet entry
    point.

    So my questions are:

    1) Must I use ISA - or better yet should I?
    2) Can I install it - even manually - without it changing my current network settings or causing down time? Then configure manually.
    3) RPC over HTTP is installed. I don't see ISA listed anywhere - even in
    Add/Remove Programs - Windows Components Wizard. Why isn't it listed as a
    component to add?

    Thanks!

    I shortcut the install process because of time and other issues. I
    stopped ISA install during this. I would like to install it now - if needed.

  • #2
    Re: To use ISA or not to use ISA.

    You don't need ISA.
    http://www.petri.com/configure_rpc_o...gle_server.htm
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: To use ISA or not to use ISA.

      I guess my biggest concern is performance. Without ISA can I except much less performance?

      All the external offices I support have Cable/DSL or Wireless - but especially adding SSL to the mix can I expect slow performance - without ISA?

      Thanks!

      Comment


      • #4
        Re: To use ISA or not to use ISA.

        Are you worried about the Exchange server's performance? Or bandwidth issues? Offloading some of the work to an ISA or Front End server will usually improve performance.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: To use ISA or not to use ISA.

          Jeremy:

          I followed those instructions and for the first time I got it to work! I am stoked!

          I took my laptop off-site (a laptop that has joined the domain) and I configured Outlook and it all worked.

          Now...if you will bear with me one more time...Machines that have not joined the Domain, external machines don't work. I know the answer is to export the Root Certificate from my DC and import it to each machine, but I really don't know how to do that. Can you help?

          My setup is a little different. I am using Certs I created on my DC. And...I am using my static external IP address instead of a FQDN. Just FYI.

          I set up my Cert I used our External IP for the Common Name. Seems to work.

          I did get one error from Exchange re: Certs. I created a previous one with my Server's Netbios name, then like I said, created this other one with the IP. When I clicked on Public Folders in the System Manager it said the "SSL Certificate server name is incorrect." I think it is using the previous one. How do I correct that?

          Thanks a bunch!

          Comment


          • #6
            Re: To use ISA or not to use ISA.

            This may help you with the client systems
            http://www.petri.com/obtain_digital_..._online_ca.htm

            To check/request/assign/transfer or some other cert tasks for the exchange server, open up the website for your exchange server in the IIS Manager, right click and go to properties. Select the Directory Security tab and click Server Certificate...
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: To use ISA or not to use ISA.

              I discovered that the certificate I placed on the Default Web site, stopped WSUS self-update from working. I pulled it and got it working again.

              I don't want SSL for WSUS. But how do I give Exchange a Certificate - which by default - is running under the Default Web Site?

              Am I forced to use certificat(es) for both to acomplish this? Do I have to create two certificates? Once for WSUS and one for Exchange?

              The certificates have to be different - because the Common Name between Internal and External is different. Internal: domainname.local, External: an IP address.

              Stuck at the moment.

              Thanks!

              Comment


              • #8
                Re: To use ISA or not to use ISA.

                So if you are not using ISA what is protecting your network? Firewall?
                TIA

                Steven Teiger [SBS-MVP(2003-2009)]
                http://www.wintra.co.il/
                sigpic
                Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                We donít stop playing because we grow old, we grow old because we stop playing.

                Comment


                • #9
                  Re: To use ISA or not to use ISA.

                  Yes. A SPI firewall at the Internet Entry point and Symantec Client Security on all machines. The servers just have antivirus - no firewall.

                  Would ISA solve the certificate problem?

                  Comment


                  • #10
                    Re: To use ISA or not to use ISA.

                    I don't know if what you have would work as I can't follow your configuration. But what I do know is that there is a document on the PremiumCD on how to install SQL/ISA. Then along with using 2 NICS and running the CEICWizard you (can) get a Firewall, VPN Server, RWW (Remote Web Workplace), Certificates for everything including your Mobile(s), and then there is a white paper on how to configure WSUS with SBS.
                    I fail to understand why people always want to re-invent the wheel and find unique setups. The SBS Development really have done a great job of making it easy for you and avoiding the kind of difficulties you are now in.
                    SBS is not complicated but it is rather complex to get all the various parts to work together. That is what the DEV team have done and we can all benefit from it.
                    TIA

                    Steven Teiger [SBS-MVP(2003-2009)]
                    http://www.wintra.co.il/
                    sigpic
                    Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                    We donít stop playing because we grow old, we grow old because we stop playing.

                    Comment


                    • #11
                      Re: To use ISA or not to use ISA.

                      teiger:

                      I had no intention of re-inventing the wheel - at all. Believe me.

                      CECIW wanted to configure my NICs - one for local one for internet. I didn't want to do that. (Then once the machine went into production I am concerned running it will goof it up!)

                      I just installed another new server...there was an active DHCP server. When it asked to install one I said no. I assumed I could go back. When no one was using the system, I installed DHCP, re-started CEICW and - got an error and it closed.

                      I am sure they do a great job. I just can never get through it!

                      My question is: can you assign two certs to the same web site? The reason for two certs is the common name is different. Internally it will be the servers names. Externally the IP address. That is all.

                      Or is ISA necessary to accomplish this?

                      (My servers' name is domainname.local. I do have a static IP external address but no external DNS name. When I created a cert with the IP address and accessed Outlook externally it worked great! Only problem was - it broke WSUS. Since WSUS uses the default web sites certs...)

                      Since I have never used ISA just want to know if it will handle the cert issues. Does ISA present a single SSL interface to the world without having to mess with certs on the IIS sites themselves? Does that make sense?

                      I greatly appreciate you hanging with me.

                      Comment


                      • #12
                        Re: To use ISA or not to use ISA.

                        Could you just setup another website and use it for WSUS?
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment

                        Working...
                        X