How To: Setup Replication for WebFilter ISA/TMG

From burstekwiki
Jump to: navigation, search


Contents

Configure replication among multiple ISA/TMG servers

Setting up the Source ISA/TMG Server and WebFilter Machine

  1. Launch the ISA/TMG Server console

  2. Right click on the Firewall Policy and select Edit System Policy (For TMG, right click on Firewall Policy, select ‘All Tasks’ | ‘System Policy’| ‘Edit System Policy’.)

  3. Click the Authentication Services folder

  4. Un-Check the Enforce strict RPC compliance item

  5. Click OK (There will be a delay of 5 -30 seconds before ISA/TMG becomes responsive)

  6. Click the Apply button to apply the changes

Setting up ISA/TMG to Allow Connections on The Static Port and the RPC All Interfaces Port

  1. Launch the Microsoft ISA/TMG Management Console

  2. On the left hand pane select “Firewall Policy”, click on the “Tasks” tab in the right hand Pane

  3. Click on “Create Access Rule”, type in a name for the access rule, and then click Next

  4. Select “Allow” for the rule action and then click Next

  5. In the protocols page, select the “drop down menu under this rule applies to” and select the Selected Protocols option

  6. Click the Add button to add a protocol and then select New -> Protocol

  7. Type in a name for the protocol, then click the Next button

  8. Click the New button, then select TCP for the protocol type and select Outbound for the direction

  9. Enter the static port number that you want to use for replication

  10. Click Ok, and then click Next

  11. Select No to using secondary connections > Next > Finish

  12. Now you should be returned to the Add protocols window

  13. Click on the “+” next to the User Defined folder, select the protocol that you just created and click Add

  14. Click the “+” next to the All Protocols folder, select RPC (all interfaces) and click Add

  15. Click Close – > Next

  16. In the Access Rules Source screen (From Source), click the Add button

  17. Click the “+” next to the networks folder and select Local Host -> Add -> Close -> Next

  18. In the Access Rules Destination screen (Applies to), click the Add button

  19. Click the “+” next to the networks folder and select Internal

  20. Click Add ->Close -> Next

  21. In the User sets screen, click the Next button

  22. Click Finish

  23. Right click the newly created access policy, then click ‘Configure RPC protocol’

  24. Uncheck the box labeled ‘Enforce strict RPC compliance’

  25. Click Apply for the changes you made in ISA/TMG for the rule to take effect

Entering a Domain Administrator Account into the FStorageSrv Service

  1. Click Start – > Control Panel -> Administrative Tools -> Services

  2. Locate the FStorageSrv Service, right click on it and select Properties

  3. Click the Log On tab, and click the This Account button

  4. Enter a Domain Administrator account with access privileges for the machine you will be replicating to

  5. Click Apply -> OK

  6. Restart the service to apply the changes

  7. Repeat Step 3 From Above and Enter the Same Domain Admin Account into the FStorageSrv Service on the Destination Server

We are now finished with the replication server. All of the following instructions will take place on the destination server (the ISA/TMG server you will be replicating to).

Setting up a Static Port for Replication on the Destination Server

  1. Click Start -> Run and type dcomcnfg

  2. Click OK

  3. Click the “+” sign next to component services -> Computers -> My Computer

  4. Select My Computer and double click on the DCOM Config folder

  5. Right click on the FStorageSrv item -> Properties

  6. Click on the Endpoints tab -> Add -> Connection Oriented TCP/IP

  7. Select the Use Static Endpoint Button and enter the port number you selected for replication (You previously set this port in step 2)

  8. Click OK -> Apply -> OK

  9. Close the Component Services Console

  10. Repeat Step 1 From Above to Remove Strict RPC Compliance From the Destination ISA/TMG Server

Setting up ISA/TMG to Allow Connections on The Static Port and the RPC. All Interfaces Port on the Destination Server.

  1. Launch the Microsoft ISA/TMG Management Console

  2. On the left hand pane select “Firewall Policy”, then click on the “Tasks” tab in the right hand Pane

  3. Click on “Create Access Rule”, type in a name for the access rule, and then click Next

  4. Select “Allow” for the rule action and then click Next

  5. In the protocols page, select the “drop down menu under this rule applies to” and select the Selected Protocols option

  6. Click the Add button to add a protocol and then select New -> Protocol

  7. Type in a name for the protocol, then click the Next button

  8. Click the New button, then select TCP for the protocol type and select Outbound for the direction

  9. Enter the static port number that you want to use for replication (use the same port that you set previously on the Replication server)

  10. Click Ok, and then click Next

  11. Select No to using secondary connections -> Next -> Finish

  12. Now you should be returned to the Add protocols window

  13. Click on the “+” next to the User Defined folder, select the protocol that you just created and click Add

  14. Click the “+” next to the All Protocols folder, select RPC (all interfaces) and click Add

  15. Click Close -> Next

  16. In the Access Rules Source screen (From Source), click the Add button

  17. Click the “+” next to the networks folder and select Internal -> Add -> Close -> Next

  18. In the Access Rules Destination screen (Applies to), click the Add button

  19. Click the “+” next to the networks folder and select Local Host

  20. Click Add ->Close -> Next

  21. In the User sets screen, click the Next button

  22. Click Finish

  23. Right click the newly created access policy, then click ‘Configure RPC protocol’

  24. Uncheck the box labeled ‘Enforce strict RPC compliance’

  25. Click Apply for the changes you made in ISA for the rule to take effect

Note Note: For TMG Servers, a local ‘Windows Firewall’ inbound rule allowing the custom RPC port from the replication server must be configured as well. To do this:

  1. Click Start – > Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security

  2. Navigate to the ‘Inbound Rules’ section and create a new rule which allows the desired TCP port from the replication server

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox