ISA Server cannot connect to the website located on a remote Site to Site IPSEC VPN network

PROBLEM:

Clients on the internal network of the ISA Server cannot connect to the website located on a remote Site to Site IPSEC VPN network.

CAUSE:

The Web Proxy filter associated with the default HTTP protocol defined on the ISA Server does a NAT for all HTTP traffic passing through it. IPSEC does not support NAT traffic.

 

RESOLUTION:

Creat a new protocol definition on the ISA Server with the name <Protocol Name> for outbound connections to TCP port 80 (Recommended) OR you may remove the Web Proxy Filter from default HTTP Protocol (not recommended)

ISA Server 2006 SP1

 

 

ISA Server 2006 SP1
Check about new changes in ISA Server 2006 SP1 at https://blogs.technet.com/isablog/archive/2008/05/23/isa-server-2006-service-pack-1-features.aspx 

 

 

 

Enjoy !!!

Security Considerations with Forefront Edge Virtual Deployments

http://technet.microsoft.com/hi-in/library/cc891502(en-us).aspx

Check the Best practices from Microsoft when using the ISA Server or TMG (Threat Management Gateway, the new version of ISA Server) on Hyper-V

Check the TMG at http://technet.microsoft.com/en-us/library/cc441438.aspx

Enjoy !!

Migrating from Windows 2000 Domain to Windows 2008

 

1. Verify that Windows 2000 SP4 have been installed on the Existing Windows 2000 Domain Controllers 
2. The domain functional level should be in Windows 2000 native mode for the Windows 2000 domain Controllers.

3. Upgrade the Windows 2000 forest schema by running "adprep /forestprep" command on Windows 2000 Server using the Setup CD for Windows 2008

4. Upgrade the Windows 2000 domain schema by running "adprep /domainprep" command on Windows 2000 Server
5. Install the Windows 2008 on a separate server and make it the member server of Windows 2000 domain Note: Windows 2008 is only supported on 64bit servers in production
6. Run DCPROMO on new server to promote it as an additional domain controller in existing Windows 2000 domain. Install the DNS Server during the Active Directory installation process
7. Enable Global Catalog on new server and manually Check Replication Topology
8. Disable Global Catalog on old server.
9. Use NTDSUTIL to transfer all the 5 FSMO roles from old server to new server. Run the commands in the below order.
   1. NTDSUtil
   2. Roles
   3. Connection
   4. Connect to server <Server name to which roles are to be transferred>
   5. Transfer <Server Role>
10. Switch off the existing Windows 2000 domains. Demote the servers only when you are sure that everything is working fine with Windows 2008 Servers

Enjoy !!

Microsoft Auto Collage 2008

 

Another amazing easy to use application from Microsoft. Check out the Auto Collage 2008 from Microsoft Research Team……

 

http://research.microsoft.com/autocollage/Default.aspx

 

Really Amazing !!!

 

Enjoy

Migrating from Exchange 2003 to Exchange 2007 SP1

Scenario:
===========
Company ABC is trying to introduce Exchange 2007 SP1 in their environment. They already have a Windows 2000, 2003 domain Controllers with Exchange 2003 running. Windows 2003 is the primary domain controller whereas Windows 2000 is an Additional Domain Controller. Windows 2003 Domain Controller is without SP1

 

Requirement:
============
Required to install Exchange 2007 SP1 and move the mail boxes to new Exchange 2007. Eventually, Exchange 2003 will be removed and Windows 2000 will also be demoted to member server. ABC needs an ADC with Windows 2003 still keeping Windows 2000.

Solution: Brief Step by Step process

 

Pre-Requisites:
===============
Windows 2003 SP2
Domain Functional Level raised to Windows 2000 Native Minimum
Dot Net Framework 2.0
Microsoft Management Console 3.0
IIS & WWW Installed

Updates:

               NDP-KB942084-x86
               Powershell – KB926139-x86
               TimeZoneUpdate-KB931836-x86

 

Steps:
======

1. Install a New Additional Domain Controller with in the same forest for existing domain
2. Install Windows 2003 SP1 on the newly created Domain Controller
3. Transfer the "Schema Master" role on the new ly created domains controller. check http://www.petri.co.il/transferring_fsmo_roles.htm
4. Demote the Windows 2000 domain and make it a member server
5. Install Windows 2003 on a new server and make it a member server to the existing domain.
6. Install Windows 2003 SP2 on the domain we created in step 5
7. Raise the domain Functional level of the existing domain to at least Windows 2000 Native.
8. Install all the pre-requisites mentioned above for the Exchange 2007 SP1 on the server we installed in Step 5
9. Go to CMD and go to the Exchange Setup FOlder. Run the below two commands on the Exchange Server 2007 machine

     setup.com /PrepareSchema
     setup.com /PrepareAD

10. Once completed, start the Exchange 2007 setup
11. When asked to browse for the existing Exchange organization, click browse and select the Bridge head server for the Exchange 2003 organization
12. Compelete the setup
13. Open Exchange 2007 console and go to Recipient Configuration > MailBox

14. It will show the mailboxes listed there. All Exchange 2003 Mailboxes will have "Legacy Mailbox" written next to them
15. Right click on the Mailbox you want to move and click "Move MailBox"
16. Click browse and select the new Exchange Server 2007 MailBox
17. Click Next and define the Global Catalog Server and Domain Controller
18. Then select immediately to move the mailbox immediately or you may schedule the movement
19. Once migrated, log off and login again on client machine. You would see the Outlook is updated to the new Server configuration.

 

 

Enjoy !!!