El dia Sabado estuve tratando un incoveniente con un cliente, el cual para ponerlos en escenario tenia instalado un ISA SERVER 2006 EE, funcionando correctamente , tenia la necesidad de agregar un segundo Nodo de ISA SERVER 2006.

Escenario:
Maquina instalada y funcionando
ISASRV01

1 Windows 2003 SP2 - ISA SERVER 2006 EE - Configuration Storage Server + Array Member

Maquina a Instalar
ISASRV02

1 Windows 2003 SP2 - ISA SERVER 2006 EE - Configuration Storage Server + Array Member
3 Placas de Red. 

LAN , Conectada a la Red Interna

DMZ ,  Conectada a la DMZ

Intra Array , Cable cruzado conectado de maquina a maquina para comunicacion entre servidores.

Al querer agregar la segunda maquina como una replica del Configuration storage server ISASRV01 , obtenia el siguiente error mientras se efectuaba la instalacion y luego daba un rolling Back, y se paraba la instalacion. El error que recibia era el siguiente.

"Setup was unable to update array storage data.  To update storage data, 
there must be connectivity between this computer and at least one ISA 
server array member and between that array member and the configuration
storage."

Pruebas efectuadas.
En primer punto se chequeo que el ISASRV01 estuvieran todos los servicios Arriba.
Se probo conectividad, utilizando ping desde ambas maquinas tenian conectividad una con la otra.

Despues de chequear y chequear , el cliente me comento que habian estado haciendo pruebas con NLB y luego sacaron un servidor antiguo, asi que me fui al ISASRV01 y empece a chequearlo.
El problema era el siguiente , cuando se tiene mas de un servidor ISA SERVER 2006 interconectados uno debe configurar mediante que placa de red se comunican los mismos,

Esto se hace desde,
Array - MyArray - Configuration - Servers
Ahi en mi server Boton derecho y Propiedades. En la solapa Communication la primer opcion es "Use This IP Addres for communication with array members"
Este campo tenia ingresado 0.0.0.0 solo se cambio esa opcion por la IP de la placa Intra Array Local.

Luego el Wizard siguio correctamente y se pudo efectuar la instalacion de manera correcta.

Bueno espero le sirva de ayuda a alguien :)

Una nueva version del Best Practices Analyzer , aqui les dejo algunas de las nuevas mejoras.   ( No tenia ganas de traducir todo :) )

 

The ISA Server Team is excited to announce the version 5.0 release of the Microsoft© ISA Server Best Practices Analyzer Tool (IsaBPA V5).

 

New in Version 5 of IsaBPA:

 

ü  ISA Data Packager (IDP) GUI – The IDP collects all information needed for troubleshooting with a single click. For this version, we added a GUI for our data collection tool. This GUI will allow easier configuration and better use of the IDP.

ü  BPA2Visio – we added a super cool application that takes the IsaBPA report and converts this report into a Visio network diagram, so that the ISA administrator or the support engineer can see how the ISA Server views its environment (networks, published web/non-web servers/server farms, CSS, VPN sites and clients). You need to have Visio 2003 or Visio 2007 installed on one of your machines (not necessary the ISA Server machine). Check out this screenshot! 

ü  We added new checks to Version 5. There are now 218 rules, and more than 900 settings are displayed. The focus of this release was to target Windows Server SP2 issues. This new suite joins the Hardware, Authentication, OWA, SSL Certificates, Site-to-site VPN with IPsec, WPLB, Branch Office, and logging suites that were introduced in previous IsaBPA versions.

ü  More documentation. The documentation (UE) team enhanced the Help file. It now contains more than 100 pages. You can now find which checks are being performed, how to operate the IsaBPA, and of course how to fix the found issues.

ü  Bug fixes. We fixed a few bugs that were discovered in the previous version.

 

You can get the IsaBPAv5 using the integrated live update mechanism or by simply going to http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en and downloading the new version. The tool requires .NET 1.1 framework and above.

 

Muchas veces los administradores de redes, precisamos hacer auditoria por ejemplo de la Navegacion en Internet que pasa por nuestro ISA SERVER. En principio y como regla basica para poder hacer una auditoria de este tipo , todos nuestros clientes deben salir a internet por el ISA ya sea como clientes Web Proxy o Secure Nat. Isa server 2006 trae de por si algunas opciones de reporte las mismas se encuentran en Monitoring - Reports  el problema es que no son muy completos y muy poco flexibles estos reportes , por lo cual podemos utilizar programas de terceros como GFI Web monitor.


Si asi y todo necesitamos hacer una auditoria utilizando la base de datos del ISA SERVER , veremos que la direccion IP aparece cifrada , aqui les dejo una respuesta de un post de Technet , donde se explica como descifrar este numero y pasarla a la lengua de Cervantes.

1. Primera abris la calculadora de Windows y la pones en la vista Cientifica.

2. Asegurate que este seleccionado el modo DEC y pegas tu número 3232236068 .

3. Ahora moves la selección de DEC a HEX eso como resultado te va a dar C0A802224 que son los 4 octetos juntos en HEXA, cada octeto son 2 números hexa.

4. Ahora tomas de a pares del número en HEXA y haces el procedimiento inverso por cada par en la calculadora y te queda conformada tu IP:

CA = 192

A8 = 168

02 = 2

24 = 18

 

La IP que te muestra es 192.168.2.18 ==> C0.A8.02.24 ==> C0A80224 ==> 3232236068

One of the new features in ISA 2004 SP2 is Diffserv. Diffserv is a method of packet prioritization that applies to all web traffic passing through an ISA 2004 SP2 Server. Using the Diffserv Web filter, the ISA server can scan the Uniform Resource Locator (URL) or domain name and apply packet priority using DiffServ bits.

The Diffserv web filter has been given a high priority, and is near the top in the list of Web filters. The Diffserv web filter must be made aware of the size of the request/response being sent and has to inspect the data when it is being sent/recieved by the ISA server. It is crucial that you do not change the priority of the Diffserv web filter. Before we get started configuring this, you should be aware of the following: - Diffserv prioritization only applys to HTTP and HTTPS traffic - ISA may strip Diffserv bits for traffic using other protocols - First packet priority is not assigned to responses coming from the cache - By default, the size of the first chunk is not taken into account for first packet priority To begin, open the ISA Management MMC and expand the Configuration node and then click on General. Click on Specify Diffserv Preferences.

On the General tab, ensure the box next to "Allow the setting of Diffserv bits according to URLs and domain names" is checked.

On the Priorities tab, click Add to create a priority. Enter the name for the priority and the Diffserv Codepoint. The Codepoint is a 6-digit binary value which specifies the priority level. There is more information about the different Diffserv Codepoints at the end of this article. For this example we will use 100110 which is one of the high priority Codepoints.

Add another priority called Low and give it a value of 001010.

Next select the URLs tab and click Add. Enter the URL (wildcards are supported) and choose one of the priorities you created in the previous steps.

Here I have added two URLs, one with high priority and one with low.

URL Diffserv settings only apply to HTTP traffic. If you wish to set priorities to HTTPS traffic you must use the Domains setting.

Finally, under the Networks tab, you can choose which Network Sets to apply the Diffserv filter to.

Once you are done configuring the Diffserv preferences, apply the configuration to the ISA server and you are good to go!

For more information see: 

Esta es una entrada del Blog de Ingenieros de Isa server 2006 que habla de Problemas reportados tras la instalacion de Windows 2003 SP 2.

http://blogs.technet.com/isablog/archive/2007/03/27/isa-server-and-windows-server-2003-service-pack-2.aspx#713333