jueves, 5 de mayo de 2011

Connection broken between ISA FW and ISA Storage conf.

The only case that I see this issue is when the cert on ADAM instance was expire, but I have the same issue with a intermediate Verising cert for an application.

Verising has two new cert for SLL apps, so take care with those because there is one that has problem with ISA server:

1.

2.

Those certs has a different serial number version, on one of those there is something wrong because when we paste it on the server, isa server stop to work:

VeriSign Class 3 Public Primary Certification Authority - G5 (serial number)

1b 09 3b 78 60 96 da 37 bb a4 51 94 46 c8 96 78 --- wrong cert

18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a--- wrong cert

25 0c e8 e0 30 61 2e 9f 2b 89 f7 05 4d 7c f8 fd --- correct cert

Solution:

Just replace the cert for the correct one and the problem will be solved.

3.

4.

On this document there is information about How to Securely Publish a Configuration Storage Server in ISA Server 2006 and also how to change an expiate certificate:

http://technet.microsoft.com/en-us/library/bb794830.aspx

How to Back Up and Restore an ISA Server Enterprise Configuration (Enterprise Edition)

http://technet.microsoft.com/en-us/library/bb794757.aspx

In ISA Server 2006 EE the configuration is stored in ADAM (Active Directory Application Mode)
Connect to you ADAM ADSI Edit
Server Name: localhost and port: 2171
Connect to the following node:
Distinguished name (DN) or namingContext: CN=FPC2
Navigate to CN=Array-Root
CN=Arrays
CN={ID of your Array}
CN=ArrayPolicy
CN=PolicyRules
CN={ID of the bad rule}

5.

Publicado por en No hay comentarios:

How to delete Logs in a Exchange 2007 CCR

Here is the process to manually remove log files. As a reminder once this is done you will NOT be able to perform an incremental backup until a FULL backup is completed.


1. Suspend replication on the server
a. Get-StorageGroup -Server | Suspend-StorageGroupCopy
2. On the passive node check the database header to find out the logs required.
a. Eseuil /mh (the ‘State’ will be Dirty Shutdown, this is expected and not an issue).
b. Look for ‘Log Required’. This will tell you which logs CANNOT be removed. Anything before those logs are safe to remove.
i. Looking at the sample below, Logs Exx00004A42-Exx00004A45 cannot be removed. Logs Exx00004A41 and earlier can be removed. (Exx will depend on the SG…can be E00, E01, E02, etc.)
3. Resume replication on the server
a. Get-StorageGroup -Server | Resume-StorageGroupCopy
4. Run Get-StorageGroupCopyStatus and check that CopyQueueLength and ReplayQueueLength are 0
5. Perform a switchover using Move-ClusteredMailboxServer and repeast the process on the former active (now newly passive) node.
6. Perform a FULL Backup. All previous backups are now invalid.

[PS] C:\>eseutil /mh F:\CCRMBX1\CCR-SG4.edb
Extensible Storage Engine Utilities for Microsoft(R) Exchange Server
Version 08.02
Copyright (C) Microsoft Corporation. All Rights Reserved.
Initiating FILE DUMP mode...
File Type: Database
Format ulMagic: 0x89abcdef
Engine ulMagic: 0x89abcdef
Format ulVersion: 0x620,12
Engine ulVersion: 0x620,12
Created ulVersion: 0x620,12
DB Signature: Create time:11/25/2008 16:50:25 Rand:102284345 Computer:
cbDbPage: 8192
dbtime: 165542 (0x286a6)
State: Dirty Shutdown
Log Required: 19010-19013 (0x4a42-0x4a45)

Also here there is a procedure to run a backup with windows 2008:

http://technet.microsoft.com/en-us/library/ee221177(EXCHG.80).aspx
Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)