Red Line Software - we help you manage the efficiency of your office operations.

This is the second part article of a four part article series which will show you how to install and configuring ISA Server 2004 Enterprise Edition on two ISA Server Firewall members.  

These article series will contain the following articles:

• Installing ISA Server 2004 Enterprise Edition – Part I – Installing and Configuring the Configuration Storage Server
• Installing ISA Server 2004 Enterprise Edition – Part II – Installing ISA Server 2004 Firewall on two Servers
• Administering ISA Server 2004 Enterprise Arrays
• Enabling CARP and NLB in ISA Server 2004 Enterprise

If you have more ideas about ISA Server 2004 Enterprise articles, please let me know and I will check if your idea could be part of a new article.

Let's begin

For this article series we have the following configuration:

First start the Configuration Storage Server and check the event logs for errors. If everything is fine, insert the ISA Server 2004 CD into the first Windows Server 2003 machine and start the setup process. Select Install ISA Server services (Figure 1).

Figure 1: Install ISA Server services

This setup option installs the ISA Server components and ISA Server Management. If you wish to install additional components select the required features (Figure 2).

Figure 2: Select ISA Server components

In the next installation screen (Figure 3) you must specify the Configuration Storage Server and the credentials for connecting to this server.

Figure 3: Select the Configuration Storage Server

Select Join an existing array. To join an existing array the installation account must have ISA Server Array Administrator privileges. You will learn more about ISA Server permissions and delegation feature in the next article of this article series on http://www.isaserver.org/.

Figure 4: Join an existing Array

Select the Array Name MainArray (Figure 5).  You must have Array Administrator rights to install the ISA Server Firewall into the existing Array.

Port requirements for ISA Server communication

ISA Server components require several ports to communicate with other Configuration Storage Servers, ISA Server Firewall members and ISA Server Management computers.

MS Firewall Storage

MS Firewall Storage is an inbound LDAP-based protocol. It uses port 2172 for SSL connections and port 2171 for non-SSL connections. Array Members communicate with the Configuration Storage Server using the MS Firewall Storage protocol. Computers running the ISA Server Management console also use the MS Firewall Storage protocol to read and write from the Configuration Storage Server.

MS Firewall Storage Replication

This protocol is an outbound TCP protocol, which is defined on port 2173. MS Firewall Storage Replication is used for configuration replication between Configuration Storage Servers. 

MS Firewall Control

This is another outbound TCP protocol and is defined on port 3847. It is used for communications between ISA Server Management and computers running ISA Server services.

Remote Procedure Call (RPC)

To monitor server performance, the ISA Server Management computer requires remote procedure call (RPC) connectivity to the ISA Server computers.

Figure 5: Specify the Array this ISA Server computer will join

Select Windows authentication (Figure 6) because we are deploying ISA Server services and the Configuration Storage Server in the same domain so that the connection will be encrypted (signed and sealed).

Figure 6: Select Windows authentication

Specify the IP address range for the internal network. The internal IP address range will be protected from ISA Server 2004 Enterprise. It is also possible to select Enterprise networks but we haven't created an Enterprise network in our ISA Server Array and you will learn in an upcoming article what Enterprise networks are.

Figure 7: Specify the internal IP address ranges

During installation, some services running locally on this computer may be restarted or disabled (Figure 8) and some services will be disabled during installation.

Figure 8: Disabled Services and Services to restart

After finishing setup you must restart the Server so that the configuration changes take effect.

Figure 9: Click Yes to restart the Server 

Repeat these steps installing ISA Server 2004 Firewall services on the second ISA Server.
After installing the second Server restart this server and after both ISA Server nodes are rebooted, you can start the ISA Server Management console and navigate to Arrays-Main Array-Configuration-Servers to see if both servers are operational. If everything is fine you will see a green icon (Figure 10) on every ISA Server object.

Figure 10: Congratulations. You have successfully installed your first ISA Server 2004 Enterprise Array with two ISA Array Members.

Conclusion

As you have seen in this article, it is not so hard to install ISA Server 2004 Firewall Array members. The third article will deal with the administration of ISA Server 2004 Array members and ISA Server 2004 Arrays.

These article series will contain the following articles:

• Installing ISA Server 2004 Enterprise Edition – Part I – Installing and Configuring the Configuration Storage Server
• Installing ISA Server 2004 Enterprise Edition – Part II – Installing ISA Server 2004 Firewall on two Servers
• Administering ISA Server 2004 Enterprise Arrays
• Enabling CARP and NLB in ISA Server 2004 Enterprise

Related Links

Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx

Introduction to Branch Deployment of ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/intro_to_branch_deployment_ee.mspx

ISA Server 2004 Enterprise Edition in a Workgroup
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/workgroup_ee.mspx

Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/network_load_balancing_ee.mspx

Troubleshooting Host IDs in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/hostid.mspx

Troubleshooting Network Load Balancing in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ts_nlb_ee.mspx

ISA Server 2004 Enterprise Edition Configuration Guide
http://download.microsoft.com/download/6/9/0/690d2ee7-a4e0-4c0a-80d4-1e30ebcac1de/isa_2004_ee_configuration_guide.doc

Renaming Configuration Storage Servers in ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/renamecss_ee.mspx

Author: Mark Grote

Marc Grote is a MCSA/MCSE Messaging & Security and Microsoft Certified Trainer. He is working as a freelance IT Trainer and Consultant in the north of Germany and as an part time employee of Invenate GmbH in Hanover (Germany). He is working there as an consultant for Microsoft Server infrastructure. You will find more information about Invenate here http://www.invenate.de. He is specialized in ISA Server, Exchange, Security on Windows 2000 and Windows Server 2003 designs, migrations and implementations and Citrix Metaframe / Cisco implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server. You can visit his homepage on http://www.it-training-grote.de.