For an additional investment of $400 you receive dedicated class time on a specific subject with a noted industry expert. Select from one of these day-long workshops:
Visit the Tech-Ed website to see full descriptions of each seminar.
“… the port used for DAG log shipping and seeding, which is 64327 by default. Looking back at Exchange 2007 this is good; the port is static and DAGs use regular TCP, where CCR/SCR in Exchange 2007 uses 445 for log shipping (over SMB) and a dynamic port for seeding. And if it’s two things some network people hate it’s SMB and dynamic ports. On the other hand, 64327 in the dynamic range defined by IANA; according to IANA dynamic ports cannot be registered (claimed).
Fortunately, the port can be changed when required. To change the port for a DAG use the Set-DatabaseAvailabilityGroup cmdlet with the ReplicationPort parameter like this, where can be any number between 1 and 65535:
Set-DatabaseAvailabilityGroup -Identity DAGID -ReplicationPort
For a full list of the ports used by Exchange 2010, see the Exchange Network Port Reference.
Note that Exchange will not adjust the Windows Firewall rules accordingly, so you need to create a firewall exception on each DAG member to make replication work. Even better, you should do this before changing the DAG port to prevent interrupting the replication longer than necessary.”
adsutil set w3svc/EnableReverseDNS TRUEFor IIS5 and IIS6 run:
cscript adsutil.vbs set /wesvc/EnableReverseDNS “TRUE”In IIS7, you must install the IP and Domain Restrictions role service for the Web Server (IIS) role. You can do this in Server Manager or from the command line using the following command:
ServerManagerCMD -install Web-IP-SecurityIn Windows Server 2008 R2, the ServerManagerCMD.exe program is deprecated and has been replaced with the ServerManager Powershell cmdlets. The following two cmdlets are used to install the IP and Domain Restrictions role service:
Import-Module ServerManagerNow that the role service is installed, you can configure reverse DNS lookups, as follows:
Restricting access by domain name requires a DNS reverse lookup on each connection. This is a very expensive operation and will dramatically affect server performance. Are you sure you want to enable restrictions based on domains?Clicking Yes will enable reverse lookups for all clients connecting to the web server. I have not noticed any more than a 1-2% increase in CPU performance and the websites are just as performant as before.