Publishing AuthAnvil Self Service Token Enrollment

In using AuthAnvil to create a secure two-factor remote access for the SBS servers we manage it was decided that we’d like to allow users to Enroll the Cryptocard token we’ve provided themselve. AuthAnvil allows this through a self service token enroll website located on IIS. We’ll use SSL to publish this site.

  1. Click Publish a Web Server. Call it AuthAnvil Token Enroll.
  2. Click Next, Choose Allow, Click Next.
  3. The server name will be publishing.yourinternaldomain.local. Check Forward the orginal host header. The path will be /AuthEnroll/* The public name is the DNS name of your server, for example: mail.domain.com. Click Next.
  4. Choose the SBS Web Listener. Click Next.
  5. Leave All Users. Click Next.
  6. Click Next, until done. Then Click Finish.
  7. Make sure your rule is at the bottom of the other publishing rules in your server. This will make it rule 6 or so.
  8. Right click on it and select Properties
  9. On the Bridging tab make sure SSL is checked
  10. On the To tab check to make sure your server name is correct, the check box is checked and the radio button for requests appear to come from the ISA server is selected.
  11. On the Public Name tab make sure the public DNS name of your server is listed and is correct.
  12. Click OK.
  13. Press the Apply button for this rule to take effect.

Multi-Core Processors: Another reason for SP2

While loading an ISA2004 onto new hardware I ran into a problem where the firewall service would not run. When something like that happens on a new install you get that sinking feeling that it’s going to be a long night.

Fortunately a quick search came up with the solution. Install ISA 2004 SP2. ISA 2004 SP2 corrects an issue where ISA misidentifies the number of processors in the system. This can happen for a variety of reasons, one of which is multi-core processors.

Here’s the kb reference

Vista 64-Bit Can’t Join Domain

Found a kb article that resolved a perplexing problem for us today. A Vista 64-Bit Ultimate edition PC was unable to join the domain. The error message stated a problem with RPC. This usually points to the local firewall but in this case it was ISA and a hotfix is needed to resolve it. This hotfix is available from the download center. No call to PSS required!

The kb article id is 917903; last updated March 15, 2007.

You cannot join a computer that is running a 64-bit version of Windows Vista to a Windows domain on which ISA Server 2004 is configured as a firewall

SYMPTOMS

Consider the following scenario. You have a Windows domain on which Microsoft Internet Security and Acceleration (ISA) Server 2004 is configured as a firewall. You try to add to the domain a client computer that is running a 64-bit version of Windows Vista. However, you receive an “RPC Server unavailable” error message on the client computer. Additionally, the computer is not added to the domain.Note This problem occurs primarily in a Microsoft Windows Small Business Server 2003 (Windows SBS) domain.


CAUSE

This problem occurs because 64-bit Windows Vista client computers add a third context element structure to a remote procedure call (RPC) bind call. However, the ISA Server RPC application filter drops this bind call as an incorrect RPC bind packet.