Technical Clinic with David Overton [email protected].
-
Upload
isaiah-pugh -
Category
Documents
-
view
222 -
download
2
Transcript of Technical Clinic with David Overton [email protected].
![Page 2: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/2.jpg)
AgendaAgenda
3 Questions3 Questions
Windows Mobile problemsWindows Mobile problems
ISA Server 2004 and branch officeISA Server 2004 and branch office
Group Policy UsageGroup Policy Usage
N.B. Send your Q&A questions via N.B. Send your Q&A questions via the keyboard during the the keyboard during the presentation and I will answer at the presentation and I will answer at the endend
CloseClose
![Page 3: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/3.jpg)
Question 1Scott
Situation Windows XP Pro SP2 PC with SBS2003 w/SP1 &
Exchange SP2 Syncing over the air with Exchange is working fine but
when the device is connected to the PC via USB I get error 8501008:
“The Proxy Server you have specified is incompatible with your device. Specify the correct proxy server in your connection configuration. Support code: 8501008”
Note A solution to this would be great. But what I’m really
after is a general understanding of what’s going on when a Mobile 5.0 device is connected by the USB cable.
![Page 4: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/4.jpg)
Diagnosis tool
We need to make sure ActiveSync is up to date and that general connectivity is provided (i.e. can I browse the web)
http://www.microsoft.com/windowsmobile/help/activesync/default.mspx
![Page 5: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/5.jpg)
When a device is connected
![Page 6: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/6.jpg)
Clean up ActiveSync and Phone
![Page 7: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/7.jpg)
Connect the device
![Page 8: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/8.jpg)
![Page 9: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/9.jpg)
![Page 10: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/10.jpg)
![Page 11: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/11.jpg)
Fails to connect as needs proxy information
![Page 12: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/12.jpg)
Check the settings on the client
![Page 13: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/13.jpg)
![Page 14: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/14.jpg)
![Page 15: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/15.jpg)
Question 2(a)Angus
I would like to see info on exactly what we need to get push email to work?
Also some real world data on how much bandwidth this will take.
![Page 16: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/16.jpg)
What is Needed
Windows Mobile V5.0 device Messaging and Security Feature Pack ActiveSync V4.1 Exchange 2003 w/SP2 SSL Certificate that matches the roots
accepted on the device Data contract with your mobile provider Configuration changes to the SBS Server
![Page 17: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/17.jpg)
Windows Mobile 5.0 and Exchange 2003 SP2
http://uksbsguy.com/r.ashx?5 http://www.microsoft.com/technet/
prodtechnol/exchange/2003/sp2mobility.mspx Direct Push technology Wireless support for contact information Remotely enforced security policy Local device wipe
![Page 18: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/18.jpg)
Steps to make it work
Step 1 - Installing ActiveSync® 4.1 Step 2 - Enabling mobile services for users Step 3 - Configuring the firewall and Web services Step 4 - Deploying an SSL certificate Step 5 - Configuring Windows SBS 2003 for MSFP Step 6 - Configuring device synchronization Step 7 - Testing the deployment
![Page 19: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/19.jpg)
Ensure users and Firewall are configured
![Page 20: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/20.jpg)
Configure Exchange and ActiveSync
1.Ensure Exchange Server 2003 SP2 is installed2.Open Exchange System Manager.3.Expand Global Settings.4.Right-click Mobile Services and click Properties.5.Verify that the Enable Direct Push over HTTP(s) check box is selected.
![Page 21: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/21.jpg)
Question 2(b)
ISA2004 SP2 has problems - elaborate on them.
ISA2004 VPN site to site with SBS2003PE
dual NIC to Win2K3 single NIC branch office member server, any tested appliances etc?
![Page 22: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/22.jpg)
Request Smuggling Error Code: 502 Proxy Error. The HTTP request includes a non-supported
header. Contact your ISA Server administrator. (12156) Sending response headers that include both Content-length: and
transfer-encoding: chunked RFC-2616 defines those two headers for the purpose of providing
quantitative content validation for the receiver and states *very clearly* that the server MUST NOT combine them in the same response.
Some sites are either failing outright or rendering poorly because ISA rejects those responses as RFC-2616 clearly states don't combine those headers and doing so is a demonstrably malicious act.
As it turns out, there are quite a few legitimate sites out there that violate this part of RFC-2616 and so we have had to rethink our answer to this problem.
If this is hitting you, call PSS and request a patch against KB915045
http://isainsbs.blogspot.com/
![Page 23: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/23.jpg)
Authentication behaviour changes Error message when you try to connect to a Web site
that is published by using ISA Server 2004 Service Pack 2: "403" or "500" With authentication methods enabled:
Basic, RADIUS, Outlook Web Access Forms-Based Web listener is configured to listen for HTTP traffic The Require all users to authenticate check box is selected
for the Web listener You connect to the published Web site by using HTTP
ISA Server 2004 SP2 does not enable traffic on the external HTTP port if the Web listener is configured to request one of the above kinds of credentials
http://support.microsoft.com/kb/912122/en-us
![Page 24: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/24.jpg)
ISA appliances
“Tested” ISA to ISA, yes http://www.microsoft.com/isaserver/
hardware/default.mspx Key learning's
Check security at every level – be paranoid http://uksbsguy.com/r.ashx?8
Ensure all certificates are trusted (try browsing to the “other” sites
![Page 25: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/25.jpg)
Question 2(c)
Since the DFS-R enhancements will not be in SBS2003 R2, what is the best way to set up a branch office and sync email, files/folder and DC information? Also, can you share any real world bandwidth and tips/tricks?
![Page 26: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/26.jpg)
Site to site scenarios
Running Multiple Servers in a SBS environment
http://uksbsguy.com/r.ashx?7
![Page 27: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/27.jpg)
Consider a Domain controller
E-Mail – use Outlook Files, Use Sharepoint or DFS* Authorisation, make it a DC Local Backup – almost certainly
![Page 28: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/28.jpg)
Question 3
Is it possible to stop “My Documents replication” for just one user? The tool in SBS impacts all users
![Page 29: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/29.jpg)
GPO Information
Group Policy Objects (GPO) are inherited from the Organisational Units (OU) above by default
You can create OUs to have different policies, so by moving accounts around, you change the policies that impact that user
This has been discussed on the UKSBSGUY.com forums - http://uksbsguy.com/forums/thread/104.aspx
![Page 30: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/30.jpg)
Demo of GPO changes
![Page 31: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/31.jpg)
Close
Please continue to sign up for these and post questions
Please continue the feedback, either on http://UKSBSGUY.com so it is public, or via e-mail to me ([email protected])
If you are not an SBSC member, join athttp://www.microsoft.com/uk/partner/sbsc
Thank-you for listening
![Page 32: Technical Clinic with David Overton doverton@microsoft.com.](https://reader033.fdocuments.in/reader033/viewer/2022061305/55141b48550346d8488b5575/html5/thumbnails/32.jpg)