Publishing ports on ISA server when single-NIC template is used

A well known fact on the ISA servers is that to do web publishing well but is not very good on other applications. Today I was given the task to publish an arbitrarily port on an existing ISA server used only for web publishing.

The ISA server was originally configured with the single-NIC template. To do port forwarding you need at least two NIC's whatever your network looks like.

In my scenario I have one edge firewall (not ISA) handling all firewall stuff and I only want minimal impact on the existing network. The existing ISA server is configured with a single NIC.

To handle non-web publishing you will need to add a second NIC to the ISA server and some way have the ISA server contact the participating server using the second NIC. The servers do not need to be directly connected, but the route between the servers can not be through the public Interface on the ISA server. (For simplicity, keep the ISA server and the backend server on the same LAN.

When this is done you will need to do some things before you create a new publishing rule;

1. Change the definition on the Internal network to only reflect the IP addresses on the inside LAN of the ISA server (and the backend server). Apply your changes.
2. Change the network settings on all your existing web listeners. Until now - with the single NIC template you only had to use the Internal network as listening network. You now have to change all listeners to listen to the external instead of the internal network. If you have bound a listener to a specific IP address you will have to configure these addresses in addition to changing the network.

When this is done you can create the publishing rules you need.

ISA server publishing hitting default rule

When you publish a web site with ISA Server and it doesn't work, even though you believe you have done it right - here is one solution.

As you can see from the log the published web site only reaches the default rule. My rule seems to be all right as it matches HTTPS traffic.

The cause of this was that the ISA server was running IIS that captured port 80 and blocked web publishing.

Star Wars II walkthrough

Here you can see how to finish the game if you ever are stuck.

Troubleshoot IIS, kerberos and SPN

Here is the tool you need to troubleshoot all your MOSS and Microsoft CRM installations.

 

http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1434

 

How to set file permissions on an MSI package

Do you have MSI based applications where the user needs write permissions on the application directory. This is common in terminal services environments where the packaged application is not designed to work with terminal services.

Using ORCA you can either create a transform (MST file) or modify the MSI application.

To do this you need to modify a MSI table called LockPermissions. When you set permissions using this all inherited rights are removed and only SYSTEM + your rights are set.

To give all users full control on the application directory you have to fill out a row in the LockPermissions table as shown below.

LockObject	Type APPDIR to set the application directory.
Table	For directories type CreateFolder.
Domain	Leave blank for current computer. If you want to match a domain group or user type in the domain name.
User	Type Users to give all users full permissions. You can type in other user names or group names.
Permission	Type 268435456 for full control. If you want more granular control use either AdvancedInstaller to calculate them or read the MSDN documentation.

External links:

• LockPermissions table explained
• ORCA download (use on your own risk)
• AdvancedInstaller

Navision 5 on Citrix 4.5

Problem: Navision 5 does not work on Citrix Presentation Server 4.5. Error code in Dr. Watson is “c0000094 (divide by zero)”. I found an article that talks about this issue, but with no solution.

 

The application runs from the console but not any RDP og ICA session.

 

The solution is to do a registry change on the Citrix Server.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\Multiple Monitor Hook

Name: Flag

Typ: REG_DWORD

Value: 0 (Default is 4)

 

This worked for me! For more information you can read this thread from Citrix support.

AC3 and DTS encoder

I finally found a tool to code AC3 and DTS streams with more than two channels. This tool is expensive and looks much like Aften.

DVD authoring tools

In my quest for making good DVD's from both still pictures and videos this is a list of tools I've found interesting and useful. In my quest I started reading an article at Wikipedia. This list is only a working list for now - at a later time I'll post the definitive solution on how to make good DVD's.

I like to have full control of the output, so I will also try to create outputs with DTS and Dolby Digital sound... I am the first to say I am sorry that all of this cost money. Lot of money.

Disclaimer: I have not bought these programs, I have just compiled a list of them. Not all of them will work together and you will probably not need all tools on this list!

Tool	Comment
DVD-Lab	A cool tool for everyone who like to learn the inner workings of  DVD. With this tool you can write DVD bytecode and you have full control of every aspect of the DVD. You can not create the video stream with this tool, but the makers of DVD-Lab, MediaChance, have bought a company with a video stream tool. The tool is called editstudio.
editstudio	From the makers of DVD-Lab, a tool to edit videos.
DivX codec	The DivX codec is very useful when you capture video from your DV camera. This codec creates very compressed outputs that will save you lots of disc space.
VirtualDub	This is an open-source tool that I just came across. With this tool you can do basic transforms to a movie like convert audio and video format, scaling, cropping etc.
ProShow Producer	This tool is one of my favorites. It is not very good with large movies but when you work with small movies (compiled with VirtualDub or Windows Movie Maker) and still images you get very good output in no time. You can also make outputs for almost everything you want. I once wrote a review on Producer.
Plato Video Converter	I got this tool free from Giveaway of the Day one day. With this tool you can convert between AVI, DivX, XviD, MPEG, WMV, ASF, MOV, QT and RealMedia format.
InterVideo DVDCopy	A tool to copy DVD's to other formats for use on PC, a media server, PSP or similar.
WAV to AC3 Encoder	This tool is a graphical frontend for Aften and will create unlicenced Dolby Digital AC-3 outputs you can attach to your DVD project.
Dolby® Media Producer	Here it is - from the creators of AC-3, a tool to master audio content for your DVD. This software is expensive.
DTS-HD Surround Audio Suite	To create DTS sound to your DVD you can use this tool.

PS! If you want to capture your screen I have a list of tools you can use.