ISA 2006 & Symantec Endpoint Protection


I haven’t posted for a week! Ack, I need to keep up but I’ve been busy recently with a client that had a plethora of system problems. So, I was hired to:
-Install Exchange
-Make OWA work from the outside
-Use ISA 2006 to ensure its security

When I started, it turns out they already had Exchange and ISA installed and working well. OWA was not working though and that was the priority. I had some trouble with it because I’ve never used ISA 2006 so I was wishing they just had a Cisco PIX or something. Their only firewall was this ISA 2006 server and after reading through step-by-step guides, I still could not get it to work right (read: at all). I finally found this article that I thought would solve all my problems. Its called “Solving the Dreaded 500 Internet Server Error – The Target principal name is incorrect.”

Its based on ISA 2004 but most of it still applies. Anyway, according to the article, the most common cause would be that the name on my certificate didn’t match the name of the site. This wasn’t the case, I checked and re-checked, even recreated the certificate and reinstalled it. On my way home I was complaining to my girlfriend and told her that “its usually something small, like a check box somewhere.” Guess what? It was a check box somewhere.

I started to re-verify every single setting I could find including on the Exchange server. I found that Forms-based authentication was still enabled. I disabled it and voila! Everything is now working perfectly.

It turns out the client needs some more stuff fixed on the network. They had me look at their Symantec Endpoint Protection deployment. My first impressions: I don’t like it. The interface is java based (which just never ever works out well for me) and its very simplified. I can’t even go in and see a summary off all my clients and the related information (OS, client version, definition date). They have reports now for most of that stuff, which is cool for manager types because it’ll make nice pie graphs, but I just need the info.

It’s running a lot better now that I’ve upgraded the Management Console to MR1, before this it kept freezing up on me and giving me errors. Anytime I tried to generate a report, a new window would pop up with an IE 403 Forbidden error message. That was pretty frustrating but I haven’t gotten it once since I upgraded.

I also ran into issues deploying the client and the definitions because Windows Firewall AND Network Threat Protection were enabled. The client would rather have Windows Firewall and unfortunately there isn’t a way to just disable Network Threat Protection that I know of. You’d have to re-install Symantec Endpoint Protection and choose not to install that component. I added a permit all rule on top :) After reconfiguring Windows Firewall group policies and a LOT of troubleshooting I think the clients are updating policy and definitions from the server. The next step is to deploy this to the other servers (and unfortunately most are web servers). Not sure how it’ll work because it seems Symantec Endpoint Security uses ports 80, 443, and 8443 for its communications. We’ll see!

8 comments… add one

Leave a Reply