Cisco ASA Domain Authentication and Trust (Allowing)
ASA Domain Authentication KB ID 0000973 Problem I cringed this morning when I was asked about this, last time I had to get a client to authenticate to a domain through a firewall, it was ‘entertaining’. The problem is Windows loves to use RPC, which likes to use random ports, so to make it work you either had to open TCP ports 49152 and 65535 (Yes I’m Serious). Or you had to registry hack all your domain controllers...
RSA SecurID Error – ‘106: The Web server is busy. Please try again later’
RSA SecurID Error KB ID 0000975 Problem Not the most descriptive of errors! In fact this has got nothing to do with the busyness of the web server at all. Solution : RSA SecurID Error What’s actually happening is the RSA agent on this machine (in this case a web server) cannot communicate with the RSA Authentication Manager. In my case the web server was in a DMZ, and the RSA Authentication Manager Appliance was in another DMZ....
VMware Unified Access Gateway: Horizon Deployment
KB ID 0001605 Problem With older versions of Horizon View, we simply deployed another Connection server and called it a Security Server. The drawback of that is, it requires another Windows licence. You can now deploy VMware UAG (Unified Access Gateway), try to think of it as a ‘Netscaler for VMware’, and like other VMware solutions it’s a small appliance built on VMware’s ‘Photon’ Linux. Below is...
Load Balance IIS with Microsoft ARR
KB ID 0001573 Problem If you have a lot of IIS servers, and want to load balance between them, then you can either buy a load balancer, or use Microsoft ARR (Application Request Routing). Note: ARR does a lot more than simply load balancing, e.g. it can perform caching, and complex web routing, and even SSL offloading. Here we are just looking at load balancing. I’m going to deploy TWO ARR servers in my DMZ, here I’ve got...
Presenting Exchange 2019 With WAP and ADFS
KB ID 0001546 Problem I’ve used WAP (Web Application Proxy) to present Remote Desktop Services before, but never for Microsoft Exchange. It came up as a possible requirement for a client this week, so I thought I’ll work it out on the bench. here’s the topology; Exchange: Exchange 2019 Standard Server OS: Server 2019 Datacenter Solution – Step 1 Deploy ADFS If you are going to use ‘self signed’...