ISA Server 2000 Best Practices from the Field Presenters: Jim Harrison - Microsoft Corp Jim Edwards...
-
Upload
sharyl-hampton -
Category
Documents
-
view
217 -
download
2
Transcript of ISA Server 2000 Best Practices from the Field Presenters: Jim Harrison - Microsoft Corp Jim Edwards...
ISA Server 2000ISA Server 2000 Best Practices from the Field Best Practices from the Field
Presenters:Presenters:Jim Harrison - Microsoft Corp Jim Harrison - Microsoft Corp
Jim Edwards - Microsoft CorpJim Edwards - Microsoft Corp
AgendaAgenda
Introduction (Jim Harrison)Introduction (Jim Harrison)
Security (Jim Harrison)Security (Jim Harrison)
Reliability (Jim & Jim)Reliability (Jim & Jim)
Performance (Jim Edwards)Performance (Jim Edwards)
Q&AQ&A
SecuritySecurityWindows ConfigurationWindows Configuration
Domain AssociationDomain Association
Perimeter Network ScenariosPerimeter Network Scenarios
ISA ConfigurationISA Configuration
ISA PoliciesISA Policies
ISA LogsISA Logs
ReferencesReferences
Windows ConfigurationWindows Configuration
PatchesPatches, , PatchesPatches, , PATCHES!PATCHES!
Security checklists on Security checklists on – TechnetTechnet– ISAServer.orgISAServer.org– NSANSA
Windows ConfigurationWindows Configuration
ISA Service DependenciesISA Service Dependencies– ISA Server Packet Filter Extension (mspfltex)ISA Server Packet Filter Extension (mspfltex)– Remote Access Connection Manager Remote Access Connection Manager
(rasman)(rasman)– WMI Driver Extensions (wmi)WMI Driver Extensions (wmi)
DCOM is required for ISADCOM is required for ISA
Windows ConfigurationWindows Configuration
Service Dependencies created by ISAService Dependencies created by ISA– ICS (sharedaccess) depends on Microsoft ICS (sharedaccess) depends on Microsoft
Firewall (fwsrv)Firewall (fwsrv)– Routing and Remote Access (remoteaccess) Routing and Remote Access (remoteaccess)
depends on ISA Control (isactrl)depends on ISA Control (isactrl)
Non-DomainNon-Domain
LAN DomainISA Server(s)
Separate Domains (Forests)Separate Domains (Forests)
ISA Domain LAN Domain
One WayTrust fromISA to LAN
Same Forest, Separate DomainsSame Forest, Separate Domains
ISA Domain LAN Domain
ImplicitTwo Way
Trust
Domain (Forest) root
Single DomainSingle Domain
ISA / LAN Domain
Two–Tier Perimeter NetworkTwo–Tier Perimeter Network
LAT Segment
2nd-TierPerimeterNetwork
192.168.0/24 192.168.1/24123.123.123/24
Third-leg Perimeter NetworkThird-leg Perimeter Network
LAT Segment
ExternalSubnet192.168.0/24
123.123.123/24123.123.123/25
LAT Perimeter NetworkLAT Perimeter Network
LAT Segment
LATSegment192.168.0/24
192.168.1/24
IPSec / RRAS IP Filters
Cache modeCache mode
IP packet filtering IP packet filtering NOTNOT Available Available
LAT / LDT LAT / LDT NOTNOT Available Available
Outgoing and Incoming Web Requests Outgoing and Incoming Web Requests listener configurationslistener configurations
Best behind another (ISA) firewallBest behind another (ISA) firewall
Firewall & Integrated modesFirewall & Integrated modes
IP Filtering makes this the most secureIP Filtering makes this the most secure
User- / group-based non-web traffic rulesUser- / group-based non-web traffic rules
Single-NIC installation is Single-NIC installation is NOTNOT supported supported without dialup as externalwithout dialup as external
LAT configurationLAT configuration
LAT ConfigurationLAT Configuration
RightRight WrongWrong
IP Packet FilteringIP Packet Filtering
RightRight WrongWrong
IP Packet FilteringIP Packet Filtering
RightRight WrongWrong
Admin RightsAdmin Rights
RightRight Right?Right?
Protocol RulesProtocol Rules
RightRight
Protocol RulesProtocol Rules
WrongWrong
Site & Content RulesSite & Content Rules
AnonymousAnonymous
Site & Content RulesSite & Content Rules
UnfilteredUnfiltered
Server PublishingServer Publishing
Incoming Web ListenersIncoming Web Listeners
Right ?Right ?RightRight
Web PublishingWeb Publishing
WrongWrongRightRight
Web PublishingWeb Publishing
Web PublishingWeb Publishing
ISA LogsISA LogsOther Server LogsOther Server Logs– SMTP, DNS, etc.SMTP, DNS, etc.
Forensic AnalysisForensic Analysis– Securityfocus.comSecurityfocus.com article article
Legal EvidenceLegal Evidence– Computer ForensicsComputer Forensics– Trail of EvidenceTrail of Evidence
IP Packet Filter LogsIP Packet Filter Logs
External scans, External scans, attacks, spoofsattacks, spoofs
Log field selectionsLog field selections– Payload is limited to Payload is limited to
the first 256 bytesthe first 256 bytes
IP PF Log ExamplesIP PF Log Examples
source-ip destination-ip proto param#1 param#2 flags
68.124.157.106 123.123.123.10 Tcp 1646 17300 SYN193.179.148.234 123.123.123.12 Tcp 4738 22 SYN
209.221.223.108 123.123.123.10 ICMP 8 0209.221.223.108 123.123.123.11 ICMP 8 0209.221.223.108 123.123.123.12 ICMP 8 0209.221.223.108 123.123.123.13 ICMP 8 0
62.111.208.195 123.123.123.10 Tcp 2736 135 SYN62.111.208.195 123.123.123.11 Tcp 2737 135 SYN62.111.208.195 123.123.123.12 Tcp 2738 135 SYN 62.111.208.195 123.123.123.13 Tcp 2739 135 SYN
IP PF Log Bonus SlideIP PF Log Bonus Slide
211.41.55.136 123.123.123.11 Tcp 3127 3127 SYN
211.41.55.136 123.123.123.12 Tcp 3135 3127 SYN
211.41.55.136 123.123.123.13 Tcp 3140 3127 SYN
Firewall LogsFirewall Logs
Internal virus / worms Internal virus / worms detectiondetection
Log field selectionsLog field selections
– WP and FW share WP and FW share many logging optionsmany logging options
Firewall Log ExamplesFirewall Log Examples
c-ipc-ip r-ip r-ip r-portr-port cs-protcs-prot s-opers-oper sc-status sc-status
192.168.0.1 123.123.123.123192.168.0.1 123.123.123.123 135135 TCPTCP ConnectConnect 1330113301
192.168.0.1192.168.0.1 207.46.245.214 135135 TCPTCP ConnectConnect 00
192.168.0.1 192.168.0.1 207.46.245.214 1730017300 TCPTCP ConnectConnect 1330113301
192.168.0.1 192.168.0.1 207.46.245.214 1730017300 TCPTCP ConnectConnect 00
192.168.0.1 192.168.0.1 207.46.245.214 8080 TCPTCP ConnectConnect 1330113301
192.168.0.1 192.168.0.1 207.46.245.214 8080 TCPTCP ConnectConnect 00
Web Proxy LogsWeb Proxy Logs
Internal, external virus Internal, external virus / worms detection/ worms detection
Log field selectionsLog field selections
Web Proxy Log ExamplesWeb Proxy Log Examples
CodeRed
<SourceIP> GET www 12202
<SourceIP> GET www 200
Nimda
<SourceIP> GET <ISAExtIP> 12202
<SourceIP> GET <ISAExtIP> 200
Auth Failure
<SourceIP> GET http://www.thatsite.tld 12209
Romper-Room No-No’sRomper-Room No-No’s
IP Packet Filtering off & IP Routing onIP Packet Filtering off & IP Routing on
Enable IP Routing via RRAS or TCP/IPEnable IP Routing via RRAS or TCP/IP
LAT includes external (or DMZ) subnetsLAT includes external (or DMZ) subnets
Same-subnet on internal / external NICsSame-subnet on internal / external NICs
FW Client installed on the ISAFW Client installed on the ISA
““All destinations” web publishing ruleAll destinations” web publishing rule
Security and Critical HotfixesSecurity and Critical Hotfixes
Service Pack 1Service Pack 1– KB 283213KB 283213 ICMP blocking (Nachi defense) ICMP blocking (Nachi defense)
Post SP1Post SP1– KB 319374 & 321846KB 319374 & 321846 Web Proxy crash Web Proxy crash– MS02-027MS02-027 BO in Gopher protocol handler BO in Gopher protocol handler– MS03-009MS03-009 DoS in DNS IDS filter DoS in DNS IDS filter– MS03-012MS03-012 DoS in Firewall Service DoS in Firewall Service– MS03-028MS03-028 XSS in ISA Error pages XSS in ISA Error pages– MS04-001 H.323 VulnerabilityMS04-001 H.323 Vulnerability
Security ReferencesSecurity References
Microsoft checklists and guides: Microsoft checklists and guides: http://www.microsoft.com/technet/security/chklist/Default.http://www.microsoft.com/technet/security/chklist/Default.aspasp
http://www.microsoft.com/http://www.microsoft.com/
technet/security/tools/default.asptechnet/security/tools/default.asp
CC configurationCC configuration
https://https://s.microsoft.com/isaserver/code/commoncriterias.microsoft.com/isaserver/code/commoncriteria//
Security ReferencesSecurity References
NSA configurationNSA configuration
http://www.nsa.gov/snac/win2k/guides/w2k-11.phttp://www.nsa.gov/snac/win2k/guides/w2k-11.pdfdf
http://www.nsa.gov/snac/win2k/guides/inf/isa.infhttp://www.nsa.gov/snac/win2k/guides/inf/isa.inf
Log ForensicsLog Forensics
http://securityfocus.com/infocus/1712http://securityfocus.com/infocus/1712
ReliabilityReliability
Windows ConsiderationsWindows Considerations
ISA Server 2000 Firewall ConsiderationsISA Server 2000 Firewall Considerations
Reliability Windows SettingsReliability Windows Settings
NIC binding orderNIC binding order
Routing tableRouting table
Patch Patch Patch!Patch Patch Patch!
RedundancyRedundancy
System ServicesSystem Services
Extraneous ServicesExtraneous Services
Reliability Windows Settings:Reliability Windows Settings:NIC Binding OrderNIC Binding Order
InternalInternal– Top of listTop of list– NO Default gatewayNO Default gateway– DNS/WINSDNS/WINS
ExternalExternal– Default gatewayDefault gateway– Dial up issuesDial up issues
RASRAS– Dial up issuesDial up issues
DMZDMZ– Doesn’t matterDoesn’t matter
Reliability Windows Settings:Reliability Windows Settings:Routing TableRouting Table
Static RoutesStatic Routes– Windows Windows
routing tablerouting table– RRAS routing RRAS routing
tabletable
Dynamic RoutesDynamic Routes– VPN issuesVPN issues
VPN ClientsVPN Clients– Mystery of the Windows VPN client gatewayMystery of the Windows VPN client gateway
Reliability Windows Settings:Reliability Windows Settings:Patches!Patches!
Service PacksService Packs– Install them nowInstall them now– Latest OS and ISA SP and FPLatest OS and ISA SP and FP
HotfixesHotfixes– Do you need them?Do you need them?– What about Windows Update?What about Windows Update?
Security UpdatesSecurity Updates– What’s going to break?What’s going to break?
Testing labTesting lab– Mirror config in labMirror config in lab– Don’t let the production network be your regression Don’t let the production network be your regression
testing labtesting lab
Reliability Windows Settings:Reliability Windows Settings:RedundancyRedundancy
What are you What are you trying to accomplish?trying to accomplish?Web v. Server Web v. Server Publishing RulesPublishing RulesNLB v. RainwallNLB v. Rainwall– Bidirectional Bidirectional
what?what?
Hardware Load Hardware Load BalancersBalancers– Pay to playPay to play
RainConnectRainConnect– Redundant Internet Redundant Internet
connectivityconnectivity– Outbound and inboundOutbound and inbound
NextLAND Proturbo 800NextLAND Proturbo 800
Reliability Windows Settings:Reliability Windows Settings:System ServicesSystem Services
Disable Junk ServicesDisable Junk Services– (list several of these)(list several of these)
Determining Required Determining Required ServicesServices– Disable and testDisable and test
Remote Registry Remote Registry ServiceService
Reliability Windows Settings:Reliability Windows Settings:Extraneous SoftwareExtraneous Software
Server ServicesServer Services– It’s a firewall, not a firesaleIt’s a firewall, not a firesale
Not a workstationNot a workstation– No Kaaza No Kaaza – No VPN client connectionsNo VPN client connections
Plug In’sPlug In’s– Test test testTest test test
Reliability ISA SettingsReliability ISA Settings
Test All PoliciesTest All Policies
Separate Inbound and Outbound DutiesSeparate Inbound and Outbound Duties
Backing UpBacking Up
Caching ArraysCaching Arrays
Reliability ISA Settings:Reliability ISA Settings:Field Test All PoliciesField Test All Policies
Protocol RulesProtocol Rules– The dreaded “all open” ruleThe dreaded “all open” rule
Site and Content RulesSite and Content Rules– Kill anonymous access Site and Kill anonymous access Site and
Content RulesContent Rules– Server client address set for Server client address set for
anonymous accessanonymous accessKill the HTTP (Re)DirectorKill the HTTP (Re)Director– Can’t block via Site/Content rulesCan’t block via Site/Content rules
Packet FiltersPacket Filters– This ain’t no pix(en)This ain’t no pix(en)
Web and Server Publishing RulesWeb and Server Publishing Rules– FQDN in Destination SetsFQDN in Destination Sets– The mystery of the ephemeral The mystery of the ephemeral
outbound IP addressoutbound IP addressVMwareVMware– Buy now or pay laterBuy now or pay later
Reliability ISA Settings:Reliability ISA Settings:Separate Inbound and OutboundSeparate Inbound and OutboundSeparate Inbound and Outbound ServersSeparate Inbound and Outbound ServersInbound ServersInbound Servers– Web Publishing and Web Publishing and
MemoryMemory– Server publishing Server publishing
performanceperformance
Outbound ServersOutbound Servers– Authentication traffic and Authentication traffic and
performanceperformance– Active caching and trafficActive caching and traffic
BandwidthBandwidth– Kill bandwidth rulesKill bandwidth rules
Reliability ISA Settings:Reliability ISA Settings:Backing UpBacking Up
Integrated Backup ToolIntegrated Backup Tool– Who need’s ‘em?Who need’s ‘em?
Import/Export ScriptImport/Export Script– Different IP address publishing/filters (IP specific)Different IP address publishing/filters (IP specific)
ISAinfo script (better know everything ISAinfo script (better know everything before before you you need to restore)need to restore)Disk ImagingDisk Imaging– Careful of different hardwareCareful of different hardware
Using VMware ImagesUsing VMware Images– Works great – performance Works great – performance
issuesissues
Reliability ISA Settings:Reliability ISA Settings:Caching ArrayCaching Array
Caching ArrayCaching Array– Not fault tolerance schemeNot fault tolerance scheme– Load balancing v. load sharingLoad balancing v. load sharing– The miracle of wpad and autodiscoveryThe miracle of wpad and autodiscovery
Reliability ISA Settings: Reliability ISA Settings: Autoconfiguration and AutodetectionAutoconfiguration and Autodetection
WpadWpad– DHCPDHCP– DNSDNS
Group PolicyGroup Policy
IEAKIEAK
Registry fileRegistry file
Firewall client Firewall client installationinstallation
Reliability HotfixesReliability Hotfixes
ISA Server Service Pack 1ISA Server Service Pack 1– http://www.microsoft.com/http://www.microsoft.com/isaserverisaserver
/downloads/ sp1.asp/downloads/ sp1.asp
ISA Server 2000 Hotfix for Rules Engine and ISA Server 2000 Hotfix for Rules Engine and Potential Web Proxy Service CrashPotential Web Proxy Service Crash – http://www.microsoft.com/downloads/details.aspx? http://www.microsoft.com/downloads/details.aspx?
displaylang=en&FamilyID=235B14FB-CDB4-4FCE-displaylang=en&FamilyID=235B14FB-CDB4-4FCE-BE10-E25F869DD40EBE10-E25F869DD40E
Flaw In ISA Server DNS Intrusion Detection Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of ServiceFilter Can Cause Denial Of Service – http://www.microsoft.com/technet/treeview/http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/security/bulletin/MS03-default.asp?url=/technet/security/bulletin/MS03-009.asp009.asp
Reliability HotfixesReliability Hotfixes
Flaw In Winsock Proxy Service And ISA Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Firewall Service Can Cause Denial Of ServiceService– http://www.microsoft.com/technet/treeview/ http://www.microsoft.com/technet/treeview/
default.asp?url=/technet/security/bulletin/ default.asp?url=/technet/security/bulletin/ MS03-012.asp MS03-012.asp
Update Rollup for ISA Server Services Update Rollup for ISA Server Services – http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?
scid=kb;EN-US;810493 scid=kb;EN-US;810493
Key ReferencesKey References
Shinder ISA Server 2000 SectionShinder ISA Server 2000 Section– www.isaserver.org/shinder www.isaserver.org/shinder
Jim Harrison’s ISAtools SiteJim Harrison’s ISAtools Site– www.isatools.org www.isatools.org
ISA Server Performance Best PracticesISA Server Performance Best Practices– http://www.microsoft.com/technet/security/ http://www.microsoft.com/technet/security/
prodtech/ISA/ISAPrfBP.asp?frame=true prodtech/ISA/ISAPrfBP.asp?frame=true
PerformancePerformance
Windows ConfigurationWindows Configuration
ISA ConfigurationISA Configuration
Performance; Windows SettingsPerformance; Windows Settings
IP Stack configurationIP Stack configuration– TcpTimedWaitDelay & StrictTimeWaitSeqCheckTcpTimedWaitDelay & StrictTimeWaitSeqCheck– Remove QOS when not using ISA Bandwidth ControlRemove QOS when not using ISA Bandwidth Control
Page FilePage File– Separate physical driveSeparate physical drive– Not compressed/encrypted volumeNot compressed/encrypted volume
Physical memoryPhysical memory– 1024 Meg Minimum1024 Meg Minimum– 3072 Meg Maximum3072 Meg Maximum– /3GB switch – Reverse Web Cache only/3GB switch – Reverse Web Cache only
Performance; Windows SettingsPerformance; Windows Settings
Disk subsystem – Only for Web CacheDisk subsystem – Only for Web Cache– RAID 0 if using RAIDRAID 0 if using RAID
NICNIC– Server class, 64-bit PCI-XServer class, 64-bit PCI-X– Multiprocessor - HW Interrupt PartitioningMultiprocessor - HW Interrupt Partitioning
SSL/IPSec AcceleratorsSSL/IPSec Accelerators– Good only for large number of HTTPS connectionsGood only for large number of HTTPS connections
Processors (class / quantity)Processors (class / quantity)– Do not use the ISA server as a workstationDo not use the ISA server as a workstation
Performance; Windows SettingsPerformance; Windows Settings
Domain TopologyDomain Topology– Large number of NTLM authentication Large number of NTLM authentication
requestsrequests– DNSDNS
Logical NetworkLogical Network– Single Default Gateway on ISA ServerSingle Default Gateway on ISA Server
Performance; ISA SettingsPerformance; ISA Settings
Rule elements – Less granularRule elements – Less granular– Rule processing increases linearlyRule processing increases linearly– Small number of Rules with large Destination SetsSmall number of Rules with large Destination Sets
Enable Kernel Mode Data Pump – IP RoutingEnable Kernel Mode Data Pump – IP Routing– Significant increase to most capacity intensive Significant increase to most capacity intensive
ProtocolsProtocols– Disable filtering of IP fragmentsDisable filtering of IP fragments
Firewall & Web Proxy service DNS CacheFirewall & Web Proxy service DNS Cache– By default, services hold last 3000 DNS recordsBy default, services hold last 3000 DNS records
for 6 hours, regardless of TTLfor 6 hours, regardless of TTL
Performance; ISA SettingsPerformance; ISA Settings
Server PublishingServer Publishing– Non RPCNon RPC– RPCRPC
Web PublishingWeb Publishing– Fewer Rules with large Destination Sets. Faster, less Fewer Rules with large Destination Sets. Faster, less
secure.secure.– More Rules with small Destination Sets. Slower, More Rules with small Destination Sets. Slower,
more secure.more secure.– Skip name resolutionSkip name resolution
Memory UsageMemory Usage– Firewall ServiceFirewall Service– Web ServiceWeb Service
Performance; ISA SettingsPerformance; ISA Settings
Split purposeSplit purpose– Web ProxyWeb Proxy– Web PublishingWeb Publishing– FirewallFirewall
LoggingLogging– Ideal is Off. Not going to happenIdeal is Off. Not going to happen– Logging Fails, ISA stops serving contentLogging Fails, ISA stops serving content– FileFile– DatabaseDatabase
ReportingReporting– DisableDisable
Performance; ISA ClientsPerformance; ISA Clients
OutboundOutbound– Use Remote WinSock (RWS) client where Use Remote WinSock (RWS) client where
possiblepossible– Set web browsers to use ISA server as Web Set web browsers to use ISA server as Web
ProxyProxy– Streaming media clients Streaming media clients
Performance; Registry Re-CapPerformance; Registry Re-Cap
DiskDisk– Disable short name creation. Disable short name creation. HKLM\SYSTEM\HKLM\SYSTEM\
CurrentControlSet\Control\ CurrentControlSet\Control\ Filesystem DWord Filesystem DWord “NtfsDiable8dot3NameCreation” “NtfsDiable8dot3NameCreation” 0x10x1
– Disable last access update. Disable last access update. HKLM\SYSTEM\HKLM\SYSTEM\CurrentControlSet\Control\ CurrentControlSet\Control\ Filesystem Filesystem DWord“NtfsDsiableLastAccessUpdate” DWord“NtfsDsiableLastAccessUpdate” 0x10x1
– Multiprocessor only - Bypassing I/O Counters. Multiprocessor only - Bypassing I/O Counters. HKLM\SYSTEM\CurrentControlSet\Control\Session HKLM\SYSTEM\CurrentControlSet\Control\Session
Manager\I/O System DWord Manager\I/O System DWord “CounterOperations” “CounterOperations” 0x00x0
Performance; Registry Re-CapPerformance; Registry Re-CapNTLM AuthenticationNTLM Authentication– HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\
Parameters DWord “MaxConcurrentApi” 0x3 through Parameters DWord “MaxConcurrentApi” 0x3 through 0x60x6
ISAISA– Internal DNS CacheInternal DNS Cache
Web Proxy: HKLM\SOFTWARE\Microsoft\Fpc\Web Proxy: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\{Array GUID}\ArrayPolicy\WebProxy DWord Arrays\{Array GUID}\ArrayPolicy\WebProxy DWord "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl" "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl" Firewall: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\Firewall: HKLM\SOFTWARE\Microsoft\Fpc\Arrays\{Array GUID}\ArrayPolicy\Proxy-WSP DWord {Array GUID}\ArrayPolicy\Proxy-WSP DWord "msFPCDnsCacheSize“ & "msFPCDnsCacheTtl"msFPCDnsCacheSize“ & "msFPCDnsCacheTtl““
Performance; Registry Re-CapPerformance; Registry Re-Cap
ISAISA– Maximum backlog for incoming TCP Maximum backlog for incoming TCP
connectionsconnectionsNon RPC – HKLM\System\CurrentControlSet\Non RPC – HKLM\System\CurrentControlSet\Services\ FWSRV\Parameters Services\ FWSRV\Parameters “ServerMappingBlacklog” DWord key. For “ServerMappingBlacklog” DWord key. For Exchange server 0x50, Web server 0xA0.Exchange server 0x50, Web server 0xA0.RPC – HKLM\Software\Microsoft\FPC\PluginRPC RPC – HKLM\Software\Microsoft\FPC\PluginRPC “ServerMappingBlacklog” and ”InterfacesBacklog”. “ServerMappingBlacklog” and ”InterfacesBacklog”. For Exchange RPC “ServerMappingBlacklog” = For Exchange RPC “ServerMappingBlacklog” = 0xA0 and ”InterfacesBacklog” = 0x50.0xA0 and ”InterfacesBacklog” = 0x50.
Performance; Registry Re-CapPerformance; Registry Re-Cap
ISAISA– Bypass Name ResolutionBypass Name Resolution
HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\ W3Proxy\Parameters\ W3Proxy\Parameters\ SkipNameResolutionForPublishingRules DWord SkipNameResolutionForPublishingRules DWord “SkipNameResolutionForPublishingRules” 0x1“SkipNameResolutionForPublishingRules” 0x1HKLM\SYSTEM\CurrentControlSet\Services\ HKLM\SYSTEM\CurrentControlSet\Services\ W3Proxy\Parameters\ W3Proxy\Parameters\ SkipNameResolutionForAccessAndRoutingRules SkipNameResolutionForAccessAndRoutingRules DWord DWord “SkipNameResolutionForAccessAndRoutingRules” “SkipNameResolutionForAccessAndRoutingRules” 0x10x1
Performance; ReferencesPerformance; References
WindowsWindowsDiskDisk
http://www.microsoft.com/http://www.microsoft.com/technet/prodtechnoltechnet/prodtechnol/ windows2000serv/reskit/serverop/part2/ sopch08.as/ windows2000serv/reskit/serverop/part2/ sopch08.aspp
System System
http://http://support.microsoft.com/default.aspxsupport.microsoft.com/default.aspx? ? scidscid=kb;en-us;171793=kb;en-us;171793
http://www.microsoft.com/http://www.microsoft.com/technet/prodtechnoltechnet/prodtechnol/ windows2000serv/reskit/serverop/part2/ sopch10.as/ windows2000serv/reskit/serverop/part2/ sopch10.aspp
Performance; ReferencesPerformance; ReferencesISAISA
http://www.microsoft.com/technet/security/ http://www.microsoft.com/technet/security/
prodtech/ISA/ISAPrfBP.aspprodtech/ISA/ISAPrfBP.asp
http://www.isaserver.org/tutorials/ISA_Clients__ http://www.isaserver.org/tutorials/ISA_Clients__
Part_1__General_ISA_Server_Configuration.htmlPart_1__General_ISA_Server_Configuration.html
http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?
scid=kb;en-us;326040scid=kb;en-us;326040
http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?
scid=kb;en-us;291427scid=kb;en-us;291427
http://support.microsoft.com/default.aspx? http://support.microsoft.com/default.aspx?
scid=kb;en-us;292018scid=kb;en-us;292018
Q & AQ & A