Tuesday, December 7, 2010

Integrating Websense with ISA 2006

I recently had the dubious “pleasure” of having to install and integrate Websense with an ageing ISA 2006 Server.  After lots of trials and tribulations (then it works, then it doesn’t, or it appears to work but doesn’t filter etc. etc.)  I finally had to throw in the towel and call Websense support.  Here is what I had to do to get it working:

  1. Install Websense (with Filtering module) on the ISA server, making sure to select "the “ISA Integration” option during installation
  2. Installed the Websense ISAPI filter as per this Websense guide
  3. Stop and disabled the Filtering Service
  4. Edited the wsMSP.ini file (located in %windir%\system32) on the ISA 2006 server and change the EIMServerIP value to match the IP of the Websense server (in this case my ISA server)
  5. Created a “ignore.txt” file as per the Configuring ISAPI Filter section in the Websense Installation Guide for Microsoft ISA Server
  6. Websense support then had me disable ALL authentication methods in ISA Server.  I did this via Configuration – Networks – Internal – Properties – Web Proxy – Authentication
  7. They then had me set up the following Access Rule in ISA Server: "All outbound traffic" TO AND FROM "Local Host" and "All Protected Networks"

Only after all this did it work as expected.  I have not had the opportunity to test this with ISA’s successor, Microsoft’s Threat Management Gateway, but I would imagine that the procedure should remain fairly similar.

Sunday, December 5, 2010

Backing up Hyper-V VMs using DPM with software VSS Providers

DPM is a terrific backup solution for the all-round Microsoft shop.  In my humble opinion it’s also one of the best ways to back up Hyper-V Virtual Machines.  It integrates beautifully with your SAN vendors hardware VSS providers, but if you don’t have the budget to splash out on the requisite SAN licenses, there is a way to do it in software.

The Challenge

When backing up VM’s residing on a CSV, you might run into the following DPM error message:

Failed to prepare a Cluster Shared Volume (CSV) for backup as another backup using the same CSV is in progress. (ID 32612 Details: Unknown error (0x8007173d) (0x8007173D))

The Solution

  1. Run the DSConfig.ps1 script (included below) on any node in your CSV containing cluster
  2. This will create a file called DataSourceGroups.xml in the same folder that you executed the DSConfig.ps1 script
  3. Copy DataSourceGroups.xml to the %programfiles%\Microsoft DPM\DPM\Config folder on your DPM Server
  4. This file needs to be updated every time you create and protect a VM using DPM
  5. If a protection group has already been created for the virtual machines, execute the Modify Protection Group Wizard. If a protection group has not been created, create a new protection group and the job serialization described above will take effect.

DSConfig.ps1 Script

The updated script can be downloaded from here

This will allow you to get rid of the pesky alerts and streamline your backup process.  The optimum solution would be to use a hardware VSS provider, but this is not always financially feasible, or if you have an iSCSI SAN.