Trend Micro CSM Suite v2 and ISA 2004

Discussion in 'Windows Small Business Server' started by Bill, Jan 29, 2006.

  1. Bill

    Bill Guest

    Hi, anybody got a how-to on post installation tasks in ISA 2004 to allow ssl
    access to Office Scan Management Console? I have use 4343 as SSL port 8090
    for the web site. I have configured an SSL rule and a web publishing rule
    but I they don't work and I have no idea why.
     
    Bill, Jan 29, 2006
    #1
    1. Advertisements

  2. Hi Bill,

    I'm wondering what the motivation is for SSL? Are you accessing the console
    directly from external locations? Typically, the management console is
    accessed from the server console itself, or from a workstation on the lan -
    and under those cicumstances I don't see where SSL would be required. I've
    never bothered with SSL for the console, and therefore can't offer any
    troubleshooting tips.
     
    Les Connor [SBS Community Member - SBS MVP], Jan 29, 2006
    #2
    1. Advertisements

  3. Bill

    Bill Guest

    Hi Les,

    Put it down to my stupidity. It looked to me like the install wanted me to
    use SSL so I did :(. I will re-install without!

    Cheers,
    Bill

     
    Bill, Jan 29, 2006
    #3
  4. I wouldn't be so hard on yourself ;-).

    SSL is the default, and it should work. But to simplify - I de-select it.

    Here's an old post, worth repeating now that I prefer CSM 2 over 3.

    Here's the procedure for Trend CSM for SMB.

    1. Decide whether you want to use the Adminstrator account for CSM, or
    another account. If you don't want to use the Administrator account, create
    an account. (I use the Administrator account.)

    2. Run setup - install on IIS is generally the only selection available.
    3. Enter the FQDN server.domain.local OR the IP of the SBS. I prefer the IP,
    it seems to work better.
    4. Install into IIS Virtual Web Site (New site, not the default web site)
    5. Use port 8085 for communication. NOTE: - any unused port is fine, check
    IIS to ensure the one you select is not in use.
    6. Deselect SSL.
    7. Use Administrator account - If ISA enter proxy info, if no ISA enter
    nothing in proxy.
    8. If you don't have the activation code - register now, the email with the
    code comes real quick. (note that you can go this far prior to the actual
    install if you like, and get the activation code so you don't have to do
    this while installing).
    9. Accept the server/client port.
    10. Accept the client installation for the SBS (installs the Officescan
    client on the server)
    11. The install proceeds, then open the admin console.

    - This completes Officescan installation, now on to Scanmail.

    12. Go to the Scanmail link on the left, and install Scanmail to the IP of
    your SBS. Scanmail and eManager are installed.

    - This completes the installation of CSM SMB. Now you need to make some
    settings.

    1. In the CSM console, click on the Clients view so you can see the
    Officescan 'domain'. Your SBS will be listed there.
    2. Create a new Officescan 'domain', and move your SBS computer to the new
    domain. The original domain will be used for workstations.
    3. Click on your SBS computer icon, and set the client priveliges to your
    liking.
    4. Click on Scan options | Real time Scan settings, and find the Exclusions
    link.
    5. Put <drive> pagefile.sys in the lower 'file' exclusion list.
    6. Put <these are default locations>

    c:\Program files\exchsrvr
    \trend,
    \trend micro in the directory exclusion area.
    Note that if you have moved your exchange data and or logs somewhere, be
    sure to exclude them. Note also you can be more granular with your
    exclusions if you want - you don't have to exclude the entire directory.

    Another note - there is a tick box for excluding Trend product directories,
    but I do it manually anyway.
    Yet another note - On all screens make sure you APPLY the settings by
    scrolling down to the bottom and clicking the button.

    What you've done with the two Officescan 'domains', is enabled different
    settings for the server versus the clients. Now when you add client
    machines, you can set the options on that domain (rather than each
    workstation) so they apply to all workstations, but not the server. Sometime
    this is useful.

    7. Click on Updates, Server updates, Automatic Update, check the options and
    set the frequency to hourly.

    8. Click on Manual Update, select the options you want, and update now to
    get the lates files and make sure connectiviy is there.

    9. Log off Officescan console.

    Scanmail

    1. Use the non HTML console from start | all programs.
    2. Log on, click on Scheduled Update.
    3. Enable scheduled update, and set it to hourly, select pattern file and
    engine.
    4. If you use ISA, click on the Proxy Settings button and enter the proxy
    info.
    5. Click on Update Now, select the options, set proxy info if you use ISA,
    and click on Update now.

    Those are the basics to get protection. You can learn the fine tuning and
    option stuff (including eManager) as you go.



    --
    Les Connor [SBS Community Member - SBS MVP]
    -----------------------------------------------------------
    SBS Rocks !
    ----------------------
    "Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
    understand." - Confucius


     
    Les Connor [SBS Community Member - SBS MVP], Jan 29, 2006
    #4
  5. Bill

    Bill Glidden Guest

    Hi Les,

    Thanks for getting back so quickly. I will give this a try tonight I am at
    a client's site all day today.

    I got a bit frustrated when I did the first install of Trend CSM, accepting
    most of the defaults and then got a security error when I tried to open the
    Manager web page! I thought that ISA 2004 was blocking access to the site
    so I started looking at how to allow access! My ISA skills are, to say the
    least, rudimentary so I probably made a hash of it.

    I uninstalled and reinstalled using information I foind at isaserver.org
    using port 4343 for SSL and 8090 for the web site. Same error.

    Cheers,
    Bill

     
    Bill Glidden, Jan 29, 2006
    #5
  6. Bill

    Bill Guest

    Hi Les,

    OK installed as per your how-to (without SSL). First attempt to open the
    Management Console generated an authorisation error. Second attempt opened
    the Management Console Login. After password entry, was informed that I
    need active x to run the console but did not offer to install. Closed page
    and reopened, same error. Third time lucky Console opened!

    Each time I open a new page from the console I get a prompt to Install
    Officescan. If I don't accept I can go no further, e.g. OK button was
    greyed out in Install Scanmail unless I installed. What's with this? Very
    confusing because you appear to be installing the same thing about three
    times.

    All installed, configured and running. Will I bother with SSL? Thanks for
    your help Les.

    Cheers,
    Bill

     
    Bill, Jan 30, 2006
    #6
  7. Hi Bill,

    Add the Officescan web site to your trusted sites.

    You have to use the Officescan web site for configuration of that piece -
    Scanmail has both a web config and an application, use the Application
    interface as it works much better than the web interface. eManager has only
    the application interface.

    --
    Les Connor [SBS Community Member - SBS MVP]
    -----------------------------------------------------------
    SBS Rocks !
    ----------------------
    "Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
    understand." - Confucius


     
    Les Connor [SBS Community Member - SBS MVP], Jan 30, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.