Now that you have installed the Windows server software with the necessary components, you can configure the Windows platform to support the relay server software. Platform configuration involves the following tasks, each of which is described in detail in the sub-sequent procedure.
• Set system startup and recovery options
• Set virtual memory to maximize performance.
• Configure internal network connections to support TCP/IP.
• Configure external network connections to support TCP/IP with filtering, port restrictions, and any other security measures in place.
• Specify NT EventLog size and overwrite properties.
• Install system base symbols
• Install system service pack symbol updates.
• Install User Dump service.
• Install latest Windows service pack.
• Install Windows critical and security updates.
Do NOT Install These Components: Install These Optional Components as Needed:
Internet Information Service (IIS)
The Groove Relay service listens on ports 80 and 443. IIS’s use of these same ports will conflict with the relay’s use of these ports.
Active Directory
The relay server utilizes the services of the Enterprise Management Server instead of Active Directory services. The presence of Active Directory services and other Windows services impede relay server performance.
The following components should not be installed because they degrade relay server performance:
Internet Mail Service/SMTP virtual server Content Indexing
Transaction Service Message Queue Service Domain Name Service
Dynamic Host Configuration Protocol (DHCP) Service
WINS Service
Terminal Services (for remote administration).
Management and Monitoring Tools/Network Monitor Tools (for analysis of network packets).
Remote Registry Service (for remote access to performance counters).
• Configure registry settings to prevent memory fragmentation.
The following procedure describes each of the above tasks in detail.
1. Open the System control panel applet, click the Advanced tab.
2. Configure system startup and recovery options as follows:
a. Click the Startup and Recovery button, and entering recommended values as shown in the following table.
b. Click OK when you are finished.
3. Configure the system performance options as follows:
a. Click the Performance Options button.
b. In the ‘Optimize performance for’ field, select Background services.
c. Click the Change button to display the Virtual Memory options.
d. Set your virtual memory to be at least the size of the real memory available on your machine, but no more than half the available free space on your system partition. Typically, the setting should between 1 and 8 gigabytes (GB).
e. Click OK when you are finished.
4. Configure each of the relay server’s internal network connections (network interface cards) as recommended below.
Note: The settings listed here are general guidelines only. Customize these settings based on your local network configuration. Microsoft leaves all ports open and unprotected (no lockdowns are in place), so consider your connection settings care-fully. On an internal network, the settings described here are typically satisfactory but if you need to further protect certain ports, you can provision and apply filters to them. However, blocking all ports on internal connections is not recommended as it can disrupt communications between the relay and management servers.
a. Right-click on My Network Places, and select Properties open the Network and Dial-Up Connections window. Then right-click on the internal connection that you want to edit and select Properties.
b. If the Client for Microsoft Networks component is not already present and enabled, add and enable it.
c. If the File and Printer Sharing for Microsoft Networks component is not already present and enabled and you installed the Remote Registry Service listed in the operating system components table above, and if your company’s
System Startup and Recovery Options
Value
Send an administrative alert
On
Automatically reboot On
Crash Dump type Complete Memory Dump
Dump File %SystemRoot%\MEMORY.DMP
Overwrite any existing files On
security policies allow this component, add and enable it. Otherwise, remove or disable it.
d. If the Internet Protocol (TCP/IP) component is not already present and enabled, add and enable it.
e. If you installed the Network Monitor Tools above, add and enable the Network Monitor Driver component.
f. If you enabled File and Printer Sharing, enable NetBIOS over TCP/IP by clicking Internet Protocol (TCP/IP), clicking the Properties button, clicking the Advanced button to open the Advance TCP/IP Settings window, clicking the WINS tab, and then selecting the Enable NetBIOS over TCP/IP radio button.
g. Click the DNS tab and make any changes necessary to your network configuration.
h. Click the IP Settings tab and make any necessary changes.
i. Press Ok until you return to the Network and Dial-Up Connections window.
5. Configure each external network connection on the relay server as follows:
Note: Customize these settings based on your local network configuration.
Microsoft leaves all ports open and unprotected (no lockdowns are in place), so consider your connection settings carefully. The settings cited below are general guidelines.
a. Right-click on My Network Places, select Properties to open the Network and Dial-Up Connections window, and right-click on the external connection that you want to edit.
b. Remove or disable the Client for Microsoft Networks component.
c. Remove or disable the File and Printer Sharing for Microsoft Networks component.
d. If you installed the Network Monitor Tools above and if your company security policy allows, add and enable the Network Monitor Driver component.
e. If the Internet Protocol (TCP/IP) component is not already present and enabled, add and enable it.
f. Disable NetBIOS over TCP/IP by clicking Internet Protocol (TCP/IP), pressing the Properties button, clicking the Advanced button to open the Advance TCP/IP Settings window, clicking the WINS tab, and then selecting the Disable NetBIOS over TCP/IP radio button.
g. Configure TCP/IP Filtering controls by clicking the Options tab, selecting TCP/IP Security, pressing the Properties button, and entering the following
settings:
h. Click OK to return to the Advanced TCP/IP Settings window.
i. Click the DNS tab and make any changes necessary to your network
Security
Click-check this box to configure all network interface cards on your network.
TCP Ports Click Permit Only and specify the following ports:
• 80 - Inbound Port 80 is used to transport HTTP-encapsulated SSTP messages from Groove clients when direct SSTP transmissions are blocked by firewalls. A corresponding outbound port is used to support Customer Support Notification (CSN). For information about CSN, see in “Customer Support Notification” Monitoring a Relay Server section of this guide.
• 2492 - Inbound port 2492 must be open to receive SSTP messages from Groove clients. A corresponding outbound port must be open to support single-hop fanout, where relay-to-relay communications takes place. For more information about single-hop fanout, see
“Fanout” in the Overview section of this guide.
• 443 - Inbound port 443 is used by Groove clients and relay servers to transport messages when SSTP transmissions over port 2492 are blocked by firewalls.
• 8009 (only if external access from the Enterprise Management Server is necessary) - Inbound port 8009 is used to support administration of the relay server by the Enterprise Management Server. You may want to secure this port by restricting it to a specific network interface card, as described later in these procedures (in the section “Binding the Administrative Listener Ports to Specific NICs”). If the relay server and EMS will not be communicating via the external interface, do not include this port in the list.
• 8010 (only if external access to the relay server administrative Web pages is necessary) - Inbound port 8010 is used to allow administrators to view Web pages that report relay server statistics and to allow other administrative tasks such as database purging.
You may want to secure this port as described for Port 8009.
UDP Ports Click Permit All.
IP Protocols Click Permit Only and specify the following protocols:
6 - Supports Transmission Control Protocol (TCP).
17 - Supports User Datagram Protocol (UDP), allowing user name-service access. This setting is required for the relay’s single-hop fanout and Customer Support Notification (CSN) features. In single-hop fanout, the relay responds to a UDP query from the sending client and fans out a message to its destination relays over the same random port chosen by the Groove client when initiating the send.
Note: If you need to block Internet Core Messaging Protocol (ICMP) traffic (to prevent external users from pinging your servers) along with TCP/IP filtering, you must configure IP packet filters through Routing and Remote Access. For more information IP about IP packet filters, refer to Microsoft documentation, available at http://
www.microsoft.com.
configuration.
j. Click the IP Settings tab and make any necessary changes.
k. Click OK until you return to the Network and Dial-Up Connections window.
6. Set the properties for each Windows Event Log (application, security, and system logs), by clicking Start --> Program Files --> Administrative Tools, and launching the Event Viewer applet, then selecting each log. To avoid loss of important event data, set properties for each log as shown:
Note: For maximum supportability of your server installation, be sure to complete the following steps for installing diagnostics symbols, debug tools, and user dump service.
7. If you are using a Windows 2000 server, install the Windows 2000 base symbols as follows:
a. Open a Web browser and go to http://www.microsoft.com/windows2000/
downloads/tools/symbols/default.asp and download the Win2k Base Symbols contained in the Customer Support Diagnostics package.
b. Follow the online instructions for downloading and installing the Customer Support Diagnostics package. Do not download the debug symbols which are only for the Windows 2000 checked build. The retail symbols are included in the default download of the Customer Support Diagnostics package.
c. Install the retail symbols into the default directory (usually \WINNT\symbols) Note: Make sure that you install the retail symbols. Do not install the debug
sym-bols which are specifically for Windows 2000 checked builds.
Note: Running a checked build of Windows 2000 is not recommended as it may greatly reduce your server's performance.
Note: Do not install the Debugging Tools. You will install the debugging tools from the Customer Support Diagnostics Service Pack Update for Service Pack 1 instead.
8. If you are using a Windows 2000 server, install the Windows 2000 symbols updates as follows:
a. From your Web browser, go to http://www.microsoft.com/windows2000/
downloads/servicepacks/default.asp and select the link corresponding to the service pack level that you intend to install. Service Pack 4 (or later) is recommended.
Windows Event Logs Properties
Application log Maximum log size: 32000 KB Overwrite events as needed
Security log Maximum log size: 32000 KB Overwrite events as needed
System log Maximum log size: 32000 KB
Overwrite events as needed
b. Scroll to the bottom of the Service Pack page and click on the Customer Support Diagnostics Update link.
c. Follow the instructions for downloading and installing the updated service pack symbols.
d. Install the symbols into the default directory (usually WINNT\symbols). You can safely install these symbols before installing the Win2k Service Pack itself.
e. Leave the browser window open to the Customer Support Diagnostics Update page (which you should have opened from your local hard drive if you followed the download instructions from the Microsoft web site). From this page you will download the updated Debugging Tools in the next step.
9. If you are using a Windows 2003 server, install Windows 2003 symbols, using the instructions provided at http://www.microsoft.com/whdc/devtools/debugging/
symbolpkg.mspx.
10. Install the most recent version of the User Dump utility, available from Microsoft as part of the Windows Support Tools package (also known as the OEM Support Tools package). The relay server invokes UserDump in the event of serious server malfunction. In addition, the relay server’s exception handler invokes this service when it detects an exception or access violation before the process exits. The resulting snapshot provides vital debugging information for Groove Support.
Install UserDump as follows:
a. Go the Microsoft Web site and download the following .zip file:
http://download.microsoft.com/download/win2000srv/Utility/3.0/NT45/EN-US/Oem3sr2.zip
b. Open StartHere.htm in your browser and scroll down to Section8:
Specifications.
c. Click the User Mode Process Dump link and follow the instructions in Section 6: Installation in the UserDump specification.
11. Install the latest Windows service/service pack as follows:
a. Go to http://www.microsoft.com/windows2000/downloads/servicepacks/
default.asp or http://www.microsoft.com/windowsserver2003/downloads/
servicepacks/default.mspx and select the link corresponding to the service pack level you intend to install.
b. Follow the online instructions for downloading and installing the service pack.
12. Install the latest Windows critical and security updates as follows:
a. Go to http://www.microsoft.com/windows2000/downloads/critical/default.asp or http://www.microsoft.com/windowsserver2003/downloads/updates/
default.mspx and select the updates that you intend to install.
b. Follow the online instructions for downloading and installing the updates.
13. Update the Windows registry to prevent operating system memory fragmentation during relay operation, by setting the following value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HeapDeCommitFreeBlockThreshold=dword:00040000
The value is in hex. After setting this value, restart the operating system for the changes to take effect. For more about this setting, see the Microsoft Knowledge Base Article 315407.
The machine is now ready for the relay server software installation.