Contents
Home
IASTools
RRASTools
Contacts
|
IASTools FAQ
Q. What operating system can the IASTools (State Server) run on?
A. Windows NT 4 workstation or better. The client software must be installed
on a Windows 2000 Server (IAS only comes with Windows 2000 Server) or NT 4
with IAS/c.
Q. Can I run the client on an NT 4 server with IAS installed?
A. Yes. The client can plug into either IAS for Windows 2000 or IAS/c for Windows NT 4.
IAS/c is available from the Microsoft site free of charge and is an upgrade
for IAS this can be found on the 'Option Pack'. The IP-Pool feature can not function
on IAS/c. This is due to a limitation of IAS/c and IASTools.
Q. How many IAS Servers can IASTools support?
A. Licenses for IASTools
are sold on a per IAS server basis. While running in Trial Mode (first 30 days) up to
255 IAS servers are supported. Once licenses have been purchased IASTools will
permit as many IAS servers as the license permits.
Q. I have been unable to get the IP-Pools function to operate.
A. Never make the assumption that any of the features are not functioning with the first
dial-in. The reason for this is that it may take the State Server longer than the
time-out parameter permits to locate the server for the domain. Once the server is
located, it is cached making subsequent tests pass. This will only occur on the first
query to the domain or if IASTools has to locate another Domain Controller in the
event the first goes down. If IP-Pools are not functioning after the first dial-in then
check your IAS settings. The profile used must have 'IP Address Assignment Policy' set to
'Server setting define policy'. Remember that clients installed on NT 4 can not make
use of IP-Pools.
Q. Does IASTools support redundancy?
A. IASTools supports multiple IAS servers and multiple domain controllers. The state is
stored in memory and therefore there can not be a redundant State Server. This offers
maximum performance, but if the State Server is down, no other server can take its place.
The design of the State Server does however permit operation of IAS even if the State
Server is not functioning. The components will not be applied but operation of the
dial-in service will still function. This offers a functioning fall over state. Once
the State Server becomes available it's state will not match that of the NAS boxes.
The State Server will 'heal' itself over time, eventually matching the state of the NAS boxes.
The length of time it takes to reach the true state of the NAS boxes will depend on
the length of time your customers stay connected, usually a few hours.
Q. What happens when the State Server is restarted?
A. The State Server always starts from a clean slate, i.e. all ports are not in use on all
NAS boxes (the NAS boxes may infact have users attached, but the State Server will not
be aware of this). It would require all existing logged on users (when the service is started)
to disconnect before the state will accurately resemble that of the NAS boxes.
Q. How may authentications per second can I expect from the product?
A. The flexibility of the product does not permit for a simple answer.
Depending on whether logging is on and how the network is deployed effects
the performance of the State Server. With good hardware IASTools can exceed 500
authentications per second without logging. To reach this on a dispersed network
(separate NAS boxes, domain controllers and IAS servers) more than one IAS server will be required. The
more IAS servers the greater the number of authentications that can be performed. The
choice of database, used for logging, also has an effect on performance. Using MS
Access, for instance, will permit far fewer authentications than if MS SQL was used. The
client software comes with a program called SSTune. This program has a test option
that will indicate how many authentications each IAS server can perform. This gives
the administrator the opportunity to test the configuration and make alterations
if better performance is required.
Q. What error does the user get if a violation occurs?
A. The user is presented with the logon username, password and domain box. If their
username and password does not permit access then either one of the IASTools rules
are being violated, or the username and password is not present on the domain controller
with sufficient rights to logon.
Q. I have made changes to the setup using 'IASTools' but the changes have not taken
effect.
A. Any changes requires the 'StateServer' service be restarted for the changes to take effect.
This applies to SSTune as well. If the parameters in SSTune have changed the changes
will only take effect when the IAS Service has restarted. When users are added to groups
with components bound, the feature will immediately be bound to the user (i.e. does not
require the service to be restarted). This means that only the initial configuration of the
components will require a service restart.
Q. I get the following errors in the 'Event Log', 'The Internet Authentication
service terminated with the following error: The data is invalid.'
A. The SSAuth.dll file is not where it is supposed to be. Ensure that this file is in
the same directory as SSTune.
Q. No matter what I do I keep getting time-outs.
A. During testing some time-outs must be expected, usually when the test starts. This is
due to the State Server being suddenly put under full pressure. In the real world
the State Server will very seldom be launched into full load, usually the load will
build up. Once the test has started give it a few seconds and then watch for increasing
time-outs. Once running a slight increase in time-outs is also normal but steadily
increasing time-outs indicate a configuration problem. Start by checking the IP address
and port in SSTune and confirm the correct location of the State Server. Try and ping the
IP address of the State Server. If ping times-out SSTune will also time-out. If the ping functions then check
the port and secret password on the State Server is the same as that specified in SSTune. Try turning the logging
off. If the ODBC datasource is not set up correctly then time-outs may occur. If
time-outs stop when logging is stopped then there is something wrong with the ODBC
datasource or database. If logging is enabled and the database or datasource are not set up
correctly time-outs will occur.
Copyright © 2004 Software Lab. All rights reserved.
|
|
