One of the features that IAG 2007 offers is the capability to allow access to internal shares in a secure and easy manner. A corporate user in the office is able to browse the network neighborhood to access shares. Sometimes, users need to do the same task but remotely and it is within this scenario that IAG 2007 differentiates itself from others. The File Access feature allows you to configure the servers that remote clients can use to access shares and files over the web through the portal.
You might be asking: how this series of posts differentiates itself from the IAG User Guide?
Although the IAG User Guide is very complete in most tasks that we have on IAG, we have received lots of feedbacks about customer ready documentation. In other words: the public uses the IAG 2007 User Guide as their main reference, but they also need separate guides for some tasks with more details on the troubleshooting side for that feature.
This post will be presented in two parts:
· The first one will cover the requirements, caveats and configuration
· The second part will cover troubleshooting steps to narrow down the problem and help to find the solution.
For the purpose of this guide, IAG 2007 is member of the domain CONTOSO. There is an ISA Server 2006 in the edge publishing the portal using HTTPS.
3. Before You Begin
Before you begin it is important to emphasize some key points that you need to address before start the configuration:
· File Access is dependent on Computer Browser therefore it is recommended that you have a good understanding of the requirements for this feature to work properly on the platform side. For more information on this, read the How Computer Browser Service Works paper from Microsoft TechNet.
· The above statement means that if the Windows Server that IAG 2007 is installed, can’t browse the network neighborhood through Windows Explorer, IAG also will not able to do it. Therefore it is recommended to work on this side, make it work smoothly before start to configure IAG .
· If you have a firewall in between IAG 2007 and the Internal Network, make sure to allow the Computer Browser ports to pass through. For more info on these ports check the session Computer Browser on the Service overview and network port requirements for the Windows Server system article at Microsoft Help and Support.
· Review the requirements for joining an IAG 2007 to the Windows Domain (pages 215 to 217 of the IAG User Guide).
If you are compliant with all those points, them it is time to move on and configure the File Access feature.
4. Configuring File Access
Open IAG 2007 Configuration console and follow the steps below:
1) On the main menu, click in Admin and then File Access.
Figure 1 – Accessing File Access.
2) The following warning message will appear if you are configuring this feature for the first time:
Figure 2 –File Access warning about the NetBIOS requirement.
3) Click OK and the File Access window will appear, but right after that it also prompts you for authentication. Here you need to type a domain credential for a user that has permission to browse through the network and access those shares. You should use an account with Domain Admins privileges at least for this configuration phase.
4) The File Access window will appear and might not initially populate the right pane; however this could be due the browse delay. Here what it is really important to be sure is that you wait until the status bar shows as Ready. Do not click in other parts of the window if the status bar is saying Busy, wait until all the components are loaded.
Figure 3 –File Access window, attention on the status bar where it says Ready.
5) Select the domain, in this case CONTOSO and click in Apply. Wait until the status bar says Ready and click in Servers in the left pane.
Figure 4 – Server’s selection.
6) Click in Refresh and wait. This can take really long if your domain has lots of servers. A good test to do before start the configuration is see how long it takes to browse the servers for this domain using Windows Explorer.
7) Select the Server that you want to access the shares and click in Apply, wait until is ready and click in Shares in the left pane.
8) Notice that in the top right side, where it says Select Domain to Refresh, you now have the domain\server. What you need to do to show the shares is click in Refresh and wait until it shows up.
9) When the shares appear, select each shared folder that you want to make it available to the user through the portal and click in Apply.
Figure 5 – Selecting the shares.
10) Click in Close.
After enabling the File Access feature you now need to publish it through the portal, to do that follow the steps below:
1) In the Applications Pane, click in Add.
2) Select the first built in service which is File Access and click in Finish.
3) Click in File and Activate (or CTRL + G).
4) Type your password and activate.
5. Testing the Access
Now that this feature is enabled on the IAG, let’s see how it will be presented to the final user. First thing to remember is that the endpoint computer needs to be compliant with the policy to be able to access this feature. Here it is the screen that will appear on the client side when it tries to access this feature:
Figure 6 – File Share in the User’s perspective.
Next session you will learn tools and techniques to troubleshoot File Access on IAG 2007.
Security Support Engineer – ISA/IAG Team
Microsoft – TX
Security Support Engineer – IAG Team
Microsoft – WA