I seem to be in a catch-22 here. I can't get 2006.2 to install and you're saying the solution is to enable impersonation. But I can't enable impersonation until the installation is complete, since I have to make changes in the webclient folder.
This is getting more confusing. Thanks, Ben ----- Original Message ----- From: Ted Nichols To: [email protected] Sent: Monday, March 19, 2007 1:44 PM Subject: Re: [IMail Forum] 2006.2 installation questions To enable impersonation, the web.conf ( located in the %imail%\webdir\webclient folder) file needs to be edited to allow for impersonation and for the ASPNET user to have system rights and not machine rights. <system.web> <------ After this line add the below lines: <identity impersonate="true" userName="domain\imailsql" password="password"/> Note: When you turn on impersonation, ASP.NET no longer runs as ASPNET or IWAM_<machinename> (which has permissions to the .NET temp folders) but as some other user which does not, by default, have permissions to the .NET temp folders. As a result, the new domain user (domain\IMAILSQL in this case) will need Full Control of the .NET Temp folder (usually C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files). These changes only apply for a 2000 machine, so if you do upgrade to 2003, these changes will nolonger apply This prceedure has not been updated in our documantation (we have the .NET 1.1 instructions, which have changed for .NET 2.0) Ted Nichols Ipswitch Messaging QA -----Original Message----- From: "Imail Admin" <[EMAIL PROTECTED]> Sent 3/19/2007 4:36:31 PM To: [email protected] Subject: Re: [IMail Forum] 2006.2 installation questions Thanks for the additional information. We're setting up 2006.2 on a Win2k Server, and it's running in a domain in AD in which the PDC is Win2k. You're point number 4 about impersonation is a good point. When I started the install, it gave me instructions about impersonation which were not very clear. I followed them as best I could, but I suspect now I did something wrong. Can you expand upon this point? Thanks, Ben ----- Original Message ----- From: Ted Nichols To: [email protected] Sent: Monday, March 19, 2007 7:08 AM Subject: Re: [IMail Forum] 2006.2 installation questions Regarding 2 and 3: Also note that even if your server is part of the domain if you are logged into the server as a local admin rather than a AD user, you will not be able to query AD and attempting to specifiy users will fail (this is something which could cause what you are seeing in 3) Some general guidlines about AD vs NT 1) AD is only an option if your IMail server is a member of an AD domain 2)NT is using depricated calls which are much slower than the AD. if your domain has fewer than 1000 users, the delay is not too bad, but more than 2000 or so becomes unmanagable. 3)in 2006.2 Your IMail server doesn't have to be a domain controller to use AD. We are using ADSI to connect, and as long as you are on the domain, and running in the context of a domain user, you will be fine. 4)IIS 5.0 and 6.0 (windows 2000 vs. 2003) act differently with respect to .NET. 2003 uses the NETWORK SERVICE user for ASP.NET. Windows 2000 does not. If your PDC emulator DC (by default the server on which the AD domain was created) is 2003 then NETWORK SERVICE is a "well known SID" ( in AD if you turn on the advanced view, look under ForeignSecurityPrincipals) and exists in active directory. If your PDC emulator is 2000 it does not exist so IIS will typically use the IWAM user for ASP.NET. This is a local user unless the IMail server is a DC. In this case, you will need to use impersonation. So if IMail is on a 2000 server in an Active direcotry setting, to use AD as you database, you will need to use impersonation. (Typically this involves editing the machine.config). If your PDC emulator is 2000 and you are installing on a 2003 server, there is also a problem in that AD will not rocognize NETWORK SERVICE. http://support.microsoft.com/kb/827016/en-us is a link to a microsoft article which will help in this case. Ted Nichols Ipswitch Messaging QA -----Original Message----- From: "Imail Admin" <[EMAIL PROTECTED]> Sent 3/18/2007 9:36:57 PM To: [email protected] Subject: Re: [IMail Forum] 2006.2 installation questions OK, I'm satisfied with my first two questions, but I still have a problem with #3. I keep giving it existing legitimate user names with Admin authority, and the installation program keeps rejecting them. Someone else mentioned running into this problem; anyone know a solution? Thanks, Ben ----- Original Message ----- From: Bonno Bloksma To: [email protected] Sent: Saturday, March 17, 2007 1:18 PM Subject: Re: [IMail Forum] 2006.2 installation questions Hi, 1) I did the default install to C:\IMail with a domain I will not use. Declude had problems with the Default IMail directory. 2) After the initial install you can add any domain you want with the files for that domain at any location we want. I have two other domains on the server which we DO use and the root for those domains are D:\IMail_Domains\<domain_name> 3) The user specified here is created as the first "user" and will get administrator priviliges within IMail. After you start the webadmin interface and log in with that user you can do most anything. However, as soon as you access the services tab you need to provide the credentials for a user with admin privilegs on the machine running the services. Normal rules for Windows auto login exist, so you may not have to provide these credentials. Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hotelmanagement en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl ----- Original Message ----- From: Imail Admin To: [email protected] Sent: Saturday, March 17, 2007 12:45 AM Subject: [IMail Forum] 2006.2 installation questions Hi, I'm feeling sort of stupid, but I'm having a tough time going through the basic decisions for installing 2006.2. We're upgrading from 7.15, which means it's been a long time since I've had to install IMail. The challenge here is that we are installing to a new machine (fresh install), with the idea that we'll move the domains and mailboxes over afterwards. So the install process keeps asking me questions, and I'm not sure of the differences from the old versions of IMail, and I can't find any answers in the Getting Started Guide or the Ipswitch website. Here are the questions I couldn't decide on: 1. Installation path. In the old installation, IMail went into a folder D:\IMail (which, may have been an upgrade from 4.x or 3.x) and all of the domains went under that folder. In the new 2006.2 installation, it wants to install in the more normal \program files\Ipswitch\messaging folder. I don't care if the program files go there, but I like the idea of keeping the domains and mailboxes in the \IMail folder. So do I just tell it to install to the default location, figuring that I'll be able to change the domain and mailbox locations later? Or do I tell it to install to \Imail? (Just for reference, this is all on the D: drive.) (For now, I've chosen D:\IMail) 2. User database. In the old 7.15 installation, we had one real domain, based on our NT user accounts, and then we had various virtual domains that used the IMail internal (registry) database. In the new installation, when I chose NT user accounts, it warned me against that (due to performance issues). Instead, it recommend using the Active Directory accounts. So I chose that, but am I correct in assuming that I will still be able to add virtual domains later that use the internal registry database? And what is the real difference (from an IMail administrator's point of view) between using the AD and the NT User accounts? Once I chose the AD user accounts, it gives me a long list of instructions about an account to be configured with the Framework 1.4. Among other things, it wanted me to setup impersonation but was really ambiguous on how to do that. I made my best guess, but more information would have been helpful. 3. Administrator account for web services. It asks for a pre-existing admin account to access administrative web services. I tried one of the AD administrator accounts (which doesn't seem appropriate anyway) and it said the account doesn't exist. I tried a local admin account (this server is a member server and not a controller on the domain) and it said that doesn't exist. In fact, I have yet to find an account that it will accept and this is where I am currently stuck. It would have been nice if there had been some documentation on the setup choices, but, lacking that, I'm hoping someone here can help. Thanks, Ben BC Web
