Contensive Installation and Setup

From Contensive Wiki
Revision as of 21:25, 5 November 2016 by Admin (Talk | contribs)

Jump to: navigation, search

Non-Amazon Server

This instruction prepares a Windows Server 2008 R2 for Contensive 4.1.636.

  1. Establish a domain name for the server unrelated to the possible website.
  2. Windows Web Server 2008 R2-64
  3. Install the latest Windows Updates$
  4. Setup external firewall
    • 80
    • 21
    • 443
    • 3389 allow during setup, then disable after RDP 5901 setup in registry
    • 5900 for Contensive Monitor
    • 5901, for remote desktop, point-to-point if possible to
    • ICMP
  5. reverse map the server’s domain to the primary IP address
  6. Disable User Access Control
    • Control Panel > users > Left Pane
    • Set the warnings all the way off
  7. Create accounts
    • Administrative tools > Computer Management > Local User and Groups
      • If you have an external firewall, leave the administrator account and save it for emergencies, else disable it
      • Create a user admin account (not administrator), password never expires
      • Create a user for contensive, un:contensive, password never expires
  8. Windows Firewall. If you access the server remotely, we recommend you use an external firewall and disable the windows firewall to descrease the possibility of losing access to your machine.
    • Administrative Tools > Windows Firewall > Inbound Rules
    • World Wide Web Services, ports 80 + 443, allow
    • Remote Desktop + Remote DesktopFX, 3389. allow. If server access is limited to only a remote connection, leave this open. If you direct access to the machine, limit 3389 to your local IP(s)
    • add rule for Contensive Monitor, 5900, allow
    • add rule for Remote Desktop, 5901, allow
    • ICMPv4 (ping), allow
  9. Networking
    • Control Panel, set small icons, Network and Sharing Center
    • Local Area Connection > Properties > dbl click IP4
    • Verify all IP addresses are entered with mask, gateway and DNS. If no DNS available, use Google's 8.8.8.8, 8.8.4.4
  10. Local Security Policy
    • Administrative Tools > Local Security Policy > LocalPolicies
    • Local Policies > User Rights Assignment > Allow login through remote desktop
    • + Administrators
    • Security Options > “interactive Login: do not display last user name”=enable
    • Account policies > Account Lockout Policy
    • 3 invalid attempts
    • 3 minute lockout
  11. Remote Desktop Change Port (optional to increase security if you only have remote server access and no external firewall)
    • Regedit
    • HLM > System > Current Control Set > Control > Terminal Server > Winstations > RDP_TCP > PortNumber, set to 5901.
  12. Install IIS
    • Server manager → Roles → Install WebServer IIS
    • Administrative Tools > Server Manager > Root screen
    • Configure IE ESC > Turn off
    • Check “Do not show me this consol at login”
    • Add Roles and Features
    • Administrative Tools > Server Manager > Roles > Add Role Services
    • Check ASP.NET, agree to add required roles
    • Check ASP
    • Check CGI
    • Security, Basic Authentication
    • Management Tools, IIS 6 management compatibility
    • Administrative Tools > Server Manager > Features
    • Check SMTP Server, agree to add required roles
  13. Windows Settings
    • Set timezone (typically for your customer's timezone)
    • Turn on Automatic Windows Updates
  14. Create Working Folders and permission
    • set administrators full control for hosts files
    • D:\Archive
    • D:\InetPub
      • users: full control
    • D:\Db
      • users: full control
    • D:\DbBackup
    • users: full control
    • C:\windows\temp
      • users: list + read
      • IIS_User: List + read
  15. Create Folder on Desktop for frequent shortcuts
    • ODBC32 - Windows\sysWow64\odbcad32.exe
    • dcomcnfg shortcut
    • IIS shortcut
    • Services shortcut
  16. Software Installation
    • Microsoft Web platform Installer
      • PHP Manager
      • PHP 5.5.11 (previously 5.3.5)
    • Firefox or Chrome
    • Optional backup provider like Carbonite. Backup stores:
      • \DbBackup (daily database backup files)
      • \inetpub (content files, wwwRoot for each site)
      • \program files (x86)\kma\contensive\config (server configuration)
      • \program files (x86)\kma\contensive\addons (addons used by all sites)
    • Sql Server 2008 R2 SP2. If Db size anticipated under 20G use Express Edition. Over 20G requires Web Edition
      • Google search, “Microsoft® SQL Server® 2008 R2 SP2 - Express Edition”
      • for 32-bit machines - use x86
      • for 64-bit machines - use x64
      • Install instance features, but check Default Instance during install
      • Account provisioning: mixed mode authentication
      • Set sa password
    • 7Zip, 64 bit windows version
    • Contensive, get latest version at http://clib.io
  1. Set Dcom permissions for Contensive
    • run "DComCnfg/32 - MMC comexp.msc /32" then add
    • Then open fdcomcnfg and locate cckrnl.exe
    • Right click, click permissions, set everyone/all for all three sections
    • identity, contensive/-pw-
    • if ccKrnl does not show in dcomcnfg (make sure you are in the 32-bit view MMC comexp.msc /32), run 2 registry files found in the folder for this document (ccKrnl.reg, ccKrnl2.reg)(Note: on 64bit machines this has to run: at the command Line run “MMC comexp.msc /32”)
  2. Folder Permissions
    • kma/contensive - user/all
  3. Run configWizard
  4. Server Service, verify it starts OK
  5. Run Application Manager
  6. Verify attach to local server
  7. Add Root Site, named for the server’s domain (s00.kma.net)
  8. Change Contensive config (MonitorConfig.txt) to use port 5900 for monitor, restart Contensive Monitor service
  9. Setup backup tools
    • If you need a Sql Server backup script, download kmaBackupTools.zip, unzip and create a scheduled task for backupSql.cmd. It backups all Sql Server catalogs to a file in d:\DbBackup
      • Verify the d:\DbBackup folder matches in the Sql file
      • Verify the source programs files are correct in the cmd file
      • Run a test of the cmd file
      • Setup a scheduled task to run it routinely (we typically run everyday at 8pm,)
  10. IIS PHP Manager
    • Open from root of IIS Manager
    • Enable php_com_dotnet extension
    • Add max_input_vars 2000
    • upload_max_filesize = 50M
    • post_max_size = 50M
  11. IIS Manager
    • Application Pools > set applicaiton pool default
    • Enable 32-bit = true
    • Recycling
      • Private Limit = 40,000
      • Virtual Limit = 200,000
      • Requests = 100
    • Click on top node, set default in right-hand pane
      • ASP
      • Max Requesting Entity Body Limit = 10M
      • Session Properties, Enable Session State = false
      • Default Document list, only
        • Index.php
        • index.asp
      • Error Pages
        • Edit feature settings - custom error pages
        • 404 set to /index.php (for each site)
  12. Setup SMTP
    • Start IIS6 Manager
    • go to SMTP Virtual Server 1, properties
    • Leave IP set to all unassigned
    • go to Access Tab
    • Connect - grant only 127.0.0.1
    • Relay Restrictions - grant only 127.0.0.1
    • go to Delivery Tab, click advanced
    • Set masquerade to server name i.e. s13.kma.net
    • set FQN to server name i.e. s13.kma.net
    • Domain node under Virtual Server, rename to this server's domain
  13. Run windows Updates
    • auto install at 3am (while v42 does not start correctly, set to manual install)
  14. Services
    • administrative Tools → Services
    • SMTP - Start and set to automatic
    • Contensive Monitor - Start and set to automatic
    • Contensive Server - Start and set to automatic
    • IIS Admin Services - Start and set to automatic
    • SQL Server - Start and set to automatic
Retrieved from "http://wiki.kmacloud.net/index.php?title=Contensive_Installation_and_Setup&oldid=2816"