1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

M$ ISA server & boinc

Discussion in 'TOSAH Archive' started by MGP, 24 Oct 2004.

  1. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Hi all, been lurking in the shadows for some time, now to get off my backside and join the action.

    I have a number of Win XP Pro based computers that can be set running boinc, but they are networked with the internet connection via M$ ISA server 2000. Both PCs and server are fully patched.

    I cannot get boinc to run. The client starts but the attach to project routine fails with messages that it cannot connect. All PCs have access to the internet, and I'm running boinc with full admin rights. The problem must be with ISA server, but I can't see how to get round that.

    I was able to run seti@home classic using setiqueue on the server with the PCs connecting to the setiqueue. No setiqueue equivalent doesn't help here. I've looked at the proxy settings in the boinc client, and that don't work either.

    The PCs all I have admin rights to the entire network so within reason (it's an office) I can make changes, provided the business don't fall over.

    Any one got any ideas please?
     
  2. Berserker

    Man of Honour

    Joined: 4 Nov 2002

    Posts: 15,443

    Location: West Berkshire

    ISA server has a proxy - are you using that, and is it password protected? Lots of things have trouble getting through the ISA server proxy.

    Worst case scenario is you set up Apache on the server, configure it as a reverse proxy, and point BOINC at it. I have a reverse proxy up and running now for SETI Classic, but it works equally well with BOINC.
     
  3. GeoffreyCole

    Associate

    Joined: 22 Oct 2004

    Posts: 46

    Location: Newcastle UK

    ISA Server

    Yep. You have to tell Bonic were the Proxy is and use your user account and password in the Bonic Proxy Settings.

    I run Bonic through a ISA Proxy at work and it runs fine.
     
  4. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    Welcome to the forum MGP and Geoffrey Cole :cool:

    I had this problem too, and posted on the main setiathome site, and this was the outcome

    It works a treat for me.

    Somewhere I have some more detailed instructions including how to set the whole thing up as a service so it starts automagically ;)

    I think it is at work so you will have to wait until tomorrow for more details.

    Dunc
     
  5. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Thanks for the replys and welcome guys.

    The simple approach of using the boinc GUI proxy settings, pointing at the server (using name or IP) port 8080 (http) or 1080 (sock) gets nowhere, with or without user names. HTTP drops immediately, SOCKs drops after a few minutes.

    Each computer runs the ISA firewall client, whcih is poiinted at the server. IE connects correctly, it's just boinc that cannot.

    ISA server 2000 is running as part of M$ small business server 2000. I expect therefore that it is setup as both a firewall and proxy. It's not something I've made any changes to, out of the box, so it shuld be a standard SBS2000 configuration.

    Berserker: Regarding running a reverse proxy, I'm not quite sure what that is. Yes I've heard of Apache. Presumably it installs on the server, and is pointed at the ISA server configuration?

    Dunc: Presumably your APS / Python option is actually running on each computer that runs boinc, rather than a sole copy running on the server alongside ISA?

    Whilst I'm happy to add stuff into the network, I do need to be careful that the necessary security provided by ISA doesn't get bypassed by new software both from external attacks, but also users internally. Presumably I won't be opening up any serious holes?
     
    Last edited: 24 Oct 2004
  6. Berserker

    Man of Honour

    Joined: 4 Nov 2002

    Posts: 15,443

    Location: West Berkshire

    APS would be my first choice then. I haven't yet seen anything to suggest it won't run on a single PC with other PCs configured to use it as a proxy.
     
  7. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    You only need to load it on 1 PC (I have it loaded on my desktop). Obviuosly you point the APS at your isa server by supplying it with the correct domain user and password. The you point your boinc clients at the machine running the APS proxy by entering the ip or host name, and the correct portin the proxy settings. The APS basically act as a tunnel almost I guess.

    I actually have boinc loaded on the server, and it proxies to my desktop, and then back out through the ISA!!

    This is aslo useful for other programs that have trouble getting throguh ISA (NTLM Authorisation). For example we run Adaware which will not update due to the proxy. By pointing them at the APS proxy they get through too.

    I hope this helps

    :)

    Dunc
     
  8. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Cheers chaps, time to have a fiddle with my network :)
     
  9. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Excellent, tests show the APS/Python stuff works :D Once again thanks for the guidance.

    Even better it does so with the APS loaded on the server itself, which is great 'cos I can't guarantee that any other PC won't be "not on" although they usually are.

    All I have to do now is to assimilate all the networked PCs, and hide my trakcs by running stuff as a service. Any tips on that for the APS/Python stuff will be appreciated.
     
  10. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    Glad to hear that you are making progress :D

    I have some instructions with links to downloads to set up as a service. I will e-mail to you if you like. They may take some tweaking for your particular system tho.

    I checked and you don't have your trust configured so was unable to locate your e-mail address.

    my e-mail is duncan at susannah.co.uk drop me a line, or post your e-mail and I will send it to you :)

    Dunc
     
  11. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Ah thanks. I avoid enabling email via forum profiles, as I've been spammed that way in the past.

    It's boinc.r.cullen at ntlworld.com
     
  12. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    Sent :)

    Dunc
     
  13. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Got it thanks.
     
  14. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Hmm, having a few issues once I try to get things running in service modes.

    The Boinc client seems to be OK while running it in the GUI mode (no screensaver), connecting to the APS also running manually (using the runserver.bat, having also started python command line).

    Does the APS thing once setup as a service, also need Python to be running, or does APS start or call on python as needed? Python is of course installed as per the instructions, but there is nothing in those instructions saying it hs to be run???

    Also when I setup boinc in service mode, should it run as local system (which then wouldn't have access rights over the network to be able to speak to APS), as a user with appropriate rights, or as a Network Service?

    It doesn't help that at the moment I can't see what the boinc clients are up to once in service mode, as I can't seem to get boincview to run over the network, despite using accounts with full admins rights. Keeps saying that I haven't set a location, despite that being exactly what I'm trying to do, File access or GUI RPC.

    Oh it was all so simple (almost) with seti classic.
     
  15. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    APS will start python as needed. I have checked my processes and 'python.exe' is running.

    The Boinc.cli should be run as 'local system account' with 'interact with desktop' deselected.

    For some reason I cannot view my computers accross the network with the 'gui rpc' in boincview. I have to use the the file access. I think that ISA is blocking the port 31416. I have been twiddling to try an get it to work with no success so far (haven't been trying too hard :p ) Some PC do work with gui rpc, 90% don't :confused:

    To access the files you need to add the location in the following format
    '\\computer name or IP\c$\Program Files\Boinc' or point to wherever you installed Boinc. This works for me :)

    Dunc
     
  16. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Thanks dunc. I think that the Boinc client is now running OK, Oddly it didn't want to run as local system, just crashed, but allowing it to run under the Administrator user name seems to be working. Just got to wait for a few WUs to get done to prove that.

    I think my boincview problems in aprt may relate to a wierd DNS type issue. For some reason, when I'm using WIn XPs remote desktop connection, I might log on to a machine called say "penguin", and in fact i'll be looking at a machine called "puffin" (all my offices PCs are named as birds for some weird reason). Only the server name seems unaffected by this oddity, perhaps as that has a fixed rather than dynamic network IP.

    My big difficulty now is with APS. It runs OK when the batch file "runserver.bat" is started from a command line, and the command box is then left running minimised. It does not appear to run OK (certainly boinc cleints cannot get a connection), when set up as a service. The service says it has started, but nothing connects (I'm trying the boinc gui to proove this). I've tried the APS service in both local user or administratro users, to no avail. It's running on a server with Windows 2000, and I've used the default C:\python23 arrangement. I'm wondering if there is any issue with the version of APS, that isn't compiling properly to the service, althouhg I downloaded the latest one?
     
  17. Berserker

    Man of Honour

    Joined: 4 Nov 2002

    Posts: 15,443

    Location: West Berkshire

    Do you have a WINS server configured? WINS works better with Microsoft networks than DNS does.
     
  18. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Yep Wins is running (small business server 2000 system, mostly default settings, and standard install wizard configuration).
     
  19. dunc

    Mobster

    Joined: 23 Oct 2003

    Posts: 2,755

    Location: Selma, Alabama

    Can you put the proxy setting into IE and browse the web?

    Also if you open a dos box and type 'net start aps' what message do you get?

    Dunc
     
  20. MGP

    Mobster

    Joined: 24 Oct 2004

    Posts: 2,576

    Location: Surrey

    Dunc: With the APS service only running:

    IE when set to the APS port, can't connect. (it will connect if I've run from the command line)

    Net start aps give a message that the service is already started.

    You say that APS will start python.exe as needed. I cannot see Python in processes.

    The only way I seem to get aps to run using the command line is first to cd to the directory C:\python23\aps, before running the runserver.bat file. The command line window has to remain open (minimised is OK). I'm wondering if the conversion to service routine hasn't picked up something essential from the aps directory?

    NB I've now tried installing on another PC running Windows XP, with the same result. Works OK run from command line, but not as a service.

    Thanks for your patience :)
     
    Last edited: 26 Oct 2004