Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How-to move ISA server 2004 to a new server

Posted on 2006-03-29
Medium Priority
Last Modified: 2013-11-16
We've been having hardware difficulties with our existing ISA 2004 server.  It's installed on Windows 2003 server.  The decision has been made to purchase a new HP branded Windows 2003 server with ISA pre-installed.  We want to move the existing server / ISA config to the new hardware as seamlessly as possible.  We've got the new hardware in hand, but are a little short on documentation as to how to perform this procedure.  Since the current ISA server handles all Internet traffic for 14 office locations and VPNs from several offices, we'd like to pre-configure the new server off-line as much as possible before we attempt the actual install.  Naturally, we want to configure the new server with the same IP config, same server name, same routing info, etc.  What little procedure we've been able to develop so far is as follows:

ISA server move:
- extract all config info from current server ( OS, routing, VPN, ISA, surfcontrol, etc. ).  Disk cfg is c:=10GB, D:=26GB, mirrored.
- gather all required software CDs, license info
- setup new server off-line - Apply SPs to OS, install required services ( i.e. Term serv, etc )
- Harden server 2003 OS.
- apply patches, set interfaces to internal / external with exact IP addresses from previous ISA server.  Physically identify which interface is int / ext for connection purposes.
- install Surf-control

Saturday – live migration:
-      remove current server from Domain, remove server/computer object, disconnect from network
-      Force AD policy sync ???
-      Move Digi board to new server. Install drvrs.
-      Connect new server to network, add to domain with same computer name, IP config, routing
-      setup RRAS from prev config info.
-      Setup TS from prev cfg info.
-      load exported config file backup for ISA, surfcontrol
-      set auto updates to dload, but not auto install.

Naturally, these are the broad strokes.  We need some help with the sequence of tasks as well as task details.  If anyone can help us fill in the blanks or refer us to detailed docuemntation for this procedure, it would be most appreciated.

Thanks, Bob
Question by:ramc621
  • 2
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16327149
Sounds cool. Don't forget antivirus etc.

I would remove the existing server on the Friday night so AD will have already replicated and be clean ready for the addition on the Saturday but that is just personal methods rather than a requirement.

You may want to review your cache settings if the drive sizes are going to be different.
If you are already on ISA2004 sp2 then fine. If not, make sure you restore the ISA config at the same patch level as you are on now and then apply the ISA service packs etc afterwards.

making a note of speed/duplex settings on the network cards won't hurt either.

In addition, i would not harden the OS until after I had ISA configured and up and running; again personal choice but I have had an occasional hiccup with the hardened OS not allowing certain config changes (restores) as the OS no longer allows that scenario.

Apart from that, you have it covered as far as I can see.


Author Comment

ID: 16510297
Let's not close that just yet.  We've been busy with other pressing issues and this operation was put on a temporary hold.
We have attempted to restore the backed up ISA config file from the current server to the new HP ISA appliance and it errors out each time with a message " import failed: the name already exists".
The first thing we did was add the new ISA server to the domain. We set up a different IP adrs for the internal interface since the current server is still in production.  The internal i nterface is connected to the network, but not the external.  We then configured the external interf with the exact settings as the current server.
We manipulated the XML backup file by replacing the name of the current server with the name of the new server.  

ANy ideas?

LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 16510579
This is a different ballgame. The export will hold all of the info including names of the ISA servers and ID's. You cannot just edit the XML file alone. It is detecting (I believe) the original ISA server.
Have you tried doing this off the network and then importing the file?

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question