How-to move ISA server 2004 to a new server

Posted on 2006-03-29
Last Modified: 2013-11-16
We've been having hardware difficulties with our existing ISA 2004 server.  It's installed on Windows 2003 server.  The decision has been made to purchase a new HP branded Windows 2003 server with ISA pre-installed.  We want to move the existing server / ISA config to the new hardware as seamlessly as possible.  We've got the new hardware in hand, but are a little short on documentation as to how to perform this procedure.  Since the current ISA server handles all Internet traffic for 14 office locations and VPNs from several offices, we'd like to pre-configure the new server off-line as much as possible before we attempt the actual install.  Naturally, we want to configure the new server with the same IP config, same server name, same routing info, etc.  What little procedure we've been able to develop so far is as follows:

ISA server move:
- extract all config info from current server ( OS, routing, VPN, ISA, surfcontrol, etc. ).  Disk cfg is c:=10GB, D:=26GB, mirrored.
- gather all required software CDs, license info
- setup new server off-line - Apply SPs to OS, install required services ( i.e. Term serv, etc )
- Harden server 2003 OS.
- apply patches, set interfaces to internal / external with exact IP addresses from previous ISA server.  Physically identify which interface is int / ext for connection purposes.
- install Surf-control

Saturday – live migration:
-      remove current server from Domain, remove server/computer object, disconnect from network
-      Force AD policy sync ???
-      Move Digi board to new server. Install drvrs.
-      Connect new server to network, add to domain with same computer name, IP config, routing
-      setup RRAS from prev config info.
-      Setup TS from prev cfg info.
-      load exported config file backup for ISA, surfcontrol
-      set auto updates to dload, but not auto install.

Naturally, these are the broad strokes.  We need some help with the sequence of tasks as well as task details.  If anyone can help us fill in the blanks or refer us to detailed docuemntation for this procedure, it would be most appreciated.

Thanks, Bob
Question by:ramc621
    LVL 51

    Expert Comment

    by:Keith Alabaster
    Sounds cool. Don't forget antivirus etc.

    I would remove the existing server on the Friday night so AD will have already replicated and be clean ready for the addition on the Saturday but that is just personal methods rather than a requirement.

    You may want to review your cache settings if the drive sizes are going to be different.
    If you are already on ISA2004 sp2 then fine. If not, make sure you restore the ISA config at the same patch level as you are on now and then apply the ISA service packs etc afterwards.

    making a note of speed/duplex settings on the network cards won't hurt either.

    In addition, i would not harden the OS until after I had ISA configured and up and running; again personal choice but I have had an occasional hiccup with the hardened OS not allowing certain config changes (restores) as the OS no longer allows that scenario.

    Apart from that, you have it covered as far as I can see.


    Author Comment

    Let's not close that just yet.  We've been busy with other pressing issues and this operation was put on a temporary hold.
    We have attempted to restore the backed up ISA config file from the current server to the new HP ISA appliance and it errors out each time with a message " import failed: the name already exists".
    The first thing we did was add the new ISA server to the domain. We set up a different IP adrs for the internal interface since the current server is still in production.  The internal i nterface is connected to the network, but not the external.  We then configured the external interf with the exact settings as the current server.
    We manipulated the XML backup file by replacing the name of the current server with the name of the new server.  

    ANy ideas?

    LVL 51

    Accepted Solution

    This is a different ballgame. The export will hold all of the info including names of the ISA servers and ID's. You cannot just edit the XML file alone. It is detecting (I believe) the original ISA server.
    Have you tried doing this off the network and then importing the file?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now