We help IT Professionals succeed at work.

How-to move ISA server 2004 to a new server

Medium Priority
Last Modified: 2013-11-16
We've been having hardware difficulties with our existing ISA 2004 server.  It's installed on Windows 2003 server.  The decision has been made to purchase a new HP branded Windows 2003 server with ISA pre-installed.  We want to move the existing server / ISA config to the new hardware as seamlessly as possible.  We've got the new hardware in hand, but are a little short on documentation as to how to perform this procedure.  Since the current ISA server handles all Internet traffic for 14 office locations and VPNs from several offices, we'd like to pre-configure the new server off-line as much as possible before we attempt the actual install.  Naturally, we want to configure the new server with the same IP config, same server name, same routing info, etc.  What little procedure we've been able to develop so far is as follows:

ISA server move:
- extract all config info from current server ( OS, routing, VPN, ISA, surfcontrol, etc. ).  Disk cfg is c:=10GB, D:=26GB, mirrored.
- gather all required software CDs, license info
- setup new server off-line - Apply SPs to OS, install required services ( i.e. Term serv, etc )
- Harden server 2003 OS.
- apply patches, set interfaces to internal / external with exact IP addresses from previous ISA server.  Physically identify which interface is int / ext for connection purposes.
- install Surf-control

Saturday – live migration:
-      remove current server from Domain, remove server/computer object, disconnect from network
-      Force AD policy sync ???
-      Move Digi board to new server. Install drvrs.
-      Connect new server to network, add to domain with same computer name, IP config, routing
-      setup RRAS from prev config info.
-      Setup TS from prev cfg info.
-      load exported config file backup for ISA, surfcontrol
-      set auto updates to dload, but not auto install.

Naturally, these are the broad strokes.  We need some help with the sequence of tasks as well as task details.  If anyone can help us fill in the blanks or refer us to detailed docuemntation for this procedure, it would be most appreciated.

Thanks, Bob
Watch Question

Keith AlabasterEnterprise Architect
Top Expert 2008

Sounds cool. Don't forget antivirus etc.

I would remove the existing server on the Friday night so AD will have already replicated and be clean ready for the addition on the Saturday but that is just personal methods rather than a requirement.

You may want to review your cache settings if the drive sizes are going to be different.
If you are already on ISA2004 sp2 then fine. If not, make sure you restore the ISA config at the same patch level as you are on now and then apply the ISA service packs etc afterwards.

making a note of speed/duplex settings on the network cards won't hurt either.

In addition, i would not harden the OS until after I had ISA configured and up and running; again personal choice but I have had an occasional hiccup with the hardened OS not allowing certain config changes (restores) as the OS no longer allows that scenario.

Apart from that, you have it covered as far as I can see.



Let's not close that just yet.  We've been busy with other pressing issues and this operation was put on a temporary hold.
We have attempted to restore the backed up ISA config file from the current server to the new HP ISA appliance and it errors out each time with a message " import failed: the name already exists".
The first thing we did was add the new ISA server to the domain. We set up a different IP adrs for the internal interface since the current server is still in production.  The internal i nterface is connected to the network, but not the external.  We then configured the external interf with the exact settings as the current server.
We manipulated the XML backup file by replacing the name of the current server with the name of the new server.  

ANy ideas?

Enterprise Architect
Top Expert 2008
This is a different ballgame. The export will hold all of the info including names of the ISA servers and ID's. You cannot just edit the XML file alone. It is detecting (I believe) the original ISA server.
Have you tried doing this off the network and then importing the file?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.