Solved

Steps to Remove ISA Server Completely

Posted on 2011-02-18
16
1,795 Views
Last Modified: 2012-05-11
Hey Everyone -

Just picked u a client who has an installation of ISA Server on their SBS 2003 SP2 Domain Controller. This server is the only server on the network and of course the Domain Controller. It is also running Exchange Server SP2. The server has two NICs as well. ISA is being removed by the client and immediately being replaced by an appliance.

The clients are running Windows 7 Professional and using the Firewall Application which enables ISA to work on their desktops.

How would you go about creating a checklist to COMPLETELY remove ISA from this network? I have experience installing but the last install was over 3 years ago. Just dont want to miss any steps or leave anything out.

Thanks
0
Comment
Question by:tecpub
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 23

Assisted Solution

by:Suliman Abu Kharroub
Suliman Abu Kharroub earned 115 total points
ID: 34930875
Simply, you need to use add/remove programs (appwiz.cpl) to remove ISA server. and thats it.

>>"The clients are running Windows 7 Professional and using the Firewall Application which enables ISA to work on their desktops."
Do you mean ISA client firewall ? if so, also you can remove it from add/remove programs.
0
 

Author Comment

by:tecpub
ID: 34930902
Really? Wow for an program that's so time-intensive to setup, it seems almost too easy to uninstall!

So I'm guessing I'd just disable the second NIC and then run the Internet Setup Wizard on the Server Managment Window?

Is there anything that could go wrong by chance?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34930932
I have never worked on Small Business Server edition. but for ISA removal, it is a very simple process as I said.

I did that many times without any issue...

May I ask why do you want to remove ISA, are you planing to deploy another firewall on the network ? if so, then please remove ISA first then disable the WAN nic to protect you DC from the internet.
0
 

Author Comment

by:tecpub
ID: 34930991
Got it.

The customer wants to simplify their network and not have to support ISA Server. They dont have the installation media anymore as well, and dont have the budget to ugrade ISA, so an appliance is what they want to implement the moment ISA comes down.
0
 
LVL 21

Accepted Solution

by:
Larry Struckmeyer MVP earned 165 total points
ID: 34931236
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34932310
It is that easy to remove ISA but that is obviously not the only steps.

Once the ISA product is removed your clients will still be set to use the ISA proxy address in their browser settings and will still need the ISA firewall client removing. Never had to deploy the ISA firewall client in my life for an SBS installation. woult generally want to re-run the CEICW after ISA removal as well.

Keith
0
 

Author Comment

by:tecpub
ID: 34933290
Got it. Well everyone was right ISA removed without a hitch. I performed the CEICW afterwards with both NICS still active (One with an Internal IP routing to the switch and the other with an external IP address connected to the back of the modem/router.)

@keith_alabaster - For some reason the Windows ISA Firewall Client was installed at all clients as well as the proxy setup in IE, however those are now all removed.

So now the server is able to reach out with the internal NIC disabled. ( I did add the internal IP however the same nic.) However Exchange OWA is down. Also, none of the clients can get online as well.

I did leave the office around 1:30am (due to other tasks on the to-do list), so I ran out of steam fast and figured I'd come back today. I'm guessing the DHCP Scope? Would CEICW reconfigure that?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34933344
Not the way it should be - unless you are now going to setup RRAS as well. Before of course ISA did everything for you - which is why it is still one of the best firewall products money can buy. Now you will have to do it all manually.

SBS only needs one nic now and the new (replacement) firewall should be on the internal LAN subnet. All workstations and the sbs server will need to point to the new firewall as the default gateway - then you can re-run the ceicw.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:tecpub
ID: 34933356
Which is not the way it should be?

We do want to try to get everything running before we put the new firewall into play however. I do understand the risks involved, but right now with nothing working except the server reaching the web, I want to make sure the network is fine, before we add a whole new element in the mix.

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34933378
Has to be your call. Youtr issue at the moment is that workstations have to pass through the SBS box to get out and the external firewall/router has to know how to get returning traffic back through the sbs server to the internal clients. THAT is what ISA server did for you previously.
0
 

Author Comment

by:tecpub
ID: 34934092
Currently, I have removed the second nic that had the internal IP address and now only have one NIC installed which has the external IP address from the ATT DSL Router and directly connected to the modem. However, not quite sure it's configured for non-ISA use since DHCP Server is set to Relay-Agent. Shouldnt that be turned off?

0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 220 total points
ID: 34934157
The remaining SBS nic needs the INTERNAL ip, not the external IP. The router now needs to plug into the same switch as all other work stations. ALL devices then need the default gateway to point to the internal ip of the router.
0
 

Author Comment

by:tecpub
ID: 34934349
Got it. The server now has it's original internal ip and connected to the router. However I cannot rerun the wizard due to dhcp scope (says it's not running?).

I removed the old scope and attempted to add/authorize the new scope, however the dhcp service won't start. Any ideas?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 220 total points
ID: 34934631
DHCP scope excludes the ip addresses used by the router and the SBS server - yes?
You've added the 003 entry to point to the router and added the dns settings as well?

Might be woth a quick reboot to be honest - sounds like it has had a hard day of it.
0
 

Author Comment

by:tecpub
ID: 34934657
You're right, but I cant even add a dhcp server in the admin tool! I'm adding the internal ip of the server as the dhcp server. However inthe event logs I'm getting 1053, 1054, and 1056
0
 

Author Comment

by:tecpub
ID: 34938052
Looked like forgot to enable ICS! It's amazing what you realize when you eat lunch! Thanks for everyone who helped. Now on to less stressful problems.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now