• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2251
  • Last Modified:

Steps to Remove ISA Server Completely

Hey Everyone -

Just picked u a client who has an installation of ISA Server on their SBS 2003 SP2 Domain Controller. This server is the only server on the network and of course the Domain Controller. It is also running Exchange Server SP2. The server has two NICs as well. ISA is being removed by the client and immediately being replaced by an appliance.

The clients are running Windows 7 Professional and using the Firewall Application which enables ISA to work on their desktops.

How would you go about creating a checklist to COMPLETELY remove ISA from this network? I have experience installing but the last install was over 3 years ago. Just dont want to miss any steps or leave anything out.

Thanks
0
tecpub
Asked:
tecpub
  • 8
  • 5
  • 2
  • +1
4 Solutions
 
Suliman Abu KharroubIT Consultant Commented:
Simply, you need to use add/remove programs (appwiz.cpl) to remove ISA server. and thats it.

>>"The clients are running Windows 7 Professional and using the Firewall Application which enables ISA to work on their desktops."
Do you mean ISA client firewall ? if so, also you can remove it from add/remove programs.
0
 
tecpubAuthor Commented:
Really? Wow for an program that's so time-intensive to setup, it seems almost too easy to uninstall!

So I'm guessing I'd just disable the second NIC and then run the Internet Setup Wizard on the Server Managment Window?

Is there anything that could go wrong by chance?
0
 
Suliman Abu KharroubIT Consultant Commented:
I have never worked on Small Business Server edition. but for ISA removal, it is a very simple process as I said.

I did that many times without any issue...

May I ask why do you want to remove ISA, are you planing to deploy another firewall on the network ? if so, then please remove ISA first then disable the WAN nic to protect you DC from the internet.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
tecpubAuthor Commented:
Got it.

The customer wants to simplify their network and not have to support ISA Server. They dont have the installation media anymore as well, and dont have the budget to ugrade ISA, so an appliance is what they want to implement the moment ISA comes down.
0
 
Larry Struckmeyer MVPCommented:
0
 
Keith AlabasterCommented:
It is that easy to remove ISA but that is obviously not the only steps.

Once the ISA product is removed your clients will still be set to use the ISA proxy address in their browser settings and will still need the ISA firewall client removing. Never had to deploy the ISA firewall client in my life for an SBS installation. woult generally want to re-run the CEICW after ISA removal as well.

Keith
0
 
tecpubAuthor Commented:
Got it. Well everyone was right ISA removed without a hitch. I performed the CEICW afterwards with both NICS still active (One with an Internal IP routing to the switch and the other with an external IP address connected to the back of the modem/router.)

@keith_alabaster - For some reason the Windows ISA Firewall Client was installed at all clients as well as the proxy setup in IE, however those are now all removed.

So now the server is able to reach out with the internal NIC disabled. ( I did add the internal IP however the same nic.) However Exchange OWA is down. Also, none of the clients can get online as well.

I did leave the office around 1:30am (due to other tasks on the to-do list), so I ran out of steam fast and figured I'd come back today. I'm guessing the DHCP Scope? Would CEICW reconfigure that?
0
 
Keith AlabasterCommented:
Not the way it should be - unless you are now going to setup RRAS as well. Before of course ISA did everything for you - which is why it is still one of the best firewall products money can buy. Now you will have to do it all manually.

SBS only needs one nic now and the new (replacement) firewall should be on the internal LAN subnet. All workstations and the sbs server will need to point to the new firewall as the default gateway - then you can re-run the ceicw.
0
 
tecpubAuthor Commented:
Which is not the way it should be?

We do want to try to get everything running before we put the new firewall into play however. I do understand the risks involved, but right now with nothing working except the server reaching the web, I want to make sure the network is fine, before we add a whole new element in the mix.

0
 
Keith AlabasterCommented:
Has to be your call. Youtr issue at the moment is that workstations have to pass through the SBS box to get out and the external firewall/router has to know how to get returning traffic back through the sbs server to the internal clients. THAT is what ISA server did for you previously.
0
 
tecpubAuthor Commented:
Currently, I have removed the second nic that had the internal IP address and now only have one NIC installed which has the external IP address from the ATT DSL Router and directly connected to the modem. However, not quite sure it's configured for non-ISA use since DHCP Server is set to Relay-Agent. Shouldnt that be turned off?

0
 
Keith AlabasterCommented:
The remaining SBS nic needs the INTERNAL ip, not the external IP. The router now needs to plug into the same switch as all other work stations. ALL devices then need the default gateway to point to the internal ip of the router.
0
 
tecpubAuthor Commented:
Got it. The server now has it's original internal ip and connected to the router. However I cannot rerun the wizard due to dhcp scope (says it's not running?).

I removed the old scope and attempted to add/authorize the new scope, however the dhcp service won't start. Any ideas?
0
 
Keith AlabasterCommented:
DHCP scope excludes the ip addresses used by the router and the SBS server - yes?
You've added the 003 entry to point to the router and added the dns settings as well?

Might be woth a quick reboot to be honest - sounds like it has had a hard day of it.
0
 
tecpubAuthor Commented:
You're right, but I cant even add a dhcp server in the admin tool! I'm adding the internal ip of the server as the dhcp server. However inthe event logs I'm getting 1053, 1054, and 1056
0
 
tecpubAuthor Commented:
Looked like forgot to enable ICS! It's amazing what you realize when you eat lunch! Thanks for everyone who helped. Now on to less stressful problems.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 8
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now