Solved

ISA 2006 installation

Posted on 2011-09-15
8
352 Views
Last Modified: 2012-05-12
Hello
I'd like to ask you for your opinions and help regarding following:
I need to reinstall ISA 2006 in our domain
I will do it by
1. building new server,
2. installing ISA 2006 on it
3. run both ISA servers for some time (both the new one also the old one)
4. once this test phase is OK I will change DNS record pointing to ISA's hostname from old one isa to new one isa and decommision the old isa server

creating new ISA server I will do by exporting whole settings from old one isa and import them to new one isa
My questions:
1. While installing ISA product on new server, do I need to specify Internal network ranges during installation or will it be done by importing settings from old isa?
2. When I will export settings to XML file, do I need to edit hostname (old isa hostname) written in XML to new ISA hostname before importing? Or will import process detect that import is being done on different computer and will alter needed items by itself automatically?

thank you for your help guys
0
Comment
Question by:T-cko
  • 3
  • 3
  • 2
8 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36547098
1.While installing you must add the internal address ranges.

2.no need to change xml files content,,, just import it. also you have to export/import certificates which installed in ISA server manually with their private keys.

who do you plan to make the 2 server running at the same time ?
0
 

Author Comment

by:T-cko
ID: 36548020
I plan to run 2 servers at the same time to minimize the downtime of overall proxy funkcionality in our domain.
I plan to have downtime only for time when dns alias "proxy" will be changed to new hostname.
Or is it wrong?
I hope there will be no problem while running 2 isa servers concurently, dns alias is pointing to old isa so no client should "use" new isa, until dns alias will be changed to new isa.

What about directory with PAC script? I think it will not be exported and imported automatically, do I have to copy it manually?

Thank you for answers.
0
 

Author Comment

by:T-cko
ID: 36548026
Sulimanw, how do I export manually certificates  which installed in ISA server manually with their private keys please?
thank you

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36550548
It depend in you client, how they are configured. secure nat or proxy  or FW client ?


export certificate :
http://nl.globalsign.com/en/support/ssl+certificates/microsoft/all+windows+servers/export+private+key+or+certificate/

don't proceed after step 10.

0
 
LVL 29

Expert Comment

by:pwindell
ID: 36551461
It is a good idea for the DNS name to de done as a CNAME called "wpad" (keep it lower case) and point it to the actual host record of the ISA.  Then you just edit the CNAME to point to the new ISA when you are ready.

As you would guess,...your ISA would always be called "wpad" or "wpad.ad-domain.com".   The benefit of this is if you choose to enable proxy autodetection this part will already be out of the way
0
 

Author Comment

by:T-cko
ID: 36558503
thanky for responses,
as I imported xml file into new one isa, it appeared on network with old isa hoastname, so edit xml and replace all old hostname items in xml with new hostname (hostname where xml is being imported) is MUST.
Now it looks that at least browsing via explorer set with new isa is OK but one page requires several times to authenticate (probably to download all objects from other resources)
How can I get rid of this pls? I would be happy to authenticate just one time, when I start browsing.
thank you
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36560108
You imported too much.
Uninstall ISA from the machine.
Reinstall ISA on the machine.

Export the Config from the old ISA and choose the option that does not include all the information.  Pay attention to the prompt ans you will see what I mean.

Do not mess with the XML file.

Import the config into the new ISA using the option that imports the least amount of information,...pay attention tot he prompts.

Publishing Rules and any Listeners may need to be reconfigured to reflect the correct external IP#s

If that does not work,..don't waste time screwing around with it,...uninstall ISA again,....reinstall ISA again.   Then export only the Rules individually one at a time to their own individual XML file and import them into the new ISA one at a time.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 36560131
Personally I never ever do what you are trying to do.  I always build the config from scratch so I do not import garbage into the new ISA.  Building the config from scratch does not take that long and it helps find mistakes or things from the old config that are no longer needed and can be left out.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Create Sample Internet Traffic 1 83
increase internet speed 3 94
Sonicwall tz215 internet speed slow  help 56 876
Looking for a web usage history tracking tool. (budget) 3 106
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question