Solved

ISA 2006 installation

Posted on 2011-09-15
8
323 Views
Last Modified: 2012-05-12
Hello
I'd like to ask you for your opinions and help regarding following:
I need to reinstall ISA 2006 in our domain
I will do it by
1. building new server,
2. installing ISA 2006 on it
3. run both ISA servers for some time (both the new one also the old one)
4. once this test phase is OK I will change DNS record pointing to ISA's hostname from old one isa to new one isa and decommision the old isa server

creating new ISA server I will do by exporting whole settings from old one isa and import them to new one isa
My questions:
1. While installing ISA product on new server, do I need to specify Internal network ranges during installation or will it be done by importing settings from old isa?
2. When I will export settings to XML file, do I need to edit hostname (old isa hostname) written in XML to new ISA hostname before importing? Or will import process detect that import is being done on different computer and will alter needed items by itself automatically?

thank you for your help guys
0
Comment
Question by:T-cko
  • 3
  • 3
  • 2
8 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
1.While installing you must add the internal address ranges.

2.no need to change xml files content,,, just import it. also you have to export/import certificates which installed in ISA server manually with their private keys.

who do you plan to make the 2 server running at the same time ?
0
 

Author Comment

by:T-cko
Comment Utility
I plan to run 2 servers at the same time to minimize the downtime of overall proxy funkcionality in our domain.
I plan to have downtime only for time when dns alias "proxy" will be changed to new hostname.
Or is it wrong?
I hope there will be no problem while running 2 isa servers concurently, dns alias is pointing to old isa so no client should "use" new isa, until dns alias will be changed to new isa.

What about directory with PAC script? I think it will not be exported and imported automatically, do I have to copy it manually?

Thank you for answers.
0
 

Author Comment

by:T-cko
Comment Utility
Sulimanw, how do I export manually certificates  which installed in ISA server manually with their private keys please?
thank you

0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
It depend in you client, how they are configured. secure nat or proxy  or FW client ?


export certificate :
http://nl.globalsign.com/en/support/ssl+certificates/microsoft/all+windows+servers/export+private+key+or+certificate/

don't proceed after step 10.

0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 29

Expert Comment

by:pwindell
Comment Utility
It is a good idea for the DNS name to de done as a CNAME called "wpad" (keep it lower case) and point it to the actual host record of the ISA.  Then you just edit the CNAME to point to the new ISA when you are ready.

As you would guess,...your ISA would always be called "wpad" or "wpad.ad-domain.com".   The benefit of this is if you choose to enable proxy autodetection this part will already be out of the way
0
 

Author Comment

by:T-cko
Comment Utility
thanky for responses,
as I imported xml file into new one isa, it appeared on network with old isa hoastname, so edit xml and replace all old hostname items in xml with new hostname (hostname where xml is being imported) is MUST.
Now it looks that at least browsing via explorer set with new isa is OK but one page requires several times to authenticate (probably to download all objects from other resources)
How can I get rid of this pls? I would be happy to authenticate just one time, when I start browsing.
thank you
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
You imported too much.
Uninstall ISA from the machine.
Reinstall ISA on the machine.

Export the Config from the old ISA and choose the option that does not include all the information.  Pay attention to the prompt ans you will see what I mean.

Do not mess with the XML file.

Import the config into the new ISA using the option that imports the least amount of information,...pay attention tot he prompts.

Publishing Rules and any Listeners may need to be reconfigured to reflect the correct external IP#s

If that does not work,..don't waste time screwing around with it,...uninstall ISA again,....reinstall ISA again.   Then export only the Rules individually one at a time to their own individual XML file and import them into the new ISA one at a time.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
Comment Utility
Personally I never ever do what you are trying to do.  I always build the config from scratch so I do not import garbage into the new ISA.  Building the config from scratch does not take that long and it helps find mistakes or things from the old config that are no longer needed and can be left out.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now