Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


ISA 2006 installation

Posted on 2011-09-15
Medium Priority
Last Modified: 2012-05-12
I'd like to ask you for your opinions and help regarding following:
I need to reinstall ISA 2006 in our domain
I will do it by
1. building new server,
2. installing ISA 2006 on it
3. run both ISA servers for some time (both the new one also the old one)
4. once this test phase is OK I will change DNS record pointing to ISA's hostname from old one isa to new one isa and decommision the old isa server

creating new ISA server I will do by exporting whole settings from old one isa and import them to new one isa
My questions:
1. While installing ISA product on new server, do I need to specify Internal network ranges during installation or will it be done by importing settings from old isa?
2. When I will export settings to XML file, do I need to edit hostname (old isa hostname) written in XML to new ISA hostname before importing? Or will import process detect that import is being done on different computer and will alter needed items by itself automatically?

thank you for your help guys
Question by:T-cko
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36547098
1.While installing you must add the internal address ranges.

2.no need to change xml files content,,, just import it. also you have to export/import certificates which installed in ISA server manually with their private keys.

who do you plan to make the 2 server running at the same time ?

Author Comment

ID: 36548020
I plan to run 2 servers at the same time to minimize the downtime of overall proxy funkcionality in our domain.
I plan to have downtime only for time when dns alias "proxy" will be changed to new hostname.
Or is it wrong?
I hope there will be no problem while running 2 isa servers concurently, dns alias is pointing to old isa so no client should "use" new isa, until dns alias will be changed to new isa.

What about directory with PAC script? I think it will not be exported and imported automatically, do I have to copy it manually?

Thank you for answers.

Author Comment

ID: 36548026
Sulimanw, how do I export manually certificates  which installed in ISA server manually with their private keys please?
thank you

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36550548
It depend in you client, how they are configured. secure nat or proxy  or FW client ?

export certificate :

don't proceed after step 10.

LVL 29

Expert Comment

ID: 36551461
It is a good idea for the DNS name to de done as a CNAME called "wpad" (keep it lower case) and point it to the actual host record of the ISA.  Then you just edit the CNAME to point to the new ISA when you are ready.

As you would guess,...your ISA would always be called "wpad" or "wpad.ad-domain.com".   The benefit of this is if you choose to enable proxy autodetection this part will already be out of the way

Author Comment

ID: 36558503
thanky for responses,
as I imported xml file into new one isa, it appeared on network with old isa hoastname, so edit xml and replace all old hostname items in xml with new hostname (hostname where xml is being imported) is MUST.
Now it looks that at least browsing via explorer set with new isa is OK but one page requires several times to authenticate (probably to download all objects from other resources)
How can I get rid of this pls? I would be happy to authenticate just one time, when I start browsing.
thank you
LVL 29

Expert Comment

ID: 36560108
You imported too much.
Uninstall ISA from the machine.
Reinstall ISA on the machine.

Export the Config from the old ISA and choose the option that does not include all the information.  Pay attention to the prompt ans you will see what I mean.

Do not mess with the XML file.

Import the config into the new ISA using the option that imports the least amount of information,...pay attention tot he prompts.

Publishing Rules and any Listeners may need to be reconfigured to reflect the correct external IP#s

If that does not work,..don't waste time screwing around with it,...uninstall ISA again,....reinstall ISA again.   Then export only the Rules individually one at a time to their own individual XML file and import them into the new ISA one at a time.
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 36560131
Personally I never ever do what you are trying to do.  I always build the config from scratch so I do not import garbage into the new ISA.  Building the config from scratch does not take that long and it helps find mistakes or things from the old config that are no longer needed and can be left out.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question