ISA 2006 installation

Posted on 2011-09-15
Medium Priority
Last Modified: 2012-05-12
I'd like to ask you for your opinions and help regarding following:
I need to reinstall ISA 2006 in our domain
I will do it by
1. building new server,
2. installing ISA 2006 on it
3. run both ISA servers for some time (both the new one also the old one)
4. once this test phase is OK I will change DNS record pointing to ISA's hostname from old one isa to new one isa and decommision the old isa server

creating new ISA server I will do by exporting whole settings from old one isa and import them to new one isa
My questions:
1. While installing ISA product on new server, do I need to specify Internal network ranges during installation or will it be done by importing settings from old isa?
2. When I will export settings to XML file, do I need to edit hostname (old isa hostname) written in XML to new ISA hostname before importing? Or will import process detect that import is being done on different computer and will alter needed items by itself automatically?

thank you for your help guys
Question by:T-cko
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36547098
1.While installing you must add the internal address ranges.

2.no need to change xml files content,,, just import it. also you have to export/import certificates which installed in ISA server manually with their private keys.

who do you plan to make the 2 server running at the same time ?

Author Comment

ID: 36548020
I plan to run 2 servers at the same time to minimize the downtime of overall proxy funkcionality in our domain.
I plan to have downtime only for time when dns alias "proxy" will be changed to new hostname.
Or is it wrong?
I hope there will be no problem while running 2 isa servers concurently, dns alias is pointing to old isa so no client should "use" new isa, until dns alias will be changed to new isa.

What about directory with PAC script? I think it will not be exported and imported automatically, do I have to copy it manually?

Thank you for answers.

Author Comment

ID: 36548026
Sulimanw, how do I export manually certificates  which installed in ISA server manually with their private keys please?
thank you

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36550548
It depend in you client, how they are configured. secure nat or proxy  or FW client ?

export certificate :

don't proceed after step 10.

LVL 29

Expert Comment

ID: 36551461
It is a good idea for the DNS name to de done as a CNAME called "wpad" (keep it lower case) and point it to the actual host record of the ISA.  Then you just edit the CNAME to point to the new ISA when you are ready.

As you would guess,...your ISA would always be called "wpad" or "wpad.ad-domain.com".   The benefit of this is if you choose to enable proxy autodetection this part will already be out of the way

Author Comment

ID: 36558503
thanky for responses,
as I imported xml file into new one isa, it appeared on network with old isa hoastname, so edit xml and replace all old hostname items in xml with new hostname (hostname where xml is being imported) is MUST.
Now it looks that at least browsing via explorer set with new isa is OK but one page requires several times to authenticate (probably to download all objects from other resources)
How can I get rid of this pls? I would be happy to authenticate just one time, when I start browsing.
thank you
LVL 29

Expert Comment

ID: 36560108
You imported too much.
Uninstall ISA from the machine.
Reinstall ISA on the machine.

Export the Config from the old ISA and choose the option that does not include all the information.  Pay attention to the prompt ans you will see what I mean.

Do not mess with the XML file.

Import the config into the new ISA using the option that imports the least amount of information,...pay attention tot he prompts.

Publishing Rules and any Listeners may need to be reconfigured to reflect the correct external IP#s

If that does not work,..don't waste time screwing around with it,...uninstall ISA again,....reinstall ISA again.   Then export only the Rules individually one at a time to their own individual XML file and import them into the new ISA one at a time.
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 36560131
Personally I never ever do what you are trying to do.  I always build the config from scratch so I do not import garbage into the new ISA.  Building the config from scratch does not take that long and it helps find mistakes or things from the old config that are no longer needed and can be left out.

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question