ISA 2006 installation

Posted on 2011-09-15
Last Modified: 2012-05-12
I'd like to ask you for your opinions and help regarding following:
I need to reinstall ISA 2006 in our domain
I will do it by
1. building new server,
2. installing ISA 2006 on it
3. run both ISA servers for some time (both the new one also the old one)
4. once this test phase is OK I will change DNS record pointing to ISA's hostname from old one isa to new one isa and decommision the old isa server

creating new ISA server I will do by exporting whole settings from old one isa and import them to new one isa
My questions:
1. While installing ISA product on new server, do I need to specify Internal network ranges during installation or will it be done by importing settings from old isa?
2. When I will export settings to XML file, do I need to edit hostname (old isa hostname) written in XML to new ISA hostname before importing? Or will import process detect that import is being done on different computer and will alter needed items by itself automatically?

thank you for your help guys
Question by:T-cko
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36547098
1.While installing you must add the internal address ranges. need to change xml files content,,, just import it. also you have to export/import certificates which installed in ISA server manually with their private keys.

who do you plan to make the 2 server running at the same time ?

Author Comment

ID: 36548020
I plan to run 2 servers at the same time to minimize the downtime of overall proxy funkcionality in our domain.
I plan to have downtime only for time when dns alias "proxy" will be changed to new hostname.
Or is it wrong?
I hope there will be no problem while running 2 isa servers concurently, dns alias is pointing to old isa so no client should "use" new isa, until dns alias will be changed to new isa.

What about directory with PAC script? I think it will not be exported and imported automatically, do I have to copy it manually?

Thank you for answers.

Author Comment

ID: 36548026
Sulimanw, how do I export manually certificates  which installed in ISA server manually with their private keys please?
thank you

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36550548
It depend in you client, how they are configured. secure nat or proxy  or FW client ?

export certificate :

don't proceed after step 10.

LVL 29

Expert Comment

ID: 36551461
It is a good idea for the DNS name to de done as a CNAME called "wpad" (keep it lower case) and point it to the actual host record of the ISA.  Then you just edit the CNAME to point to the new ISA when you are ready.

As you would guess,...your ISA would always be called "wpad" or "".   The benefit of this is if you choose to enable proxy autodetection this part will already be out of the way

Author Comment

ID: 36558503
thanky for responses,
as I imported xml file into new one isa, it appeared on network with old isa hoastname, so edit xml and replace all old hostname items in xml with new hostname (hostname where xml is being imported) is MUST.
Now it looks that at least browsing via explorer set with new isa is OK but one page requires several times to authenticate (probably to download all objects from other resources)
How can I get rid of this pls? I would be happy to authenticate just one time, when I start browsing.
thank you
LVL 29

Expert Comment

ID: 36560108
You imported too much.
Uninstall ISA from the machine.
Reinstall ISA on the machine.

Export the Config from the old ISA and choose the option that does not include all the information.  Pay attention to the prompt ans you will see what I mean.

Do not mess with the XML file.

Import the config into the new ISA using the option that imports the least amount of information, attention tot he prompts.

Publishing Rules and any Listeners may need to be reconfigured to reflect the correct external IP#s

If that does not work,..don't waste time screwing around with it,...uninstall ISA again,....reinstall ISA again.   Then export only the Rules individually one at a time to their own individual XML file and import them into the new ISA one at a time.
LVL 29

Accepted Solution

pwindell earned 500 total points
ID: 36560131
Personally I never ever do what you are trying to do.  I always build the config from scratch so I do not import garbage into the new ISA.  Building the config from scratch does not take that long and it helps find mistakes or things from the old config that are no longer needed and can be left out.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
iptables and udp ports 23 135
Exchange 2010 - SPAM using organization internal addresses 6 117
Sonicwall tz215 internet speed slow  help 56 1,362
ASE reports it as spam 2 1,054
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question