• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Rolling out Upgrade from ISA 2000 to ISA 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Rolling out Upgrade from ISA 2000 to ISA 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Rolling out Upgrade from ISA 2000 to ISA 2004 - 2.Mar.2006 10:06:07 PM   
berwin98

 

Posts: 7
Joined: 20.Feb.2006
Status: offline
Ok...I have seen a few dead threads about Upgrading the client.

Here are the two scripts to first uninstall the ISA 2000 client and then install the ISA 2004 client.

Uninstall ISA 2000 client:

msiexec /x \\<isa2000 computer>\mspclnt\MS_FWC.MSI /quiet /norestart

Install ISA 2004 client:

msiexec /i \\<isa2004 computer>\mspclnt\MS_FWC.msi /quiet

We have Auto Detect running and I think the only issue is that the web proxy settings do not get updated until the computer is rebooted.  If you really wanted to, you could force a reboot with the second script by using the /forcerestart.

Thanks,
Bob


Post #: 1
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 4.Mar.2006 5:24:38 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bob,
Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to berwin98)
Post #: 2
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 6.Mar.2006 4:47:35 PM   
Belaflek

 

Posts: 7
Joined: 5.May2004
Status: offline
Question on this. We are a pretty small shop. ISA ENT 2000...uninstalled and installed ISA 2k4 and Config server on the same machine. Being that the old client is effectively no longer at said share in part one...could one change the first one with a local path?

(in reply to tshinder)
Post #: 3
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 6.Mar.2006 4:53:51 PM   
berwin98

 

Posts: 7
Joined: 20.Feb.2006
Status: offline
Hey,

As long as you have the old install directory, you can put it anywhere you want.  If you want to save the ISA2000 mspclnt folder...and then copy it to your new ISA server under a different share name, you can do this as well.  As long as you have that MSI (and any supporting files) for the old ISA client, then you can do the uninstall.

Thanks,
Bob

(in reply to Belaflek)
Post #: 4
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 7:13:19 PM   
greygoose

 

Posts: 9
Joined: 4.Jan.2006
Status: offline
How did you deploy these commands to the clients? Group Policy?  If you did, how did you get the commands to only run once each?

(in reply to berwin98)
Post #: 5
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 7:17:22 PM   
berwin98

 

Posts: 7
Joined: 20.Feb.2006
Status: offline
We used Alteris to deploy the client.  You can also use SMS or I guess Group Policy.  I'm not very familiar with Group Policy Deployment, but my assumption is somehow it knows if the client was deployed.  I would try that first.  If you are still getting it to run everytime the policy is updated, then you could write a script to check for a reg key first and if it does not exist then you can run the setup.

Thanks,
Bob

(in reply to greygoose)
Post #: 6
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 8:05:14 PM   
greygoose

 

Posts: 9
Joined: 4.Jan.2006
Status: offline
The 2000 client was not deployed via Group Policy - it was installed manually on each machine.  I'm trying to figure out a way to script the uninstall of the 2000 clients and then roll out the 2004 client via Group Policy.

(in reply to berwin98)
Post #: 7
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 21.Mar.2006 8:33:51 PM   
berwin98

 

Posts: 7
Joined: 20.Feb.2006
Status: offline
Again, I am not a group policy software deployment expert.  You might be able to create a new MSI through WISE to *just* run the commands to uinstall and install the new firewall client.  Or use a login script to do this....the problem with using the login script is the workstations will take longer to login in the next morning.

Depending on how many users you have, I could put on my Microsoft Hat and recommend SMS 2003.   SMS gives you greater control over software distribution and can provide status of software deployments (to tell if the client received the package, etc), and can defined whether to use BITS for Dial-up and VPN connections.  Also, it has Hardware/Software Inventory, Remote Control, Software Metering, etc.

...and you wouldn't have this problem.  SMS knows if the package has been installed already and will not attempt to re-run the advertisement.

Thanks,
Bob




(in reply to greygoose)
Post #: 8
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 1:04:05 AM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Here is some KiX code that will search whatever DN you provide.
BREAK ON
$BaseKey = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C7A59A8-9ABE-459A-9A93-08C281A4A264}'
$objConnection = CreateObject("ADODB.Connection")
$objCommand =   CreateObject("ADODB.Command")
$objConnection.Provider = "ADsDSOObject"
$objConnection.Open("Active Directory Provider")
$objCommand.ActiveConnection = $objConnection
$objCommand.CommandText = 
  "SELECT Name FROM " 
  + "'LDAP://OU=Computers,OU=yada,OU=yada,dc=bla,dc=local'"
  + " WHERE objectCategory='computer'"
$objCommand.Properties("Page Size").Value = 100
$objCommand.Properties("Search Scope").Value = 2
$objCommand.Properties("Cache Results").Value = (not 1)
$objRecordSet = $objCommand.Execute()
$objRecordSet.MoveFirst
while not $objRecordSet.EOF
  $curComputer = $objRecordSet.Fields("Name").Value
  '.'
  IF Ping($curComputer)
     $InstallSource = ReadValue('\\'+$curComputer+'\'+$BaseKey,'InstallSource')
     If $InstallSource
        'InstallSource = '+$InstallSource ?
     EndIf
  EndIf
  ;DoX($curComputer)
  $objRecordSet.MoveNext
Loop

;===================
Function Ping($PC)
 Dim $PC
 Shell'%comspec% /c ping -n 1 '+$PC+' >nul'
 $Ping = NOT @error
EndFunction


You can also pull the UninstallString.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to berwin98)
Post #: 9
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 5:13:34 PM   
greygoose

 

Posts: 9
Joined: 4.Jan.2006
Status: offline
Thanks for the script.  I was able to use it to list the clients using the old 2000 FWC.  Now I just need to script the uninstall by inserting into the registry:

SET KEY=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

REG ADD %KEY% /V TITLE /D "Removing Software" /f

REG ADD %KEY%\000 /VE /D "Waiting for Network Components" /f
REG ADD %KEY%\000 /V 1 /D "cmdow @ /HID sleep 10" /f

REG ADD %KEY%\005 /VE /D "Removing 2000 Firewall Client" /f
REG ADD %KEY%\005 /V 1 /D "msiexec /x \\oldisa\mspclnt\MS_FWC.MSI /quiet /norestart" /f


Thanks again

< Message edited by greygoose -- 22.Mar.2006 5:59:59 PM >

(in reply to LLigetfa)
Post #: 10
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 22.Mar.2006 5:56:19 PM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
Thanks for the feedback and for taking my humble beginnings and running with it.

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to greygoose)
Post #: 11
RE: Rolling out Upgrade from ISA 2000 to ISA 2004 - 24.Mar.2006 9:11:35 PM   
greygoose

 

Posts: 9
Joined: 4.Jan.2006
Status: offline
I am almost done with the script.  I can detect whether the computer has the 2000, 2004 or no client installed.  It then performs the appropriate operation.  The only problem is that the user that logs on needs to be a local administrator or the old firewall client will not uninstall and the new client will not be installed.

I also was going to deploy the new client via Group Policy, but decided against it.  I cannot figure out a way to edit the .msi (via ORCA) or make a .mst file to specify what server I want the client to use.  When I install in the script via the setup.exe file, I am able to specify the correct server via the "\\isa2004machine\mspclnt\setup.exe /v"SERVER_NAME_OR_IP=ISA2004MACHINE ENABLE_AUTO_DETECT=0 REFRESH_WEB_PROXY=0 /qn" switch.

I cannot use a WPAD entry to specify the correct ISA server because we have 2 different ISA servers on one subnet.

Thanks to anyone who knows how to edit the .msi file via ORCA to specify the correct ISA server.

< Message edited by greygoose -- 24.Mar.2006 9:12:37 PM >

(in reply to LLigetfa)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Rolling out Upgrade from ISA 2000 to ISA 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts