Welcome to ISAserver.org

Moving ISA 2004 server to new hardware

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> General >> Moving ISA 2004 server to new hardware

Page: [1] 2 next > >>

Message

<< Older Topic Newer Topic >>

Moving ISA 2004 server to new hardware - 18.Sep.2009 1:20:28 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

Hello all,

I am trying to move my ISA server to new hardware. We only use ISA server for the Exchange web publishing rule so we can have corporate iPhones. I have exported my ISA configuration and my ssl certificate from the old server. On the new server I imported my configuration and imported my certificate. It looks like the import copied everything over to the new server as I cannot find any discrepencies. I have given the new server the same name, same IP address, and same version of ISA. However, whenever I swap network cables (e.g. unplug old ISA server and plug it into new ISA server), it does not work. The ISA server sees the traffic but denies the connection for my Exchange rule. When I do a connectivity test, it is able to connect to Exchange just fine. I thought all I had to do was export and import the ISA config as well as the cert, but that doesn't appear to be the case for me.

Any ideas?

Post #: 1

Featured Links*

RE: Moving ISA 2004 server to new hardware - 18.Sep.2009 2:58:20 PM

DEVLAVI

Posts: 115
Joined: 16.Jul.2009
From: Bangalore, India
Status: offline

Hi

How Can you have 2 machines on a N/W with same Name/IP & Same SID ?

Thanks,
Dev

_____________________________

Vasu Dev,
Network Administrator

"Abnormal is so common, it's practically normal."

(in reply to Dwarrencclp)

Post #: 2

RE: Moving ISA 2004 server to new hardware - 18.Sep.2009 3:03:16 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

Only one machine is actually on the network at the same time. The ISA servers are not on a domain so as long as both machines are not connected at the same time, it should be ok.

(in reply to DEVLAVI)

Post #: 3

RE: Moving ISA 2004 server to new hardware - 18.Sep.2009 3:05:47 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

is the certificate showing as valid on the web listener? What�s the error message on both, ISA and client?

quote:

When I do a connectivity test, it is able to connect to Exchange just fine

Are you trying direct on Exchange server?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 4

RE: Moving ISA 2004 server to new hardware - 18.Sep.2009 3:48:17 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

quote:

is the certificate showing as valid on the web listener? What�s the error message on both, ISA and client?

I can see the certificate on the web listener... how can I tell if it is valid or not? On the client the message is something like "unable to get mail, contact your administrator". On the ISA server it just says "Failed connection attempt" for "Web proxy server (reverse)". It has some other information but it looks the same as a successful attempt.

(in reply to paulo.oliveira)

Post #: 5

RE: Moving ISA 2004 server to new hardware - 18.Sep.2009 4:14:36 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

on your web listener properties go to Certificates tab, click on Select Certificate button.

Go to Test Button and check if ISA is complaining about something:

http://blogs.technet.com/isablog/archive/2008/05/23/isa-server-2006-service-pack-1-features.aspx

http://blogs.technet.com/isablog/archive/2008/07/17/isa-server-2006-sp1-test-button-issues.aspx

http://blogs.technet.com/isablog/archive/2008/07/10/isa-server-2006-sp1-problems-that-goes-beyond-the-test-button.aspx

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 6

RE: Moving ISA 2004 server to new hardware - 21.Sep.2009 8:53:47 AM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

I don't see that option. We are using ISA Server 2004.

(in reply to paulo.oliveira)

Post #: 7

RE: Moving ISA 2004 server to new hardware - 21.Sep.2009 2:29:55 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Gee! I�m sorry, didn�t notice you�re using ISA 2004. Test Button really doesn�t come with ISA 2004.

Have you checked if your certificate is valid?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 8

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 2:40:34 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

Thanks for the replies Paulo.

I verified the certificate is valid. When I turn on logging on the new ISA server, I get a status of "0x80090328". After googling a little bit I found this relates to authentication. I am just exporting the certificate from my old server and importing it into my new server, so I am not sure where I am going wrong. Any other ideas?

David

(in reply to paulo.oliveira)

Post #: 9

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:05:09 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

the error "0x80090328" means certificate expired! Check the date of your certificate.

http://support.microsoft.com/kb/839514/en-us

http://blogs.technet.com/isablog/archive/2008/05/23/isa-server-2006-service-pack-1-features.aspx

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 10

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:25:11 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

Well that is interesting. The certificate says it is valid and is good until 10/1/1010! Why would it think it is expired?

(in reply to paulo.oliveira)

Post #: 11

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:30:01 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

Maybe the certificate on the new server isn't reporting correctly?

(in reply to Dwarrencclp)

Post #: 12

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:54:32 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

quote:

The certificate says it is valid and is good until 10/1/1010!

1010? Maybe you should create a new certificate.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 13

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:55:24 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

haha sorry, 10/1/2010.

(in reply to paulo.oliveira)

Post #: 14

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 3:56:32 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

All I should have to do to move an ISA server from one server to another is export the config on the old server, export certificate on old server, import certificate and isa config to new server... right?

(in reply to Dwarrencclp)

Post #: 15

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 4:16:54 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Yes. Create a new cert and make a new test.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 16

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 4:22:12 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

I bought our certificates from Verisign... how can I make a new one without buying one?

(in reply to paulo.oliveira)

Post #: 17

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 4:37:29 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

where did you verified the certificate is valid? On ISA web listener as I told you before?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 18

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 4:42:09 PM

Dwarrencclp

Posts: 14
Joined: 18.Sep.2009
Status: offline

I didn't do it in the web listener. It says it was valid under IIS managemen, I went to Directory Services, View Certificate...

(in reply to paulo.oliveira)

Post #: 19

RE: Moving ISA 2004 server to new hardware - 22.Sep.2009 5:00:21 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

No, no. You also have to see if the certificate is valid for ISA. Follow this guide: http://www.isaserver.org/tutorials/Using-Commercial-Web-Site-Certificate-Publish-Outlook-Web-Access-Part1.html

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to Dwarrencclp)

Post #: 20