• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

moving isa 2004 from one server to another

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Installation >> moving isa 2004 from one server to another Page: [1]
Login
Message << Older Topic   Newer Topic >>
moving isa 2004 from one server to another - 20.Jul.2010 6:39:05 AM   
apage

 

Posts: 3
Joined: 20.Jul.2010
Status: offline
Hi guys

I'm new to isa server so here we go I have been working for a company for approx 1 year doing certificate III in IT and have landed myself with building a new isa server the specs for both servers are the same win server 2k3 sp4 excepting that the current server is virtual. full manual install of isa onto new server then manual build of all rules and networks (seemed like the way to learn)
my problem is now that i have both machines configured and ready to go I'm unsure of how i turn off the old and turn on the new we run a stand alone proxy server and it looks for an IP address of the isa server not dns name resolution. Can i simply tell the new server our external IP settings and give it the internal IP of the old server, then shut down the old, plug the new server into the external network and away we go?
Do I need to look at routing tables?
P.S both servers are domain members.
I'm trying to minimize down time as we have approx 700 end user's and can only imagine the phone calls if we loose internet I hope i have made sense

Thanks in advance for all help

Regards

_____________________________

Aron Page
Post #: 1
RE: moving isa 2004 from one server to another - 20.Jul.2010 9:19:35 AM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
The process is fairly straight-forward that is if youíre confident that the new ISA server is setup and configured properly and your access rules and DNS resolution is working properly. I donít really get the part about looking for an IP of the ISA and not using DNS resolution. DNS resolution is a must have. You mentioned that the current server is running virtual so the new server is a physical machine? Ideally what you should do to be sure all is well is to connect the external facing NIC to the Internet gateway and test everything before you pull the plug so to speak on the old one.

You asked about routing tables? If you configured your ISA network (Internal Network object) IP definitions correctly, then you should be ok as far as ISA is concerned. You will need to add persistent manual routes to ISA for any subnets that are reachable form the Internal ISA assigned NIC.

When youíre ready to make the switch, rename the old server; reboot and then change its IP address and shutdown for safe keeping if you want. On the new ISA server, change the server name to that of the old server, reboot and then change its IP address to match the old server. Modify the ISA external NIC properties and set the proper IP static information. Check out the articles below to make sure that youíre configured correctly. All should be good.

HTH

RB


http://www.elmajdal.net/ISAServer/Internal_DNS_Forwarding.aspx

http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

  

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to apage)
Post #: 2
RE: moving isa 2004 from one server to another - 20.Jul.2010 11:05:36 AM   
apage

 

Posts: 3
Joined: 20.Jul.2010
Status: offline
Hi RB thanks for the reply

I was hoping it would be a simple move just a little worried about failing my first major build.
When i mentioned the proxy looking for an IP and not DNS I said that based on what i found in the proxy server there are no mentions of it looking for a server name just the IP address of the ISA server so i figured it didn't use DNS resolution.
When you say to test the new server which is physical should have mentioned that earlier can i do that by configuring the outbound NIC and then creating an access rule to connect to the server it's self then remote to my home PC then remote back into the server will that work? having the access rule only on the new server of course. once tested remove the access rule, how do i go about testing internal rules?
I am confident the configuration is right i think i hold the record for slowest isa server built it took me 2 weeks to mirror the setting's for rules and networks from the old server (with work in between) only worried because as a rookie i have heard and read about isa servers not working when they get moved.
Once I have turned off the old server and named the new one to mach the old server name is there any reason i cant then change back to the name the server has now (once it is operational and fully tested that is)

thanks
Aron

(in reply to apage)
Post #: 3
RE: moving isa 2004 from one server to another - 20.Jul.2010 12:01:28 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
quote:


can i do that by configuring the outbound NIC and then creating an access rule to connect to the server it's self then remote to my home PC then remote back into the server will that work? having the access rule only on the new server of course. once tested remove the access rule, how do i go about testing internal rules?


Thereís no need to create an extra access rule just for testing when you should already have access rules that you have created based from the old server, right? Youíre doing a ďswingĒ method so to lessen downtime and impact on your end users; duplicate setups on the new server ether by exporting and importing objects or by manually duplicating on the new server. You did not mention how your ISA is configured role wise in regards to Internet connectivity but I would think you can manage to get your External network (Internet facing NIC) connected to the Internet so you can verify all is working.

quote:


Once I have turned off the old server and named the new one to mach the old server name is there any reason i cant then change back to the name the server has now (once it is operational and fully tested that is)


Well you donít necessarily have to change the new server to the old name if you donít want too; just change the IP. The reason I mentioned this is if you donít then you may run into DNS resolution issues with the IP and the ISAís FQDN being different. It may take a while for things to resolve. If you want a seamless transition, I would probably use the old name or create a CNAME record in your DNS (Internal) to support the old name as well as the new.

quote:


I am confident the configuration is right i think i hold the record for slowest isa server built it took me 2 weeks to mirror the setting's for rules and networks from the old server (with work in between) only worried because as a rookie i have heard and read about isa servers not working when they get moved.



That is why you want to bring up the new server; burn-in and test everything before moving to production.

HTH

RB     


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to apage)
Post #: 4
RE: moving isa 2004 from one server to another - 20.Jul.2010 6:07:17 PM   
apage

 

Posts: 3
Joined: 20.Jul.2010
Status: offline
Thanks again RB todays the day I will post tonight after work to let you know how I went

Aron

(in reply to apage)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Installation >> moving isa 2004 from one server to another Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts