Upgrade Guide for ISA Server 2006 Enterprise Edition

  • Article

Microsoft® Internet Security and Acceleration (ISA) Server 2006 provides a path for upgrading your ISA Server 2004 computers, from an existing deployment of ISA Server 2004 to a deployment of ISA Server 2006. During the upgrade process, the upgrade mechanism maps the ISA Server 2004 configuration to a valid ISA Server 2006 configuration.

Note

There is no direct upgrade path from ISA Server 2000 to ISA Server 2006.

What Is in This Document

This guide includes an overview of the supported upgrade scenarios, upgrade requirements, and upgrade procedures for ISA Server Enterprise Edition. The following topics are covered:

  • Upgrade Requirements
  • Limitations
  • Upgrade Methods
  • Upgrade Walk-Throughs
  • Appendix A: Migration to New Equipment
  • Appendix B: Backup Log and Cache Files
  • Appendix C: Build-to-Build Upgrade

For information about upgrading ISA Server 2004 Standard Edition, see "Upgrading ISA Server 2004 Standard Edition to ISA Server 2006 Standard Edition" at the Microsoft TechNet Web site.

Upgrade Requirements

To upgrade to ISA Server 2006 Enterprise Edition, you need:

  • A personal computer with a 733-megahertz (MHz) or faster processor.

  • A Microsoft Windows Server™ 2003 operating system with Service Pack 1 (SP1) or Microsoft Windows Server 2003 R2 operating system.

    Note

    You cannot install ISA Server 2006 on 64-bit versions of Windows Server 2003 operating systems.

  • 512 megabytes (MB) of physical memory.

  • One local hard disk partition that is formatted with the NTFS file system.

  • 150 MB of available hard disk space. This is exclusive of hard disk space you want to use for caching.

  • One network adapter that is compatible with the computer's operating system, for communication with the Internal network.

  • An additional network adapter for each network connected to the ISA Server computer.

  • ISA Server 2004 Enterprise Edition or ISA Server 2004 Enterprise Edition with Service Pack 2 (SP2) installed.

  • When upgrading, the ISA Server 2006 language must match the currently installed ISA Server 2004 language.

Limitations

The following features are no longer supported in ISA Server 2006 and need to be uninstalled before upgrading to ISA Server 2006:

  • Firewall Client Share   Firewall Client Share is no longer part of the ISA Server installation. If you need a share point to install Firewall Client, copy the Client directory from the ISA Server 2006 CD to a computer that is not running ISA Server and manually configure the share point.
  • SMTP Message Screener   SMTP Message Screener is not supported by ISA Server 2006.

The following is a list of issues to consider before and after you begin the upgrade process:

  • The ISA Server 2006 Configuration Storage server can only manage ISA Server 2006 arrays. You cannot manage ISA Server 2004 arrays from an ISA Server 2006 Configuration Storage server, and you cannot manage ISA Server 2006 array members from an ISA Server 2004 Configuration Storage server.
  • When you import the ISA Server 2004 configuration, the primary Configuration Storage server is set to the new Configuration Storage server and the alternate Configuration Storage server setting is not upgraded.
  • Log files will be deleted during the upgrade process. ISA Server 2004 log files are not compatible with ISA Server 2006. If you need an archive copy of your log files, see Appendix B: Backup Log and Cache Files.
  • Cache files will be deleted during the upgrade process. To back up your cache files, see Appendix B: Backup Log and Cache Files.
  • In ISA Server 2004, you can configure one virtual IP address through ISA Server Management for each network that is configured for Network Load Balancing (NLB). Additional virtual IP addresses can be defined. However, these additional virtual IP addresses are configured manually on the network adapters of each array member. The ISA Server 2006 upgrade process will only upgrade the virtual IP address for a network that is configured in ISA Server Management in ISA Server 2004, and will delete the additional virtual IP addresses that have been configured on the network adapters. ISA Server 2006 allows you to define multiple virtual IP addresses for a network though ISA Server Management. If more than one virtual IP address has been configured for an ISA Server 2004 NLB-enabled network, you need to reconfigure the additional virtual IP addresses in ISA Server Management, after the upgrade is complete.
  • ISA Server 2004 SP2 HTTP compression settings are not upgraded. Record your HTTP compression settings and reconfigure HTTP compression settings after the upgrade to ISA Server 2006 is complete.
  • When upgrading from ISA Server 2004 Enterprise Edition, the following change to authentication security is implemented. This is the behavior in ISA Server 2004 Enterprise Edition with SP2:
    • When you use HTTP-to-HTTP bridging, ISA Server will not allow traffic on the external HTTP port when the Web listener is configured to request Basic, forms-based, or Remote Authentication Dial-In User Service (RADIUS) authentication. This is a security-related change. These credentials should be encrypted, and not sent in plaintext over HTTP.
  • The ISA Server 2004 Microsoft Management Console (MMC) snap-in can be upgraded to ISA Server 2006 MMC. The ISA Server 2004 and ISA Server 2006 MMC cannot reside on the same computer.
  • DiffServ settings are not upgraded to ISA Server 2006. Record your DiffServ settings and reconfigure DiffServ settings after the upgrade to ISA Server 2006 is complete.
  • For the most recent information, see "ISA Server 2006 Release Notes" at the ISA Server Web site.

Upgrade Methods

The following sections discuss the upgrade methods and supported scenarios for ISA Server 2006 Enterprise Edition.

Configuration Storage Server

The Configuration Storage server stores the configuration information for all of the arrays in the enterprise and therefore needs to be upgraded first.

There is no in-place upgrade available for the Configuration Storage server. To upgrade an ISA Server 2004 Configuration Storage server, you need to export the configuration and import the configuration to a new ISA Server 2006 Configuration Storage server. The new ISA Server 2006 Configuration Storage server can be a new computer. Or, you can uninstall the ISA Server 2004 Configuration Storage server feature and then install the ISA Server 2006 Configuration Storage server feature on the same computer.

Important

The ISA Server 2006 Configuration Storage server cannot manage ISA Server 2004 arrays. If you will not be upgrading all of your arrays to ISA Server 2006 at the same time, we recommend that you install the ISA Server 2006 Configuration Storage server on a new computer. This enables you to continue to manage the remaining ISA Server 2004 arrays from the ISA Server 2004 Configuration Storage server and manage the upgraded ISA Server 2006 arrays from the new ISA Server 2006 Configuration Storage server.

Note the following:

  • When you import the ISA Server 2004 configuration, the primary Configuration Storage server is set to the new Configuration Storage server, and the alternate Configuration Storage server setting is not upgraded.
  • If you have a replica Configuration Storage server installed, before starting the upgrade process, make sure that all changes have been replicated between the Configuration Storage servers. For information about checking the replication, see Active Directory® Application Mode (ADAM) product Help.

ISA Server Services

The supported upgrade methods for the ISA Server services are listed in the following table.

Path Description

In-Place Upgrade

With an in-place upgrade, you can upgrade your existing ISA Server 2004 array member to ISA Server 2006 on the existing equipment. The ISA Server 2006 installation process detects a valid version of ISA Server 2004 and performs an upgrade installation.

Migration

With a migration, you can install a new copy of ISA Server 2006 and join the enterprise.

Supported Upgrade Scenarios

The following table lists the upgrade scenarios supported by ISA Server 2006.

Existing version New version Supported or not supported

ISA Server 2004 Standard Edition, ISA Server 2004 Standard Edition with SP1, or

ISA Server 2004 Standard Edition with SP2

ISA Server 2006 Enterprise Edition

Not supported

ISA Server 2004 Enterprise Edition or ISA Server 2004 Enterprise Edition with SP2

ISA Server 2006 Enterprise Edition

Supported

ISA Server 2004 Enterprise Edition or ISA Server 2004 Enterprise Edition with SP2

ISA Server 2006 Standard Edition

Not supported

Note the following:

  • In addition to the product upgrade, ISA Server 2006 also supports a build-to-build upgrade. This allows you to upgrade a beta version of ISA Server 2006 to a new build of the same product. The following build-to-build upgrades will be supported:

    • Beta to Release Candidate (RC)

    • RC to Release to Manufacturing (RTM)

      Note

      For more information about build-to-build upgrades, see Appendix C: Build-to-Build Upgrade.

  • During the upgrade, ISA Server services are not operational. We therefore recommend that you disconnect the ISA Server computer from the External network until the upgrade is complete.

Upgrade Walk-Throughs

This section describes four scenarios to upgrade ISA Server 2004 Enterprise Edition to ISA Server 2006 Enterprise Edition, while maintaining existing settings and configuration for each scenario:

  • Scenario One: Single Configuration Storage Server with One Array
  • Scenario Two: Two Single Server Deployment Servers in the Same Enterprise
  • Scenario Three: Single Configuration Storage Server with Multiple Arrays
  • Scenario Four: Load Balanced Array

Scenario One: Single Configuration Storage Server with One Array

Contoso Corporation, a small to medium size organization, wants to upgrade their existing ISA Server 2004 Enterprise Edition deployment to ISA Server 2006 Enterprise Edition. Contoso has deployed ISA Server 2004 Enterprise Edition in the following configuration:

  • There is one Configuration Storage server in the main office.
  • There is one array in the main office, which is named HQ.
  • The HQ array has one array member, which is named ISA_FW01.

The following table provides information about the ISA Server 2004 computers before the upgrade.

Computer name Operating system Member of domain Fully Qualified Domain Name (FQDN) Feature or services

ISA_CSS

Microsoft Windows Server 2003 with SP1

Yes

isa_css.contoso.com

ISA Server 2004 Configuration Storage server

ISA_FW01

Microsoft Windows Server 2003 with SP1

Yes

isa_fw01.contoso.com

ISA Server 2004 services

Contoso wants to upgrade to ISA Server 2006 with minimal interruption to the ISA Server 2004 services, while providing a method to revert to ISA Server 2004 if problems arise during the upgrade. For this reason, Contoso has selected the following upgrade path to ISA Server 2006 Enterprise Edition. The ISA Server array member will only be offline during the in-place upgrade process:

  • Configuration Storage server   Migration to new equipment
  • ISA Server services   In-place upgrade

The following table provides information about the ISA Server 2006 computers after the upgrade is complete.

Computer name Operating system Member of domain FQDN Feature or services

ISA_CSS06

Microsoft Windows Server 2003 with SP1

Yes

isa_css06.contoso.com

ISA Server 2006 Configuration Storage server

ISA_FW01

Microsoft Windows Server 2003 with SP1

Yes

isa_fw01.contoso.com

ISA Server 2006 services

ISA_CSS

(After the upgrade, this server is no longer needed and can be removed from service.)

Microsoft Windows Server 2003 with SP1

Yes

isa_css.contoso.com

ISA Server 2004 Configuration Storage server

This upgrade path enables Contoso to:

  • Make and apply firewall policy changes, even when they are preparing for the upgrade and during the upgrade process.

    Note

    Any changes made after the ISA Server 2004 configuration has been exported will need to be duplicated on the ISA Server 2006 Configuration Storage server after the configuration has been imported. If there are a large number of changes, the export and import process can be repeated.

  • Move the Configuration Storage server to new equipment.

  • Evaluate how the ISA Server 2004 configuration imports to ISA Server 2006, without affecting the production computers.

Upgrade Process for Single Configuration Storage Server with One Array

This section describes the process for upgrading a single Configuration Storage server with one array:

  • Install the new ISA Server 2006 Configuration Storage server
  • Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server
  • Import the exported configuration to the ISA Server 2006 Configuration Storage server
  • Upgrade the array member
Install the new ISA Server 2006 Configuration Storage server

Perform the following procedure on the ISA_CSS06 computer.

To install the new Configuration Storage server

  1. Install Windows Server 2003 with SP1 or Windows Server 2003 R2 on the computer that will be the ISA Server 2006 Configuration Storage server.

  2. Install ISA Server 2006 Configuration Storage server. For more information, see the ISA Server 2006 Enterprise Edition Installation Guide.

  3. Export the new ISA Server 2006 configuration to a file. This will enable you to restore to a new ISA Server 2006 state, if any issues arise during the import. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

    2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

    3. Follow the on-screen instructions.

      Important

      Select the following Export Preferences: Export confidential information and Export user permission settings.

Note

If ISA Server 2006 will be installed in a workgroup environment, a server certificate needs to be installed on the Configuration Storage server. For more information about installing ISA Server 2006 in a workgroup environment, see "ISA Server Enterprise Edition in a Workgroup" at the Microsoft TechNet Web site.

Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server

Perform the following procedure on the ISA_CSS computer.

To export the ISA Server 2004 configuration to a file

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Import the exported configuration to the ISA Server 2006 Configuration Storage server

Perform the following procedure on ISA_CSS06.

To import the configuration to the ISA Server 2006 Configuration Storage server

  1. Copy the export file from ISA_CSS computer to ISA_CSS06.

  2. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  3. On the Tasks tab, click Import (Restore) Configuration to start the Import Wizard.

  4. Follow the on-screen instructions.

    Important

    Select the following Import Preferences: Import server-specific information and Import user permission settings.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

Upgrade the array member

Perform the following procedure on ISA_FW01.

Important

If SMTP Message Screener or Firewall Client Share is currently installed, it must be uninstalled before upgrading, because these components are no longer supported in ISA Server 2006.

Note the following:

  • During the upgrade process, existing log and cache files are erased. ISA Server 2004 log files are not compatible with ISA Server 2006. However, ISA Server 2004 cache files are compatible with ISA Server 2006. For more information, see Appendix B: Backup Log and Cache Files.
  • Confirm that you can resolve the FQDN for ISA_CSS06, isa_css06.contoso.com, before beginning the upgrade progress.
  • During the upgrade, ISA Server services are not operational. We therefore recommend that you disconnect the ISA Server computer from the External network until the upgrade is complete.
  • During the upgrade, ISA Server services are not operational and users will experience an interruption of services until the upgrade is complete. We recommend that you notify users before the upgrade that ISA Server services will be unavailable during the upgrade process.
  • If you installed a replica Configuration Storage server on an array member, you must uninstall the replica Configuration Storage server before proceeding with the array member upgrade. After the upgrade is complete, you can add the replica Configuration Storage server. For more information about uninstalling a replica Configuration Storage server, see Uninstall Configuration Storage server feature from ISA02 in the Two Single Server Deployment Servers in the Same Enterprise scenario.
  • Monitoring applications, such as Microsoft Operations Manager (MOM) agent, use ISA Server files and may interfere with ISA Server setup and removal. To avoid issues, stop these applications before running Setup. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.

To upgrade an array member

  1. Run ISA Server 2006 Setup. The Setup program detects an existing valid version of ISA Server 2004 Enterprise Edition and performs the upgrade. To run ISA Server 2006 Setup, follow these steps:

    1. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.
    2. In Microsoft ISA Server Setup, click Install ISA Server 2006 and use the wizard to upgrade to ISA Server 2006 as outlined in the following table.
Page Field or property Setting

Welcome

None

Click Next.

License Agreement

License Agreement

Select I accept the terms in the license agreement, and click Next.

Customer Information

User Name

Organization

Product Serial Number

Enter user name.

Enter organization name.

Enter product serial number.

Upgrade Checklist

Review the upgrade checklist.

Click Next.

Locate Configuration Storage server

Configuration Storage Server

Enter the FQDN of the Configuration Storage server: isa_css06.contoso.com.

Services Warning

Review services that will be stopped and services that will be disabled if you continue.

Click Next.

Ready to Install the Program

None

Click Install.

  1. After the upgrade is complete, click Finished.

  2. Check that functions and connectivity in ISA Server 2006 are working properly.

    Note

    After the ISA Server 2006 upgrade is complete, ISA_CSS, the ISA Server 2004 Configuration Storage server, can be taken offline.

Scenario Two: Two Single Server Deployment Servers in the Same Enterprise

Contoso Corporation, a small to medium size organization, wants to upgrade their existing ISA Server 2004 Enterprise Edition deployment to ISA Server 2006 Enterprise Edition. Contoso has deployed ISA Server 2004 Enterprise Edition in the following configuration:

  • There are two single server deployments in the same enterprise. In a single server deployment, both the Configuration Storage server and the ISA Server services are installed on the same computer.

Note the following:

  • In a single server deployment, the default enterprise name is Enterprise and the default array name is the name of the computer. If you modified the name of the array, record the name of the ISA Server 2004 array.
  • If you have enabled Network Load Balancing (NLB) between the array members, for more information about upgrading an NLB-enabled array, see Scenario Four: Load Balanced Array.

The following table provides information about the ISA Server 2004 computers before the upgrade.

Computer name Operating system Member of domain FDQN Feature or services

ISA01

Microsoft Windows Server 2003 with SP1

Yes

isa01.contoso.com

ISA Server 2004 Configuration Storage server (main)

ISA Server 2004 services

ISA02

Microsoft Windows Server 2003 with SP1

Yes

isa02.contoso.com

ISA Server 2004 Configuration Storage server (replica)

ISA Server 2004 services

Array name: ISA01

Array properties:

  • Configuration Storage server: isa01.contoso.com
  • Alternate Configuration Storage server: isa02.contoso.com

Upgrade Process for Two Single Server Deployment Servers in the Same Enterprise

This section describes the process for upgrading two single server deployment servers in the same enterprise:

  • Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server
  • Uninstall ISA Server 2004 from ISA01
  • Install ISA Server 2006 Enterprise Edition on ISA01
  • Import configuration to ISA01 running ISA Server 2006
  • Uninstall Configuration Storage server feature from ISA02
  • In-place upgrade on ISA02
  • Reinstall Configuration Storage server feature to ISA02 as replica of ISA01

The following table provides information about the ISA Server 2006 computers after the upgrade.

Computer name Operating system Member of domain FDQN Feature or services

ISA01

Microsoft Windows Server 2003 with SP1

Yes

isa01.contoso.com

ISA Server 2006 Configuration Storage server (main)

ISA Server 2006 services

ISA02

Microsoft Windows Server 2003 with SP1

Yes

isa02.contoso.com

ISA Server 2006 Configuration Storage server (replica)

ISA Server 2006 services
Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server

Perform the following procedure on the ISA01 computer.

To export the ISA Server 2004 configuration to a file

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Uninstall ISA Server 2004 from ISA01

Because an in-place upgrade on the Configuration Storage server cannot be performed, you must uninstall ISA Server from ISA01. ISA02 will fail over to the alternate Configuration Storage server, ISA02. If an alternate Configuration Storage server has not been defined, ISA02 uses the last known configuration it received from the Configuration Storage server.

Perform the following procedure on the ISA01 computer.

Note the following:

  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server removal. To avoid issues, stop these applications before uninstalling ISA Server. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.
  • Before removing ISA Server, be sure to close ISA Server Management and ISA Server Performance Monitor.
  • Before removing an ISA Server computer configured as the Configuration Storage server, you must ensure that all changes have replicated to the replica Configuration Storage server, or the configuration changes will be lost.

To uninstall ISA Server

  1. Click Start, click Control Panel, and then double-click Add or Remove Programs.

  2. In Microsoft ISA Server 2004, click Change/Remove.

  3. On the Welcome page, click Next.

  4. On the Program Maintenance page, select Remove, and click Next.

  5. Confirm the settings on the Locate Configuration Storage Server page and click Next.

  6. On the Generated Files Removal page:

    1. Select Do not remove Microsoft ISA Server 2004 log files, to save log files.
    2. Select Do not remove Microsoft ISA Server 2004 cache files, to save cache files.

  7. Click Remove, to uninstall ISA Server 2004 from the computer.

  8. Click OK in the following warning dialog box.

    Bb794804.e1d45509-f50b-4540-90af-37dd14d8ee83(en-us,TechNet.10).jpg

  9. Click Retry in the following warning dialog box.

    Bb794804.865c8b76-2fea-43e2-9c95-378b87bbb3f4(en-us,TechNet.10).jpg

  10. Click Finish to exit the wizard, when the removal process is complete.

Install ISA Server 2006 Enterprise Edition on ISA01

Perform the following procedure on the ISA01 computer.

To install both ISA Server services and the Configuration Storage server

  1. Confirm that the computer meets the minimum requirements. For information, see Upgrade Requirements.

  2. Install ISA Server 2006 Enterprise Edition. For more information, see the ISA Server 2006 Enterprise Edition Installation Guide. Select these options:

    • On the Setup Scenarios page, choose Install both ISA Server services and Configuration Storage server.
    • On the Enterprise Installation Options page, choose Create a new ISA Server enterprise.

  3. Export the new ISA Server 2006 configuration to a file. This will enable you to restore to a new ISA Server 2006 state, if any issues arise during the import. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

    2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

    3. Follow the on-screen instructions.

      Important

      Select the following Export Preferences: Export confidential information and Export user permission settings.

Import configuration to ISA01 running ISA Server 2006

Note

Confirm that the name of the ISA Server 2006 array is the same as the ISA Server 2004 array name. If the ISA Server 2004 array name is different, you need to change the ISA Server 2006 array name before continuing.

Perform the following procedure on the ISA01 computer.

To import the configuration to the new ISA Server 2006 Configuration Storage server

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  2. On the Tasks tab, click Import (Restore) Configuration to start the Import Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Import Preferences: Import server-specific information and Import user permission settings.

  4. Click the Apply button in the details pane to save the changes and update the configuration.

Uninstall Configuration Storage server feature from ISA02

In this procedure, you modify the installation of ISA02 to uninstall the Configuration Storage server feature. The ISA Server services remain installed. In the next procedure, you perform an in-place upgrade of the ISA02 computer.

Note the following:

  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server removal. To avoid issues, stop these applications before uninstalling ISA Server. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.
  • Before removing ISA Server, be sure to close ISA Server Management and ISA Server Performance Monitor.

Perform the following procedure on the ISA02 computer.

To uninstall the Configuration Storage server feature

  1. Click Start, click Control Panel, and then double-click Add or Remove Programs.

  2. In Microsoft ISA Server 2004, click Change/Remove.

  3. On the Welcome page, click Next.

  4. On the Program Maintenance page, select Modify, and click Next.

  5. On the Component Selection page, select Configuration Storage server, select This feature will not be available, and click Next.

  6. Click Install, to modify ISA Server 2004 on the computer.

  7. Click OK in the following warning dialog box.

    Bb794804.e1d45509-f50b-4540-90af-37dd14d8ee83(en-us,TechNet.10).jpg

  8. Click Retry in the following warning dialog box.

    Bb794804.865c8b76-2fea-43e2-9c95-378b87bbb3f4(en-us,TechNet.10).jpg

  9. Click Finish to exit the wizard, when the setup process is complete.

In-place upgrade on ISA02

In this procedure, you perform an in-place upgrade on the ISA02 computer, from ISA Server 2004 to ISA Server 2006.

Important

If SMTP Message Screener or Firewall Client Share is currently installed, it must be uninstalled before upgrading, because these components are no longer supported in ISA Server 2006.

Note the following:

  • During the upgrade process, existing log and cache files are erased. ISA Server 2004 log files are not compatible with ISA Server 2006. However, ISA Server 2004 cache files are compatible with ISA Server 2006. For more information, see Appendix B: Backup Log and Cache Files.
  • During the upgrade, ISA Server services are not operational. We therefore recommend that you disconnect the ISA Server 2006 computer from the External network until the upgrade is complete.
  • During the upgrade, ISA Server services are not operational and users will experience an interruption of services until the upgrade is complete. We recommend that you notify users before the upgrade that ISA Server services will be unavailable during the upgrade process.
  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server setup and removal. To avoid issues, stop these applications before running Setup. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.

Perform the following procedure on ISA02.

To upgrade an array member

  1. Run ISA Server 2006 Setup. The Setup program detects an existing valid version of ISA Server 2004 Enterprise Edition and performs the upgrade. To run ISA Server 2006 Setup, follow these steps:

    1. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.
    2. In Microsoft ISA Server Setup, click Install ISA Server 2006 and use the wizard to upgrade to ISA Server 2006 as outlined in the following table.
Page Field or property Setting

Welcome

None

Click Next.

License Agreement

License Agreement

Select I accept the terms in the license agreement, and click Next.

Customer Information

User Name

Organization

Product Serial Number

Enter user name.

Enter organization name.

Enter product serial number.

Upgrade Checklist

Review the upgrade checklist.

Click Next.

Locate Configuration Storage server

Configuration Storage Server

Enter the FQDN of the Configuration Storage server: isa02.contoso.com.

Services Warning

Review services that will be stopped and services that will be disabled if you continue.

Click Next.

Ready to Install the Program

None

Click Install.
  1. After the upgrade is complete, click Finished.
Reinstall Configuration Storage server feature to ISA02 as replica of ISA01

This procedure will reinstall the Configuration Storage server feature to ISA02, as a replica Configuration Storage server of ISA01.

Note

Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server setup and removal. To avoid issues, stop these applications before running Setup. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.

Perform the following procedure on ISA02.

To install the Configuration Storage server feature

  1. Click Start, click Control Panel, and then double-click Add or Remove Programs.

  2. In Microsoft ISA Server 2006, click Change/Remove.

  3. On the Welcome page, click Next.

  4. On the Program Maintenance page, select Modify, and click Next.

  5. On the Component Selection page, select Configuration Storage server, select This feature will be installed on local hard drive, and click Next.

  6. On the Enterprise Installation page, select Create a replica of the enterprise configuration, and click Next.

  7. On the Locate Configuration Storage server page, confirm that the proper FQDN has been entered, isa01.contoso.com, and click Next.

  8. On the ISA Server Configure Replicate Server page, select Replicate over the network, and click Next.

    Note

    If replication will take place over a slow link (10 megabits per second (Mbps) or less), select Copy from the restored backup files. For more information, see "Replicating a Large Enterprise Configuration Over Slow Links" at the Microsoft TechNet Web site.

  9. On the Enterprise Environment page, select I am deploying in a single domain or in domains with trust relationships, and click Next.

  10. Click Install to modify ISA Server 2006 on the computer.

  11. Click Finish to exit the wizard, when the setup process is complete.

After successfully upgrading both ISA01 and ISA02 to ISA Server 2006 Enterprise Edition, check that functions and connectivity for both ISA01 and ISA02 are working properly.

Scenario Three: Single Configuration Storage Server with Multiple Arrays

Contoso Corporation, a medium to enterprise size organization, wants to upgrade their existing ISA Server 2004 Enterprise Edition deployment to ISA Server 2006 Enterprise Edition. Contoso has three regional offices that are connected using leased lines. Contoso deployed ISA Server 2004 Enterprise Edition for its ability to centrally manage their entire ISA Server deployment from their main office.

Contoso has deployed ISA Server 2004 Enterprise Edition in the following configuration:

  • There is a single Configuration Storage server located in the New York office.
  • There is one array each in New York, Hong Kong, and London. These arrays are named NY, HKG, and LON.
  • Each array has a single array member.

Contoso wants to upgrade to ISA Server 2006 but cannot upgrade all of the arrays at the same time. Because ISA Server 2006 can only manage ISA Server 2006 arrays, Contoso needs to manage both ISA Server 2004 and ISA Server 2006 deployments until all of the arrays are upgraded to ISA Server 2006. Contoso will upgrade the Configuration Storage server along with the array in New York first. Then the London array will be upgraded, followed by the Hong Kong array. After the last array is upgraded, the ISA Server 2004 computer can be taken out of service.

The following table provides information about the ISA Server 2004 computers before the upgrade.

Computer name Operating system Member of domain Array FQDN Feature or services

NY_CSS

Microsoft Windows Server 2003 with SP1

Yes

Not applicable

ny_css.contoso.com

ISA Server 2004 Configuration Storage server

NY_ISA01

Microsoft Windows Server 2003 with SP1

Yes

NY

ny_isa01.contoso.com

ISA Server 2004 services

LON_ISA01

Microsoft Windows Server 2003 with SP1

Yes

LON

lon_isa01.contoso.com

ISA Server 2004 services

HKG_ISA01

Microsoft Windows Server 2003 with SP1

Yes

HKG

hkg_isa01.contoso.com

ISA Server 2004 services

Upgrade Process for Single Configuration Storage Server with Multiple Arrays

This section describes the process for upgrading a single Configuration Storage server with multiple arrays:

  • Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server
  • Install the new ISA Server 2006 Configuration Storage server
  • Import configuration to NY_CSS06 running ISA Server 2006
  • Upgrade NY array member
  • Delete London and Hong Kong arrays
  • Import a single array configuration

The following table provides information about the ISA Server 2006 computers after the upgrade.

Computer name Operating system Member of domain Array FQDN Feature or services

NY_CSS06

Microsoft Windows Server 2003 with SP1

Yes

Not applicable

ny_css06.contoso.com

ISA Server 2006 Configuration Storage server

NY_ISA01

Microsoft Windows Server 2003 with SP1

Yes

NY

ny_isa01.contoso.com

ISA Server 2006 services

LON_ISA01

Microsoft Windows Server 2003 with SP1

Yes

LON

lon_isa01.contoso.com

ISA Server 2006 services

HKG_ISA01

Microsoft Windows Server 2003 with SP1

Yes

HKG

hkg_isa01.contoso.com

ISA Server 2006 services

NY_CSS

(After the upgrade, this server is no longer needed and can be removed from service.)

Microsoft Windows Server 2003 with SP1

Yes

Not applicable

ny_css.contoso.com

ISA Server 2004 Configuration Storage server

NY_CSS_Temp

(After the upgrade, this server is no longer needed and can be removed from service.)

Microsoft Windows Server 2003 with SP1

Yes

Not applicable

ny_css_temp.contoso.com

ISA Server 2006 Configuration Storage server (temporary)
Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server

Perform the following procedure on the NY_CSS computer.

To export the ISA Server 2004 configuration to a file

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Install the new ISA Server 2006 Configuration Storage server

Perform the following procedure on the NY_CSS06 computer.

To install the new Configuration Storage server

  1. Install Windows Server 2003 with SP1 or Windows Server 2003 R2 on the computer that will be the ISA Server 2006 Configuration Storage server.

  2. Install the ISA Server 2006 Configuration Storage server. For more information, see the ISA Server 2006 Enterprise Edition Installation Guide.

  3. Export the new ISA Server 2006 configuration to a file. This will enable you to restore to a new ISA Server 2006 state, if any issues arise during the import. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  4. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  5. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Note

If ISA Server 2006 will be installed in a workgroup environment, a server certificate needs to be installed on the Configuration Storage server. For more information about installing ISA Server 2006 in a workgroup environment, see "ISA Server Enterprise Edition in a Workgroup" at the Microsoft TechNet Web site.

Import configuration to NY_CSS06 running ISA Server 2006

Perform the following procedure on the ISA01 computer.

To import the configuration to the new ISA Server 2006 Configuration Storage server

  1. Copy the export file from NY_CSS computer to NY_CSS06.

  2. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  3. On the Tasks tab, click Import (Restore) Configuration to start the Import Wizard.

  4. Follow the on-screen instructions.

    Important

    Select the following Import Preferences: Import server-specific information and Import user permission settings.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

Upgrade NY array member

In this procedure, you will perform an in-place upgrade from ISA Server 2004 to ISA Server 2006, on the first array.

Important

If SMTP Message Screener or Firewall Client Share is currently installed, it must be uninstalled before upgrading, because these components are no longer supported in ISA Server 2006.

Note the following:

  • During the upgrade process, existing log and cache files are erased. ISA Server 2004 log files are not compatible with ISA Server 2006. However, ISA Server 2004 cache files are compatible with ISA Server 2006. For more information, see Appendix B: Backup Log and Cache Files.
  • During the upgrade, ISA Server services are not operational. We therefore recommend that you disconnect the ISA Server 2006 computer from the External network until the upgrade is complete.
  • During the upgrade, ISA Server services are not operational and users will experience an interruption of services until the upgrade is complete. We recommend that you notify users before the upgrade that ISA Server services will be unavailable during the upgrade process.
  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server setup and removal. To avoid issues, stop these applications before running Setup.

Perform the following procedure on NY_ISA01.

To upgrade an array member

  1. Run ISA Server 2006 Setup. The Setup program detects an existing valid version of ISA Server 2004 Enterprise Edition and performs the upgrade. To run ISA Server 2006 Setup, follow these steps:

    1. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.
    2. In Microsoft ISA Server Setup, click Install ISA Server 2006 and use the wizard to upgrade to ISA Server 2006 as outlined in the following table.
Page Field or property Setting

Welcome

None

Click Next.

License Agreement

License Agreement

Select I accept the terms in the license agreement, and click Next.

Customer Information

User Name

Organization

Product Serial Number

Enter user name.

Enter organization name.

Enter product serial number.

Upgrade Checklist

Review the upgrade checklist.

Click Next.

Locate Configuration Storage server

Configuration Storage Server

Enter the FQDN of the Configuration Storage server:

NY_CSS06.contoso.com.

Services Warning

Review services that will be stopped and services that will be disabled if you continue.

Click Next.

Ready to Install the Program

None

Click Install.
  1. After the upgrade is complete, click Finished.
  2. Check that functions and connectivity in ISA Server 2006 are working properly.
Delete London and Hong Kong arrays

We recommend that any arrays that are not upgraded are deleted from the ISA Server 2006 Configuration Storage server.

In the following procedure, you will delete the LON and HKG arrays from the ISA Server 2006 Configuration Storage server.

Perform the following procedure on NY_CSS06.

To delete arrays that will not be upgraded now

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  2. Expand Arrays, select LON, and on the Tasks tab, click Delete Selected Arrays.

  3. Click Yes in the Delete Arrays warning message dialog box.

    Bb794804.adc719f4-e356-4d10-922d-d3ba9a111c6e(en-us,TechNet.10).jpg

  4. Repeat step 2 and step 3 for the HKG array.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

    Important

    Until all arrays are upgraded to ISA Server 2006, you need to manage both ISA Server 2004 and ISA Server 2006 enterprises.

Import a single array configuration

ISA Server 2006 cannot import an exported configuration of an individual ISA Server 2004 array. ISA Server 2006 can only import an exported configuration from ISA Server 2004 when the export was done at the root of the enterprise, which shows Microsoft Internet and Acceleration Server 2004. However, you can import an individual array configuration from one ISA Server 2006 deployment to another ISA Server 2006 deployment. In this procedure, you create a temporary ISA Server 2006 Configuration Storage server and import a single array configuration. After the procedure is complete, the temporary ISA Server 2006 Configuration Storage server is no longer needed.

To enable you to import an individual array configuration from an ISA Server 2004 deployment, the following procedures need to be followed:

  • Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server
  • Create a temporary ISA Server 2006 Configuration Storage server
  • Import the exported configuration to NY_CSS_Temp
  • Export LON array configuration
  • Import the exported array configuration to NY_CSS06
  • Upgrade LON array member

Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server

For the procedures to export the ISA Server 2004 Configuration Storage server, see Export (back up) the configuration of the existing ISA Server 2004 Configuration Storage server in the Single Configuration Storage Server with Multiple Arrays scenario.

Create a temporary ISA Server 2006 Configuration Storage server

Perform the following on the NY_CSS_Temp computer.

For the procedures to install an ISA Server 2006 Configuration Storage server, see Install the new ISA Server 2006 Configuration Storage server in the Single Configuration Storage Server with Multiple Arrays scenario.

Import the exported configuration to NY_CSS_Temp

Perform the following on the NY_CSS_Temp computer.

For the procedures to import the exported ISA Server 2004 configuration, see Import configuration to NY_CSS06 running ISA Server 2006 in the Single Configuration Storage Server with Multiple Arrays scenario. Replace NY_CSS06 with NY_CSS_Temp.

Export LON array configuration

With the latest configuration imported to NY_CSS_Temp, you are ready to export the LON array configuration.

In the following procedure, you will export the LON array configuration.

Perform the following procedure on NY_CSS_Temp.

To export array configuration

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  2. Expand Arrays, select LON, and on the Tasks tab, click Export (Back Up) Array Configuration.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Import the exported array configuration to NY_CSS06

Perform the following procedure on NY_CSS06.

To import the exported array configuration

  1. Copy the exported file from the NY_CSS_Temp computer to NY_CSS06.

  2. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  3. Select Arrays, and on the Tasks tab, click Create New Array, and use the following settings:

    • Array name: LON
    • Array DNS Name: lon_isa01.contoso.com
    • Array Policy Rule Types: Deny, Allow, and Publishing rules

  4. Select the newly created array.

  5. On the Tasks tab, click Import (Restore) Array Configuration and use the wizard to import the array configuration as outlined in the following table.

Page Field or property Setting

Welcome

None

Click Next.

Select the Import File

File Name

Specify the file you want to import (full path).

Import Action

Select if the file will be imported or used to restore the configuration.

Select Overwrite (restore).

Import Preferences

Choose the optional data that you want to import from the file.

Select Import server-specific information and Import user permission settings.

Enter Password

Password

Enter the password required for opening and importing the file.

Completing the Import Wizard

None

Click Finish.
  1. Click OK in the following warning dialog box.
    Bb794804.7dfa97d2-4bcb-4c0e-8f7f-1bf3c67f35c5(en-us,TechNet.10).jpg
  2. Click OK, when the import has completed successfully.
  3. Click the Apply button in the details pane to save the changes and update the configuration.

Upgrade LON array member

In this procedure, you will perform an in-place upgrade from ISA Server 2004 to ISA Server 2006, on the LON array.

Important

If SMTP Message Screener or Firewall Client Share is currently installed, it must be uninstalled before upgrading, because these components are no longer supported in ISA Server 2006.

Note the following:

  • During the upgrade process, existing log and cache files will be erased. ISA Server 2004 log files are not compatible with ISA Server 2006. However, ISA Server 2004 cache files are compatible with ISA Server 2006. For more information, see Appendix B: Backup Log and Cache Files.
  • During the upgrade, ISA Server services are not operational. We therefore recommend that you disconnect the ISA Server computer from the External network until the upgrade is complete.
  • During the upgrade, ISA Server services are not operational and users will experience an interruption of services until the upgrade is complete. We recommend that you notify users before the upgrade that ISA Server services will be unavailable during the upgrade process.
  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server setup and removal. To avoid issues, stop these applications before running Setup.

Perform the following procedure on NY_ISA01.

To upgrade an array member

  1. Run ISA Server 2006 Setup. The Setup program detects an existing valid version of ISA Server 2004 Enterprise Edition and performs the upgrade.

  2. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.

  3. In Microsoft ISA Server Setup, click Install ISA Server 2006 and use the wizard to upgrade to ISA Server 2006 as outlined in the following table.

Page Field or property Setting

Welcome

None

Click Next.

License Agreement

License Agreement

Select I accept the terms in the license agreement, and click Next.

Customer Information

User Name

Organization

Product Serial Number

Enter user name.

Enter organization name.

Enter product serial number.

Upgrade Checklist

Review the upgrade checklist.

Click Next.

Locate Configuration Storage server

Configuration Storage Server

Enter the FQDN of the Configuration Storage server: ny_css06.contoso.com.

Services Warning

Review services that will be stopped and services that will be disabled if you continue.

Click Next.

Ready to Install the Program

None

Click Install.

Complete these steps for the HKG array when you are ready to upgrade the HKG array.

After the last array is successfully upgraded, you can remove NY_CSS_TEMP from service.

Scenario Four: Load Balanced Array

There are two mechanisms for load balancing array traffic between array members:

  • DNS round robin   For each array member's IP address, there is a unique Domain Name System (DNS) entry for the array. When providing an IP address lookup for the array's DNS name, the DNS server cycles between the different array members' IP addresses.
  • **Network Load Balancing (NLB)   **The array is configured with a virtual IP address to which all array members receive requests and determine which array member will answer the request.

This section explains how to properly upgrade an array with DNS round robin or NLB.

Note the following:

  • In ISA Server 2004, you can configure only one virtual IP address for each network that is configured for Network Load Balancing (NLB) through ISA Server Management. Additional virtual IP addresses can be defined. However, these additional virtual IP addresses are configured manually on the network adapters of each array member. The ISA Server 2006 upgrade process will only upgrade the virtual IP address for a network that is configured in ISA Server Management in ISA Server 2004, and will delete the additional virtual IP addresses that have been configured on the network adapters. ISA Server 2006 allows you to define multiple virtual IP addresses for a network though ISA Server Management. If more than one virtual IP address has been configured for an ISA Server 2004 NLB-enabled network, you need to reconfigure the additional virtual IP addresses in ISA Server Management, after the upgrade is complete.
  • If you have configured both DNS round robin and NLB for an array, you need to disable one method before upgrading, perform the upgrade, and then reinstitute the disabled load balancing method.

DNS Round Robin

Perform the following procedure to upgrade an array that is load balanced with DNS round robin. This procedure enables the array to continue to provide services to your users during the upgrade process.

Note

The assumption is that the Configuration Storage server has already been successfully upgraded.

Perform the following procedure on each array member.

To upgrade an array that is load balanced using DNS round robin

  1. Remove the array member's IP address from the array's DNS entry. This will stop new requests from being forwarded to this array member, but does not have any effect on existing connections to the array member.

    Note

    Depending on the Time to Live (TTL) of the entry on the DNS server, clients and other DNS servers will cache the existing array member's IP address until the defined TTL has expired, which might result in new connections that will be sent to that IP address. You can reduce the TTL value for the array's DNS entries to reduce the client cache delay.

  2. Perform an in-place upgrade from ISA Server 2004 to ISA Server 2006. For the procedures to perform an in-place upgrade, see Upgrade the array member in the Single Configuration Storage Server with One Array scenario.

  3. Return the array member's IP address to the array's DNS entry.

  4. Perform steps 1 through 3 for each of the remaining array members.

Network Load Balancing

Perform the following procedure to upgrade an array that is load balanced through NLB. This procedure enables the array to continue to provide services to your users during the upgrade process.

Note the following:

  • The assumption is that the Configuration Storage server has already been successfully upgraded.

    Important

    After you complete the upgrade of the Configuration Storage server, you need to disable NLB integration for the ISA Server 2006 array.

  • To avoid disruptions in virtual private network (VPN) site-to-site tunnels, we recommend that VPN tunnel owners be upgraded last in the arrays.

Drain and stop NLB services on the specific array member

To remove the array member from the NLB algorithm, we recommend that you drain and stop the NLB services for the specific array member. This ensures that for all future connections, the array member will no longer be included in the NLB algorithm. Existing connections are not affected by this procedure.

Perform the following procedure on the Configuration Storage server.

To drain and stop NLB services

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. Expand Arrays, and expand the selected array.

  3. Select Monitoring, and in the details pane, click the Services tab.

  4. Select Network Load Balancing for the specific array member.

  5. On the Tasks tab, click Drain and Stop Selected Service to stop the selected service.

Suspend the NLB service on the specific array member

When the NLB services are suspended, existing connections are disconnected. Users can reconnect using the virtual IP address and connect to another array member. When the NLB service on a specific array member is suspended, NLB will not start, even after the server has been restarted.

Perform the following procedure on the Configuration Storage server.

To suspend the NLB service

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. Expand Arrays, and expand the selected array.

  3. Select Monitoring and in the details pane, click the Services tab.

  4. Select Network Load Balancing for the specific array member.

  5. On the Tasks tab, click Suspend Selected Service.

Perform in-place upgrade on the specific array member

Perform an in-place upgrade from ISA Server 2004 to ISA Server 2006. For the procedures to perform an in-place upgrade, see Upgrade the array member in the Single Configuration Storage Server with One Array scenario.

Note

Because NLB is disabled for the ISA Server 2006 array, the array member will not receive any NLB traffic after the in-place upgrade is complete.

Repeat until half of the array members have been upgraded

Repeat the following until half of the array members have been upgraded:

  • Drain and stop NLB services on the specific array member.
  • Suspend the NLB service on the specific array member.
  • Perform an in-place upgrade on the specific array member.
Suspend the NLB service on the remaining ISA Server 2004 array members

After half of the array members have been upgraded to ISA Server 2006, suspend the NLB service on the remaining ISA Server 2004 array members.

Note

At this point, NLB service is suspended on both the ISA Server 2004 and ISA Server 2006 array members.

Start the NLB service on the ISA Server 2006 array members

Start the NLB service on the ISA Server 2006 array members. At this point, new connections will be handled by the ISA Server 2006 array members.

Perform an in-place upgrade on the remaining ISA Server 2004 array members

Perform the following procedure on the remaining ISA Server 2004 array members.

To perform an in-place upgrade on the remaining array members

  1. Perform an in-place upgrade from ISA Server 2004 to ISA Server 2006. For the procedures to perform an in-place upgrade, see Upgrade the array member in the Single Configuration Storage Server with One Array scenario.

  2. Enable NLB on the upgraded array member.

Appendix A: Migration to New Equipment

To upgrade an array member to new equipment instead of performing an in-place upgrade, use the procedures described in the following sections. When the ISA Server 2004 configuration is imported to ISA Server 2006, the array secrets are also upgraded. Until an ISA Server 2004 array member is upgraded, no new servers can join the array. The following procedures explain how to allow a new server to join an ISA Server 2006 array.

Export (Back Up) the Configuration of the Existing ISA Server 2004 Configuration Storage Server

Perform the following procedure on the ISA Server 2004 Configuration Storage server.

To export the ISA Server 2004 configuration to a file

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2004.

  2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Install the New ISA Server 2006 Configuration Storage Server

The following table lists additional tasks that might need to be taken on the ISA Server 2006 computer after migration, if the following ISA Server 2004 features are currently being used.

ISA Server 2004 function Required actions

Web publishing listening for HTTPS traffic

Export the existing Secure Sockets Layer (SSL) certificate on the ISA Server 2004 computer and import the SSL certificate on the new ISA Server 2006 computer.

Bb794804.note(en-us,TechNet.10).gifNote:
If a new SSL certificate is installed, you will need to modify the affected Web listener and select the new SSL certificate.

VPN tunnel encryption with server certificates:

  • Internet Protocol security (IPsec) tunnel mode
  • Layer Two Tunneling Protocol (L2TP) over IPsec
  • VPN client access using L2TP over IPsec

Install a new server certificate from the same internal certification authority (CA) that issued the server certificate for the ISA Server 2004 computer.

User account for:

  • L2TP over IPsec
  • Point-to-Point Tunneling Protocol (PPTP)

For a remote site to initiate a site-to-site connection, there must be a user account matching the remote network name. If the user account was created as a local user account on the ISA Server 2004 computer, you must create an account with the same user name and password on the ISA Server 2006 computer. The user account must be granted dial-in permissions.

For information about how to export and import digital certificates, see "Digital Certificates for ISA Server" at the Microsoft TechNet Web site.

Perform the following procedure on the computer that will be the ISA Server 2006 Configuration Storage server.

Note

If you are installing ISA Server 2006 in a workgroup environment, you need to install the trusted root certificate for the certification authority (CA) that issued the server certificate for the Configuration Storage server. For more information about installing ISA Server 2006 in a workgroup environment, see "ISA Server Enterprise Edition in a Workgroup" at the Microsoft TechNet Web site.

To install the new Configuration Storage server

  1. Install Windows Server 2003 with SP1 or Windows Server 2003 R2 on the computer that will be the ISA Server 2006 Configuration Storage server.

  2. Install ISA Server 2006 Configuration Storage server. For more information, see the ISA Server 2006 Enterprise Edition Installation Guide.

  3. Export the new ISA Server 2006 configuration to a file. This will enable you to restore to a new ISA Server 2006 state, if any issues arise during the import. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

    2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

    3. Follow the on-screen instructions.

      Important

      Select the following Export Preferences: Export confidential information and Export user permission settings.

  4. Create a new array with the same name as the ISA Server 2004 array. For more information, see the ISA Server 2006 Getting Started Guide.

    Note

    Perform this step for each array that was configured in ISA Server 2004.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

Install New Array Member

Perform the following procedure on the computer that will be the new ISA Server 2006 array member.

Note

If you have multiple arrays, you need to install at least one array member in each array before importing the configuration.

To install a new array member

  1. Install Windows Server 2003 with SP1 or Windows Server 2003 R2 on the computer that will be the ISA Server 2006 array member.

    Note the following:

    • If you are publishing Web sites with ISA Server 2004, you must export the existing SSL certificates from the ISA Server 2004 array member and import the SSL certificates on the computer that will be the ISA Server 2006 array member.
    • If you have third-party filters installed on the ISA Server 2004 array members, you need to install the filters on the new ISA Server 2006 array members. For specific instructions regarding upgrades, refer to the third-party vendor documentation.

  2. Run ISA Server 2006 Setup. Follow these steps:

    1. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.
    2. Follow the instructions in the ISA Server 2006 Getting Started Guide to install ISA Server 2006.

For information about how to export and import digital certificates, see "Digital Certificates for ISA Server 2004" at the Microsoft TechNet Web site.

Import the Configuration to the New ISA Server 2006 Configuration Storage Server

Use the following procedure to import the configuration to the new ISA Server 2006 Configuration Storage server.

To import the configuration to the new ISA Server 2006 Configuration Storage server

  1. Copy the export file from the ISA Server 2004 computer to the ISA Server 2006 computer.

  2. Import the ISA Server 2004 exported configuration file. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

    2. On the Tasks tab, click Import (Restore) Configuration to start the Import Wizard.

    3. Follow the on-screen instructions.

      Important

      Select the following Import Preferences: Import server-specific information and Import user permission settings.

  3. Do not click the Apply button.

  4. Delete all ISA Server 2004 array members that will not be upgraded to the ISA Server 2006 arrays. Leave the array member you just installed. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.
    2. Expand Arrays, and expand the Array_Name from which you want to delete the ISA Server 2004 array members.
    3. Expand Configuration and select Servers.
    4. Select the applicable server in the array and on the Tasks tab, click Delete Selected Server.
    5. Repeat step d for each server you want to delete.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

  6. Check that functions and connectivity in ISA Server 2006 are working properly.

    Note

    After an array member has been deleted from the array, an in-place upgrade cannot be performed on the array member to upgrade to ISA Server 2006.

Appendix B: Backup Log and Cache Files

During the upgrade process, existing log and cache files are erased. ISA Server 2004 log files are not compatible with ISA Server 2006. However, ISA Server 2004 cache files are compatible with ISA Server 2006.

Log Files

To back up ISA Server 2004 log files, copy the files to an alternate location. The default location for log files is C:\Program Files\Microsoft ISA Server\ISALogs.

MSDE Log Format

Microsoft SQL Server™ Desktop Engine (MSDE) is installed and configured as the default log storage format. You must first detach the database from the current server and then copy the files to an alternate location.

To detach a database from the server, enter the following lines at a command prompt.

To detach an MSDE database from a server, enter the following

  1. OSQL -S computer_name**\MSFW -E**

  2. sp_detach_db database_name

  3. go

  4. quit

    Note

    database_name is the name of the .mdf and .ldf files without their extensions.

Now you can copy the .mdf and .ldf files to another location.

To reattach the database to the server, perform the following procedure.

To reattach a MSDE database to a server, enter the following

  1. OSQL -S computer_name**\MSFW -E**

  2. sp_attach_dbs @dbname**=*'database_name', @filename1='full_path_to_mdf_file', @filename2='full_path_to_ldf_file'*

  3. go

  4. quit

Microsoft SQL Server Log Format

For instructions about how to back up a database in SQL Server, see the SQL Server product documentation.

File Log Format

To back up ISA Server log files that are configured in file format, copy the files to an alternate location. The default location for log files is C:\Program Files\Microsoft ISA Server\ISALogs.

Cache Files

To back up ISA Server 2004 cache files, copy the files to an alternate location. The default location for cache files is <cache drive>\urlcache.

Appendix C: Build-to-Build Upgrade

In addition to the product upgrade, ISA Server 2006 Enterprise Edition also supports a build-to-build upgrade. This allows you to upgrade a beta version of ISA Server 2006 to a new build of the same product. The following build-to-build upgrades are supported:

  • Beta to RC
  • RC to RTM

For Beta to RC and Beta to RTM upgrades, perform the following procedures:

  • Export the ISA Server 2006 Beta Configuration
  • Uninstall ISA Server 2006 Beta Configuration Storage Server
  • Install ISA Server 2006 RC or RTM Configuration Storage Server
  • Uninstall ISA Server 2006 Beta Currently Installed on Array Members
  • Install ISA Server 2006 RC or RTM Array Members
  • Import the ISA Server 2006 Beta Configuration

Note

For an RC to RTM upgrade, follow the steps in the scenario that best matches your configuration. There is no in-place upgrade for the Configuration Storage server, and the procedures for upgrading an ISA Server 2004 Configuration Storage server to ISA Server 2006 must be followed.

Export the ISA Server 2006 Beta Configuration

Perform the following procedure on the ISA Server 2006 beta Configuration Storage server.

To export the ISA Server 2006 beta configuration to a file

  1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

  2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

Uninstall ISA Server 2006 Beta Configuration Storage Server

Because an in-place upgrade on the Configuration Storage server cannot be performed, you need to uninstall the ISA Server 2006 beta version from the Configuration Storage server. The array members will continue to use the last known configuration received from the Configuration Storage server.

Perform the following procedure on the Configuration Storage server computer.

Note the following:

  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server removal. To avoid issues, stop these applications before uninstalling ISA Server. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.
  • Before removing ISA Server, be sure to close ISA Server Management and ISA Server Performance Monitor.
  • Before removing an ISA Server computer configured as the Configuration Storage server, you must ensure that all changes have replicated to the replica Configuration Storage server, or the configuration changes will be lost.

To uninstall an ISA Server 2006 Configuration Storage server

  1. Click Start, click Control Panel, and then double-click Add or Remove Programs.

  2. In Microsoft ISA Server 2006, click Change/Remove.

  3. On the Welcome page, click Next.

  4. On the Program Maintenance page, select Remove, and click Next.

  5. Click Remove, to uninstall ISA Server 2006 from the computer.

  6. Click OK in the following warning dialog box.

    Bb794804.e1d45509-f50b-4540-90af-37dd14d8ee83(en-us,TechNet.10).jpg

Install ISA Server 2006 RC or RTM Configuration Storage Server

Perform the following procedure on the ISA Server 2006 Configuration Storage server.

To install the new Configuration Storage server

  1. Install the ISA Server 2006 Enterprise Edition Configuration Storage server. For more information, see the ISA Server 2006 Enterprise Edition Installation Guide.

  2. Export the new ISA Server 2006 configuration to a file. This will enable you to restore to a new ISA Server 2006 state, if any issues arise during the import. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.
    2. On the Tasks tab, click Export (Back Up) Configuration to start the Export Wizard.

  3. Follow the on-screen instructions.

    Important

    Select the following Export Preferences: Export confidential information and Export user permission settings.

  4. Create a new array with the same name as the ISA Server 2006 array. For more information, see the ISA Server 2006 Getting Started Guide.

    Note

    Perform this step for each array that was configured in the earlier build of ISA Server 2006.

  5. Click the Apply button in the details pane to save the changes and update the configuration.

Note

If you are installing ISA Server 2006 in a workgroup environment, you must install the trusted root certificate for the certification authority (CA) that issued the server certificate for the Configuration Storage server. For more information about installing ISA Server 2006 in a workgroup environment, see "ISA Server Enterprise Edition in a Workgroup" at the Microsoft TechNet Web site.

Uninstall ISA Server 2006 Beta Currently Installed on Array Members

Because an in-place upgrade on the array members cannot be performed when ISA Server 2006 beta is installed, you must uninstall ISA Server 2006 beta from the array members.

Perform the following procedure on an array member computer.

Note the following:

  • Monitoring applications, such as MOM agent, use ISA Server files and may interfere with ISA Server removal. To avoid issues, stop these applications before uninstalling ISA Server. For specific instructions about how to stop these applications, refer to the monitoring application vendor documentation.
  • Before removing ISA Server, be sure to close ISA Server Management and ISA Server Performance Monitor.

To uninstall an ISA Server 2006 beta array member

  1. Click Start, click Control Panel, and then double-click Add or Remove Programs.

  2. In Microsoft ISA Server 2006, click Change/Remove.

  3. On the Welcome page, click Next.

  4. On the Program Maintenance page, select Remove, and click Next.

  5. Click Remove, to uninstall ISA Server 2006 from the computer.

  6. Confirm that the FQDN for the Configuration Storage server is correct, and click Next.

  7. Click OK in the following warning dialog box.

    Bb794804.5d4878e8-0b03-49e9-b2ac-2dd5f4d24f82(en-us,TechNet.10).jpg

  8. On the Generated Files Removal page:

    • Select Do not remove Microsoft ISA Server 2004 log files, to save log files.
    • Select Do not remove Microsoft ISA Server 2004 cache files, to save cache files.

  9. Click Remove, to uninstall the earlier ISA Server 2006 build from the computer.

  10. Click OK in the following warning dialog box.

    Bb794804.e1d45509-f50b-4540-90af-37dd14d8ee83(en-us,TechNet.10).jpg

Install ISA Server RC or RTM on Array Members

Perform the following procedure on the computer that will be the new ISA Server 2006 array member.

Note

If you have multiple arrays, you must install at least one array member in each array before importing the configuration.

To install a new array member

  • Run ISA Server 2006 Setup. Follow these steps:

    1. Insert the ISA Server 2006 Enterprise Edition CD into the CD drive, or run ISAAutorun.exe from the shared network drive.
    2. Follow the instructions in the ISA Server 2006 Getting Started Guide to install ISA Server 2006.

Import the ISA Server 2006 Beta Configuration

Use the following procedure to import the ISA Server 2006 beta configuration.

To import the configuration to the new ISA Server 2006 Configuration Storage server

  1. Import the ISA Server 2006 beta exported configuration file. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.

    2. On the Tasks tab, click Import (Restore) Configuration to start the Import Wizard.

    3. Follow the on-screen instructions.

      Important

      Select the following Import Preferences: Import server-specific information and Import user permission settings.

  2. Do not click the Apply button.

  3. Delete all ISA Server 2006 array members that will not be upgraded from the ISA Server 2006 arrays. Leave the array member you just installed. Follow these steps:

    1. In the console tree of ISA Server Management, select Microsoft Internet Security and Acceleration Server 2006.
    2. Expand Arrays, and expand the Array_Name from which you want to delete the ISA Server 2006 array members.
    3. Expand Configuration and select Servers.
    4. Select the applicable server in the array and on the Tasks tab, click Delete Selected Server.
    5. Repeat step d for each server you want to delete.

  4. Click the Apply button in the details pane to save the changes and update the configuration.

  5. Check that functions and connectivity in ISA Server 2006 are working properly.