Installing ISA Server 2004 on Small Business Server 2003

For ISA Server 2004 to install on SBS 2003, you must install SBS 2003 Service Pack 1. You should order the CD from Microsoft—it's important to install using the CD, rather than downloading the service pack, as there are some special scripts that are included on the CD that accommodate the unique configuration of ISA Server being colocated with a Windows Server 2003 domain controller, SQL Server 2000, and Exchange.

The SBS 2003 Service Pack 1 CD installs the following updates:

• Windows Server 2003 Service Pack 1

• Exchange Server 2003 Service Pack 1

• SBS 2003 Update KB891193 for Windows XP Service Pack 2

• Windows Small Business Server 2003 Service Pack 1

• Windows SharePoint Services Service Pack 1

• ISA Server 2004 Service Pack 1

• SQL Server 2000 Service Pack 4

There are two ways to install ISA Server 2004: on a new SBS server or as an upgrade to an existing SBS installation. We cover the basic steps, which are the same in both cases, and then discuss the things to consider when upgrading from an existing installation of SBS 2003 with ISA Server 2000.

Documenting and Backing Up ISA Server 2000 Settings

As with any significant upgrade, you should document and back up your SBS server before conducting an upgrade of ISA Server by following these steps:

1. On the SBS 2003 server, click Start, and then select Server Management.

2. In the left console tree, click the Backup node.

3. In the right-hand details pane, click Backup Now.

Applying SBS Service Pack 1

If you are upgrading an existing installation of SBS 2003 that does not already have Service Pack 1 and ISA Server 2004 preconfigured, follow these steps before upgrading to ISA Server 2004:

1. Perform the following prerequisite activities:

   1. Plan and communicate downtime, and then take the server offline so that it is not connected to the network.

   2. Log on to the SBS 2003 computer at the console using the local, built-in Administrator account. Do not try to perform the upgrade remotely.

   3. Ensure that the local, built-in Administrator account is not a member of the Power Users group.

   4. Temporarily disable all antivirus services during the upgrade.

   5. Be aware that the setup may cause some uninterruptible power source (UPS) devices to switch to battery power during the upgrade, and this can cause problems. To prevent problems, connect the computer directly to a surge protector connected to an outlet.

   6. To avoid an error during setup, ensure that you have Microsoft Outlook 2003 installed in the ClientApps folder.

   7. Ensure that you have at least 2 GB of free space on the boot drive.

   8. Ensure that the ClientApps share on the SBS server is the same as the ClientAppsRoot value in the HKEY_LOCAL_MACHINE\Software \Microsoft\SmallBusinessServer\clientsetup key.

   9. Remove the Firewall Client from existing computers, so that you can reinstall the new Firewall Client (which supports encryption).

2. Install SBS 2003 Service Pack 1 Premium using the CD obtained from Microsoft. You cannot upgrade to Service Pack 1 Premium with the Service Pack 1 Standard download from the Microsoft Web site if you have Premium Edition. Install the following items, following the instructions on the screen:

   1. Install Windows Server 2003 Service Pack 1.

   2. Install Windows SharePoint Services 2.0 Service Pack 1.

   3. Install Exchange Server 2003 Service Pack 1.

   4. Install Windows XP Service Pack 2 for Client Deployment.

   5. Install Windows Small Business Server 2003 Service Pack 1.

   6. Install SQL Server 2000 Service Pack 4.

   Detailed instructions on how to update all the SBS 2003 components to Service Pack 1 is outside the scope of this book, which focuses on ISA Server 2004. For a delightfully detailed step-by-step guide, see "How To Install Service Pack 1 For SBS 2003" by Mariëtte Knap et al., located at http://www.smallbizserver.net/Default.aspx?tabid=236.

3. Finally, install Microsoft ISA Server 2004 as described in the next section.

Installing ISA Server 2004

1. From the Windows Small Business Server Service Pack 1 Premium Technologies Setup CD, click the Install Microsoft Internet Security And Acceleration Server 2004 link shown in Figure 20-1.

   Important

   Be sure to use only the SBS 2003 CDs from Microsoft, as they contain scripts that accommodate the unique colocation of all SBS components on the same computer as ISA Server.

2. On the Welcome To The ISA Server 2004 Setup For Small Business Server 2003 Wizard page, click Next.

3. On the License Agreement page, select I Accept The Terms In This License Agreement, and then click Next.

4. On the Installation Path page, select the location where you will install ISA Server, and then click Next.

5. On the Completing The ISA Server 2004 Setup For Small Business Server 2003 Wizard page, review your settings, and then click Finish.

   Note

   If you wish to view or save the configuration information from the wizard, click the To Print, Save, Or E-Mail This Information, Click Here link.

6. The wizard will back up the existing ISA Server 2000 configuration, uninstall ISA Server 2000, and then install ISA Server 2004.

7. The wizard then prompts you to configure the SBS 2003 Internet and e-mail settings. Walk through the wizard as described in the next section, "Running the Configure E-Mail and Internet Connection Wizard."

8. Once you've completed the Configure E-Mail and Internet Connection Wizard, the Setup Wizard installs the Microsoft SQL Server 2000 Desktop Engine (MSDE) Service Pack 4 to support SQL logging in ISA Server 2004.

9. When the ISA Server Setup For Small Business Server 2003 dialog box states that The Wizard Has Completed Successfully, click Close.

10. When prompted to reboot your server, click OK.

Figure 20-1: Install ISA Server 2004 onto an SBS 2003 computer using the Service Pack 1 CDs from Microsoft.

Running the Configure E-Mail and Internet Connection Wizard

If you are configuring ISA Server for the first time, you need to create the settings to connect to the Internet. SBS 2003 provides the Configure E-Mail and Internet Connection Wizard to step you through the configuration of Internet connectivity for your server.

To do this, perform the following steps:

1. From the To-Do List that appears after completing the Service Pack 1 Setup, in the Network Tasks area, click the Start link next to the Connect To The Internet entry. The Configure E-Mail and Internet Connection Wizard appears, as shown in Figure 20-2.

2. On the Connection Type page, select either Broadband or Dial-Up, depending on the type of configuration you have, and then click Next.

   Note

   Broadband connections include Digital Subscriber Line (DSL) and cable modem installations. Even if you have an Integrated Systems Digital Network (ISDN) connection, the modem is probably doing the dialing, so you should still choose Broadband. Choose Dial-Up only if the computer must dial a number to establish an Internet connection.

3. If you select Dial-Up, click Next. If you select Broadband, select the option that most closely fits your connection from the My Server Uses list shown in Figure 20-3, and then click Next. The following instructions are organized based on the selection you choose here—go to the appropriate step based on your selection.

4. If you selected Dial-Up Connection, follow these steps to finish setting up your SBS Server to connect to the Internet:

   1. On the Dial-Up Connection page, select an already-existing dial-up connection, or create a new one by clicking New, and then typing in the relevant information, as shown in Figure 20-4. Click Next to continue.

   2. On the Local Network Connection page, select the network adapter that connects to the Internal network, and then click Next.

5. If you select A Local Router Device With An IP Address, follow these steps to finish setting up your SBS Server to connect to the Internet:

   1. On the Router Connection page, type in the DNS information for your local connection, as shown in Figure 20-5. If you select the My Server Uses A Single Network Connection For Both Internet Access And The Local Network check box, you will be able to take advantage of a limited set of ISA Server's services—it will not function as a viable firewall in this configuration.

   2. On the Network Configuration page, select the network adapter for external access (ISA Network Connection), and the network adapter connecting to your internal network (Local Network Connection), and then click Next.

6. If you select A Connection That Requires A User Name And Password (PPPoE), follow these steps to finish setting up your SBS Server to connect to the Internet:

   1. On the PPPoE Connection page, create a new connection designating the settings given to you by your DSL provider, and then click Next.

   2. On the Local Network Connection page, select the network adapter that connects to the internal network, and then click Next.

7. If you select A Direct Broadband Connection, follow these steps to connect your SBS server to the Internet:

   1. On the Network Configuration page, select the network adapter for external access (ISA Network Connection), and the network adapter connecting to your internal network (Local Network Connection), and then click Next.

   2. On the Direct Broadband Connection page, type in the Default Gateway value provided by your Internet service provider (ISP), as well as the DNS server addresses, as shown in Figure 20-6, and then click Next.

8. On the Firewall page, select Enable Firewall to enable ISA Server, and then click Next.

9. On the Services Configuration page, select the additional services you wish to enable, and then click Next.

   Note

   By default, all users have the ability to connect to the Internet. These options create additional access and publishing rules that allow additional connectivity. Depending on what services you select, you will see other options. We recommend creating your own rules after the installation of ISA Server.

10. On the Web Services Configuration page, select the Web services you wish to make available, as shown in Figure 20-7, and then click Next. This action creates publishing rules for these Web sites. By default, no Web sites will be published.

    Note

    If you chose the Dial-Up option, the Web Services Configuration page does not appear. You cannot publish Web services if you do not have a persistent connection to the Internet.

    1. If you do choose to publish Web sites, on the Web Server Certificate page, either select Create A New Web Server Certificate or—if you already have a Web server certificate from Verisign, Thawte, or some other third-party trusted authority—select Use A Web Server Certificate From A Trusted Authority.

    2. Type the name of the server or navigate to the certificate file, and then click Next.

11. On the Internet E-Mail page, select the option to configure Internet e-mail. If you select Enable Internet E-Mail, the SmallBusiness SMTP Connector is installed—use this option if you want to connect to Post Office Protocol 3 (POP3) mailboxes. If you select Disable Internet E-Mail, the SmallBusiness SMTP Connector is deleted—you will be able to use Exchange internally. If you select Do Not Change Internet E-Mail Configuration, nothing is altered. Click Next.

12. On the E-Mail Delivery Method page, select Use DNS To Route E-Mail to use your own Simple Mail Transfer Protocol (SMTP) server to send e-mail, or select Forward All E-Mail To E-Mail Server At Your ISP, and type the fully qualified domain name (FQDN) of your ISP's SMTP server. Click Next.

13. On the E-Mail Retrieval Method page, select the options that are appropriate for your Exchange server, and then click Next.

14. On the E-Mail Domain Name page, type in the registered domain name for your e-mail addresses, as shown in Figure 20-8. Click Next.

15. On the Mail Schedule page, select the schedule your server will use to check e-mail, and then click Next.

16. On the Remove E-Mail Attachments page, select the file extensions that you wish to strip from e-mail messages. You can select Save Removed E-Mail Attachments In A Folder to save the attachments in a central location. Click Next to continue.

17. On the Completing The Configure E-Mail And Internet Connection Wizard page, review your configuration, and then click Next.

18. The Configure E-Mail and Internet Connection Wizard then shows your progress as it configures the server, as shown in Figure 20-9.

19. When the Configure E-Mail and Internet Connection Wizard states that "The Wizard Has Completed Successfully," click Close.

    Note

    You might be prompted to configure Password Policies. We recommend selecting all three check boxes, as shown in Figure 20-10. You are also prompted to connect to the Microsoft Update site to patch your server. Do so.

20. Restart your server, and reenable and start the services you disabled earlier (such as antivirus programs and the IIS Admin Service).

Figure 20-2: SBS 2003 uses the Configure E-Mail and Internet Connection Wizard to configure the initial settings for ISA Server. You can then configure more detailed settings.

Figure 20-3: The Broadband Connection page allows you to choose the type of broadband connection you use.

Figure 20-4: Enter the information for your dial-up account.

Figure 20-5: Type in your DNS and router information here.

Figure 20-6: Enter the default gateway used by your ISP and the DNS server addresses that will resolve host names.

Figure 20-7: The Web Services Configuration page provides you with an easy way to create publishing rules for the different Web services provided by SBS 2003.

Figure 20-8: Type the domain name that your e-mail addresses will use.

Figure 20-9: The Configure E-Mail and Internet Connection Wizard configures SBS 2003 based on the settings you choose in the wizard.

Figure 20-10: Although not directly related to ISA Server, configuring Password Policies is a vital step toward having a secured SBS 2003 environment.