Upgrading from ISA Server 2000 Enterprise Edition to ISA Server 2004 Enterprise Edition requires two basic steps:
Migrate the Enterprise settings from Active Directory to CSS.
Upgrade the ISA Server 2000 Enterprise Edition computers to ISA Server 2004 Enterprise Edition.
Whereas ISA Server 2000 Standard Edition stores its information in the local machine registry, and ISA Server 2000 Enterprise Edition stores its information in Active Directory, ISA Server 2004 Enterprise Edition stores its information in something known as the Configuration Storage Server (CSS). The CSS uses an application-specific version of Active Directory (known as Active Directory Application Mode or ADAM) to store the ISA configuration information, and the CSS server needs to be available to all ISA servers. We can upgrade the ISA Server 2000 Enterprise Edition computers to ISA Server 2004 Enterprise Edition either by doing an in-place upgrade or installing a new ISA Server 2004 instance and migrating the data.
As shown in Table 5-3, Microsoft supports upgrading from the previous versions of ISA Server to ISA Server 2004 Enterprise Edition.
Supported Upgrade Methods
ISA Server 2000 Standard Edition
No support available
ISA Server 2000 Enterprise Edition and Standard Edition
Exporting from ISA Server 2000 Enterprise Edition, and importing into ISA Server 2004 Enterprise Edition
To upgrade, you should follow these steps:
Migrate the settings from the previous version of ISA Server using the ISA Server Migration Wizard.
Install CSS on a server that is not a member of an ISA Server 2000 Enterprise Edition array.
Import the configuration to the CSS.
Install ISA Server 2004 on the ISA server.
To obtain the information from the ISA Server 2000 Enterprise Edition environment, you can use the ISA Server Migration Wizard following these steps:
On an ISA Server 2000 Enterprise Edition computer, insert the ISA Server 2004 Enterprise Edition installation CD, or connect to the installation media.
Click Run Migration Wizard.
The Welcome To The ISA Server Migration Tool page appears. Click Next.
On the File Location page, type in the path and filename for the XML file you wish to export, then click Next.
You might want to save this file to a secure network drive so that you can access it later for importation into the CSS.
On the Create Migration File page, click Create to export the migration information, wait for the progress bar to complete, then click Next.
On the Completing The Migration File Creation page, make a note of the location of the Export File Name and then click Finish.
The Export Wizard provides a very helpful configuration log file that will be located in the same directory as the file you exported. This document reveals the items that will not be migrated into the new system. Pay close attention to these items, and address the issues accordingly. For more information, see the ISA Server Migration Guide on your ISA CD.
When you first install the CSS, place it on a computer that is not part of a current ISA Server 2000 Enterprise Edition array. Follow these steps to install the CSS:
Insert or connect to the ISA Server installation media, then double-click the IsaAutoRun.exe file.
On the Welcome To The Installation Wizard For Microsoft ISA Server 2004 page, click Next.
On the License Agreement page, read the EULA, select I Accept The Terms In This License Agreement, and then click Next.
Complete the Customer Information fields, then click Next.
On the Setup Scenarios page, select Install Configuration Storage Server as shown in Figure 5-3, then click Next.
On the Component Selection page, the ISA Server Management and the Configuration Storage Server features should be set to install as shown in Figure 5-4. Click Next.
On the Enterprise Installation Options page, select Create A New ISA Server Enterprise, then click Next. You will be creating a new instance of CSS. Read the information on the New Enterprise Warning page, then click Next.
On the Create New Enterprise page, type the name of your enterprise and a description in the appropriate boxes, then click Next.
On the Enterprise Deployment Environment page, select whether you will install the CSS server into a domain or a workgroup.
If you choose to install into a workgroup, see the procedures in Chapter 3, "Configuring and Installing Microsoft ISA Server," for more information.
If you are installing on a domain controller, the Configuration Storage Server Service Account page appears. Type the account name and password for the account that will be used to run the CSS service, as shown in Figure 5-5.
If you are installing into a workgroup, you need to configure shadow accounts. See Chapter 3 for more information.
On the Ready To Install The Program page, click Install. The Installing Microsoft ISA Server 2004 page appears. When the progress bar completes, click Next.
The Installation Wizard Completed page appears. If you wish to open the ISA Server Management console, select the Invoke ISA Server Management When The Wizard Closes check box. Click Finish to close the window.
For more detailed instructions on how to install and configure the CSS, see Chapter 3.
Figure 5-3: Choose to install the CSS.
Figure 5-4: Select the components required to install and manage the CSS.
Figure 5-5: Configure the CSS Service account information.
You exported the information from your ISA Server 2000 Enterprise Edition array into an XML file. Follow these steps to import the enterprise configuration into the ISA Server 2004 Enterprise Edition environment.
In case of problems, back up the ISA Server 2004 environment using your preferred backup media.
Install any certificates that might be necessary for ISA Server, including those that might be required to communicate with other ISA servers in a workgroup.
In the ISA Server Management console, select the Microsoft Internet Security and Acceleration Server 2004 node at the top of the console tree.
On the Tasks tab, click Import (Restore) Configuration.
On the Welcome To The Import Wizard page, click Next.
On the Select The Import File page, as shown in Figure 5-6, click Browse, navigate to the configuration file you wish to import, and then click Open. Click Next.
On the Import Action page, select either Import or Overwrite (Restore). Import merges the configuration information with the existing configuration. Overwrite (Restore) replaces existing settings with the settings in the imported configuration file. Click Next.
On the Import Preferences page, select whether you wish to import server-specific or user permission settings, then click Next.
Obviously, if you did not export user permissions, you cannot import them.
If you configured a password when exporting your configuration, you will see the Enter Password page. Type the password you created when exporting your information, then click Next. If you did not enter a password, you won't see this page.
On the Completing The Import Wizard page, read the summary and click Finish. The configuration will be imported into your array. If you chose to overwrite existing settings, you'll see a dialog box confirming that you wish to take this step. If you're sure, click OK.
A progress bar shows the import process. After setup completes, click OK. Click Apply. If you have any issues, click the Details tab, and resolve the described problem.
Be aware that some changes might have occurred. Always check your rules after import to ensure they still meet your standards.
Figure 5-6: You can import the settings from the ISA Server 2000 configuration when upgrading to ISA Server 2004.
You can do an in-place installation of ISA Server 2004 Enterprise Edition, or you can configure a clean installation of ISA Server 2004 Enterprise Edition and import the configuration from ISA Server 2000 Enterprise Edition. Follow this procedure to conduct an in-place upgrade of your ISA server.
If you are upgrading an entire array, you need to ensure that your CSS is installed on a machine that was not part of the original ISA Server 2000 Enterprise Edition array.
To conduct an in-place upgrade of ISA Server 2000 Enterprise Edition, follow these steps:
Insert the ISA Server 2004 Enterprise Edition CD, or connect to the media and double-click the ISAautorun.exe file. The Microsoft ISA Server 2004 Setup splash screen appears.
Click Install ISA Server 2004. The Welcome To The Installation Wizard For ISA Server 2004 page shows the components that will be upgraded. Review the list, and then click Next.
On the License Agreement page, read the EULA, select I Accept The Terms In The License Agreement, and then click Next.
On the Customer Information page, enter your user name, organization, and serial number in the appropriate boxes, and then click Next.
On the Destination Folder page, click Change and specify a new path if you so desire. Otherwise, click Next.
On the Locate Configuration Storage Server page, enter the Fully Qualified Domain Name (FQDN) of the CSS, log on with or configure an account that has access to the CSS, then click Next.
If you receive a message stating that "The Selected Storage Server Does Not Contain The Migrated Array For The Current ISA Server 2000 Computer," click Yes if you wish to continue and lose some server-specific settings. Otherwise, click No, and import the appropriate array configuration to the CSS.
On the Join Existing Array page, type the name of or browse to the array you wish to join, then click Next.
On the Configuration Storage Server Authentication Options page, select the option that you will use to authenticate your ISA server to the CSS from one of the following:
Windows Authentication Use a domain or local service account to authenticate. If you use a local account, you need to configure the same user and password on all other participating ISA servers.
Authentication Over SSL Encrypted Channel Use this option to provide authentication for computers in workgroups or separate domains.
On the Internal Network page, configure the appropriate networks, and then click Next.
On the Services Warning page, review the information, and then click Next.
Read the conditions explained on the ISA Server 2000 Generated Files page, and then click Next.
It's essential to disconnect your ISA server from untrusted networks before upgrading, as the upgrade stops the services that protect your server.
On the Ready To Install The Program page, click Install. The installation begins. Watch the Status progress bar to monitor the installation.
On the Installation Wizard Completed page, click Finish. When you are prompted to restart the server, click Yes.
After the server reboots, and you log on, you see the Protect The ISA Server Computer Web page.