Bronco Solutions

Knowledge Management and Collaboration Platform
Welcome to Bronco Solutions Sign in | Join | Help
in Search
Home Blogs Forums Photos Downloads

Andrew Renner

ISA Server Upgraded

What should have been a smooth upgrade ran into a few hitches/gotchas turning the upgrade and testing into nearly a 4 hour affair.

Hopefully this post will find someone that needs it and helps them resolve some of their issues.

My ISA Server is used with multiple SSL certificates.  One is specifically for OWA and handles the authentication.  The others are for secure websites.

My process:

  1. Install Windows 2003
  2. Apply patches
  3. Install Certificates
  4. Setup Network Cards
    1. One Internal Card
      1. Client for MS Networks
      2. File and Print Sharing
      3. TCP IP
      4. NO Gateway specified - you want to terminate all internal connections
      5. Register address in DNS UNCHECKED
      6. append a bogus DNS suffix
      7. WINS Netbios - Default
      8. Enable LMHOSTS UNCHECKED
    2. One External Card with the gateway and external dns entries
      1. TCP IP
      2. Fill all settings - ip/gateway/subnet/dns
      3. Register address in DNS UNCHECKED
      4. append a bogus DNS suffix
      5. WINS Netbios - Disabled
      6. Enable LMHOSTS UNCHECKED
  5. Install ISA Server
  6. Install ISA Server SP1
  7. Install ISA Server SP2
  8. Import ISA Settings
  9. Select SSL certificates associated with secure listeners

Issue # 1:

ISA not recognizing my Certificates.

Resolution:

  1. Remove certificates from the server
  2. Local Computer Certificates
    1. Import OWA certificate into Trusted Root (top level and subclass) and Personal
    2. Import other certificates into Personal (pfx files)
  3. Select the certificates on the appropriate web listeners

Issue # 2:

ISA was resolving FQDN internal addresses to my external IP Address but non FQDN internally.

Resolution:

  1. Control Panel-->Network Connections -->Advanced Settings
  2. Adapters and Bindings Tab
  3. Be sure that the internal network connection is listed above external

NOTE: It will help you immensely if you name your network cards internal/external.

Thanks for the assistance Dan.

The proper way to install ISA and restore your settings is in the following order:

  1. Install Windows 2003
  2. Apply patches
  3. Setup Network Cards
    1. One Internal Card
      1. Client for MS Networks
      2. File and Print Sharing
      3. TCP IP
      4. NO Gateway specified - you want to terminate all internal connections
      5. Register address in DNS UNCHECKED
      6. append a bogus DNS suffix
      7. WINS Netbios - Default
      8. Enable LMHOSTS UNCHECKED
    2. One External Card with the gateway and external dns entries
      1. TCP IP
      2. Fill all settings - ip/gateway/subnet/dns
      3. Register address in DNS UNCHECKED
      4. append a bogus DNS suffix
      5. WINS Netbios - Disabled
      6. Enable LMHOSTS UNCHECKED
  4. Install ISA Server
  5. Install ISA Server SP1
  6. Install ISA Server SP2
  7. Install Certificates
    1. Import PFX certificates as exportable into personal
    2. Import CRT or CER files into Trusted Root
  8. Import ISA Settings
  9. Select SSL certificates associated with secure listeners
  10. Apply Settings
  11. Ensure that Adapters and Bindings use the internal connection as the primary (top) source
  12. Optional. Reboot
Published Monday, April 03, 2006 3:22 AM by rennera

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

No Comments

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Tags

Archives