Migrating ISA 2006 to TMG 2010

  • 發行項

Before we start we have to keep one important thing in mind. ISA used to operate on 32 bit processors only. TMG operates on 64 bit processors only. So, Upgrade is not possible.

What is possible though is migration. Migration involves exporting ISA’s configuration file, and importing into a TMG array/server. Below are the steps for performing the migration.

1- Preparation Steps

a. Make sure you export the web Certificates and the private keys on the ISA Server(if Any) to an external drive

b. Make sure you jot down any custom routes that you have created

c. Make sure Service Pack 1 is installed on the ISA server/array.

d. If the ISA server is part of an array rather than a standalone server, disjoin one of the Array members from the array. (Make sure you don’t do this during business hours, unless you don’t like your job J). This server will be sued for the Exporting configuration.

e. Setup a TMG Server, with the same network configuration as the disjoined ISA server

f. Read the list of migration limitations https://technet.microsoft.com/en-us/library/dd897002.aspx

2- On the disjoined server (or the standalone server), Open the ISA Server management console

3- Right click on the server/array name.

4- On the tasks panel on the right, select export server/array configuration

5- On the first screen click Next

6- On the second screen, you will be asked whether you want to include confidential information, and user permissions. If you want the TMG server to retain the same configuration, I suggest that you do export this information. This information would include things like saved credentials. This information will then need to be encrypted, using a password. Enter the password in the designated box.

7- On the next screen, select where you want to save the XML configuration file. (It is one XML file)

8- I you are migrating from an ISA Enterprise Edition to a TMG standalone array/server, run the tool EESingleServerConversionPack.exe against the XML file. You can find this tool on this link https://www.microsoft.com/downloads/en/details.aspx?FamilyID=8809CFDA-2EE1-4E67-B993-6F9A20E08607

9- On the pre-prepared TMG server from step 1.e. Import the XML configuration file using the TMG Management Console

10- Rename the TMG Server, to match the Disjoined ISA Server name. (If it is a domain member, delete the computer account of the old server, and join the TMG server to the domain using the same name)

11- Add any custom routes and import any web certificates that you have exported from the original server/array.

12- Add other TMG servers one by one, repeating what you did to the first server. Give the New array the same name of the ISA server array.

13- Check the array/server status from the monitoring tab; make sure servers are in Sync’d.

14- Setup TMG integrated Network load balancing on the TMG array (if applicable)

15- Test your configuration again

Comments

  • Anonymous
    January 01, 2003
    Hello, I am unable to give you a confirmed answer because I have not tried that. However, I have looked through an ISA config file and found that the ISA server names are only mentioned in the Web Proxy client configuration section. So I suggest that you make a slight modification to the XML config file to change the server name(s) and perform the import into TMG. btw please let me know if that works. Cheers. -Zaid

  • Anonymous
    January 01, 2003
    Good luck

  • Anonymous
    January 01, 2003
    ok here's what I would do. After you run the Std. edition conversion tool, make a copy of the XML Configuration file for backup. open the configuration file and replace the old server name with the new one, restore the edited file to the TMG server. If things go well, and TMG functions as expected voila! you are good to go. If not, I suggest that you restore the backup (non edited) XML file, make sure it works fine, then rename the server. Let me know how it goes.

  • Anonymous
    January 01, 2003
    btw, I have sent a request to the support team to check if this approach is supported, but I havent gotten a response yet. I will let you know, as soon as I receive a reponse.

  • Anonymous
    January 01, 2003
    Hello Tebe - Just to clarify this, you're doing a single server ISA Ent to single server TMG Ent migration right? I am glad to help

  • Anonymous
    December 21, 2010
    Hi Zaid, great post thank you. Step 10 - rename TMG server to same name as ISA server. What would happen if I don't rename and give the TMG a new name? Just the old name doesn't fit with our naming convention. It is single server array ISA going onto standalone TMG 2010 ent. Thanks.

  • Anonymous
    December 22, 2010
    Hi Zaid thanks for the reply, much appreciated. I had a look at a config file and we have ISA and CSS on same server so same name, so there is a lot of occurences of the server name in config file. Just wondering which lines I would edit? Also, if it is clients that may only be affected by the name change, this may not be so much of an issue. We only have 100clients, it may be easier to just go around and reinstall the client? Even group policy install. Thanks again.

  • Anonymous
    December 22, 2010
    Hi Zaid - Yeah it is a single server array, ISA ent 2006 with CSS role and ISA on same server. Migrating using conversion tool to standalone TMG ent.

  • Anonymous
    December 22, 2010
    Thanks Zaid. I will give that a go. Are there any implications with restoring the modified config, then afterwards restoring the unmodified config? Just I will only get 1 go at this - would hate to scre things up :) !!