Migrating ISA 2006 to TMG 2010

  • Article

Before we start we have to keep one important thing in mind. ISA used to operate on 32 bit processors only. TMG operates on 64 bit processors only. So, Upgrade is not possible.

What is possible though is migration. Migration involves exporting ISA’s configuration file, and importing into a TMG array/server. Below are the steps for performing the migration.

1- Preparation Steps

a. Make sure you export the web Certificates and the private keys on the ISA Server(if Any) to an external drive

b. Make sure you jot down any custom routes that you have created

c. Make sure Service Pack 1 is installed on the ISA server/array.

d. If the ISA server is part of an array rather than a standalone server, disjoin one of the Array members from the array. (Make sure you don’t do this during business hours, unless you don’t like your job J). This server will be sued for the Exporting configuration.

e. Setup a TMG Server, with the same network configuration as the disjoined ISA server

f. Read the list of migration limitations https://technet.microsoft.com/en-us/library/dd897002.aspx

2- On the disjoined server (or the standalone server), Open the ISA Server management console

3- Right click on the server/array name.

4- On the tasks panel on the right, select export server/array configuration

5- On the first screen click Next

6- On the second screen, you will be asked whether you want to include confidential information, and user permissions. If you want the TMG server to retain the same configuration, I suggest that you do export this information. This information would include things like saved credentials. This information will then need to be encrypted, using a password. Enter the password in the designated box.

7- On the next screen, select where you want to save the XML configuration file. (It is one XML file)

8- I you are migrating from an ISA Enterprise Edition to a TMG standalone array/server, run the tool EESingleServerConversionPack.exe against the XML file. You can find this tool on this link https://www.microsoft.com/downloads/en/details.aspx?FamilyID=8809CFDA-2EE1-4E67-B993-6F9A20E08607

9- On the pre-prepared TMG server from step 1.e. Import the XML configuration file using the TMG Management Console

10- Rename the TMG Server, to match the Disjoined ISA Server name. (If it is a domain member, delete the computer account of the old server, and join the TMG server to the domain using the same name)

11- Add any custom routes and import any web certificates that you have exported from the original server/array.

12- Add other TMG servers one by one, repeating what you did to the first server. Give the New array the same name of the ISA server array.

13- Check the array/server status from the monitoring tab; make sure servers are in Sync’d.

14- Setup TMG integrated Network load balancing on the TMG array (if applicable)

15- Test your configuration again