Home > Computer network, Microsoft, Security > Upgrade from ISA 2006 to TMG2010

Upgrade from ISA 2006 to TMG2010

Customer wanted to upgrade his ISA 2006 server to “new” TMG 2010. I thought it would be nice and easy process. It could be if there were no problems which I didn’t expect to be a problem in “new” software. Old server was still functional and I wanted to prepare new server and migrate all settings and certificates.

Requirements

To install all requirements you can install required packages by yourself or you can use Run Preparation Tool from installation screen of TMG. Why didn’t they include it into installation package it self?

Messed up console

When I was done with installation I ran TMG console and I received following error:

An error has occured in the script on this page.

This was really dump error. TMG Management Console does not work on Internet Explorer 9.0+. You need to comment out all lines containing word “paddingBottom” (there are three such a lines) in file C:\\Program Files\\Microsoft Forefront Threat Management Gateway\\UI_HTMLs\\TabsHandler\\TabsHandler.htc.

Rules import unsuccessful

When I ran import of ISA xml backp on TMG server I received following error:

TMG Import failed

This problem is nice self-describing. We need to delete all IP ranges from all network interfaces before importing any settings:

Remove network addresses

Last step was to migrate IP addresses from old server using netsh.

Export

netsh -c interface dump > C:\\IP_SETTINGS.TXT

Import

netsh -f C:\\IP_SETTIGNS.TXT

I have tried to follow this article, but there are always pitfalls waiting for you 🙂

 

  1. No comments yet.
  1. No trackbacks yet.