"Pardon me while I whip this out" :). They actually tried to broadcast that on CMT once, and half of it was bleeped out for racial slurs. Morons ;) t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, January 10, 2010 9:14 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 It's twu, it's twu! (three anti-social points for that quote) I've been running virtualized ISA since ISA 2000. Started with VMWare Server (that was Tom's fault), moved to Virtual Server, and now run Hyper-V almost exclusively. Bear in mind that the MS Lifecycle Policy takes precedence. Neither ISA 2000 nor ISA 2004 are in mainstream support. http://blogs.technet.com/isablog/archive/2009/10/05/mainstream-support-ending-for-isa-server-2004-standard-edition-sp3.aspx discusses this. Jim From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Sunday, January 10, 2010 6:22 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 This is also a perfect scenario for virtual environments. I'm all HyperV all the time, and personally, I'd never go back. Your restore options are fantastic, and you can literally work out everything you need on your development VM environment and literally just copy it over to production. ISA is supported in a production HyperV environment, so you might want to look at that, assuming you've not already done too much work on this. t From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Mike Anderson Sent: Friday, January 08, 2010 10:53 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 I would have to use one of my own boxes to do it, but at this point, I think it would be worth it. I have enough spare parts to build 3 new servers, so it would actually be nice to have a spare machine all pre-built once this upgrade is all done... In fact, I could build the server tonight and it would give me the chance to get the SSL stuff all ironed out. That way, I can have a preconfigured server known to be working, before I even walk into the NOC tomorrow night. That is a wonderful suggestion, and I think I will do just that... Thanks again guys and ttys :) From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, January 08, 2010 11:58 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 Is there any chance you can do a rolling upgrade rather than in-place? Doing so would help you avoid outages while you work through the inevitable problems... Jim ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] on behalf of Mike Anderson [mike@xxxxxxxxxxxx] Sent: Friday, January 08, 2010 7:56 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 Hello there, That is precisely the information I was looking for - so thank you for clearing that up :) I am sure I will have more questions later this morning regarding this, so please stay tuned - I have to do the upgrade to 2006 tomorrow evening and I have no option for failure. That SSL Cert is the life-blood to this company, and when https is not working, they literally are losing money every minute it's not working. Pretty scary position for somebody like me to be in, considering this entire task falls on my shoulders exclusively. Again, thank you ALL for all your incredible help - we are indeed lucky to have a resource like this list available. Mike From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jerry Young Sent: Friday, January 08, 2010 8:15 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006 Mike, My apologies; I hit the send button too soon. (O.o) In answer to your question about CSR generation, if you're going to be installing a certificate on the ISA Server and only plan on using it there, you're going to have to create the CSR via IIS on another server. Once you get the certificate back from your chosen certificate authority, you'll have to install it on the surrogate IIS box, export it with the private key, and then import it into ISA Server. On Thu, Jan 7, 2010 at 9:36 PM, Mike Anderson <mike@xxxxxxxxxxxx<mailto:mike@xxxxxxxxxxxx>> wrote: Hello again, I long ways back, we upgraded our ISA 2004 to ISA 2006 Enterprise and things seemed to go just fine until we tried getting the SSL stuff working. In 2004, what we did previously was export our cert from our internal web server and installed it on our ISA Server. Then we simply published another web server (1 regular and 1 secure), so we had 1 listener for our regular Port 80 and another listener for Port 443. After upgrading to ISA 2006, no matter what I tried, I couldn't get the cert recognized to save my life. Just a FYI, we couldn't run the upgrade from 2004 to 2006, because we were trying to upgrade from Standard to Enterprise. With that said, in order to install 2006, I had to first uninstall 2004 and install 2006 fresh. My question is: What is different about 2006 when it comes to certs? Must I generate the key and install the actual cert on the ISA Server itself? Since this is usually done from within IIS, can I generate a key within Windows Server 2003 itself since IIS won't be running on the ISA Server? This is where I am very confused... Any help would be greatly appreciated :) Thanks, Mike -- Cordially yours, Jerry G. Young II Microsoft Certified Systems Engineer www.youngcss.com<http://www.youngcss.com/> ________________________________ avast!/SMTP2000 Antivirus: Inbound message clean. Virus Database (VPS): 1/7/2010 Tested on: 1/8/2010 08:16:09 -0500 avast! - copyright (c) 1988-2010 ALWIL Software. ________________________________ avast!/SMTP2000 Antivirus: Inbound message clean. Virus Database (VPS): 1/8/2010 Tested on: 1/8/2010 11:59:53 -0500 avast! - copyright (c) 1988-2010 ALWIL Software.