[isalist] Re: SSL no longer responds after upgrading from ISA 2004 ->2006

  • From: Steven Comeau <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 8 Jan 2010 11:52:20 -0500

It will test how much the "blood" is really worth... (not including yours).

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image001.png@01CA9059.08871500]
  [cid:image002.jpg@01CA9059.08871500]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jerry Young
Sent: Friday, January 08, 2010 11:08 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 
->2006

If that's the case, then, I'd suggest performing a rolling upgrade.

The "life-blood" importance of non-interrupted service should justify that 
methodology. ;)

Stand up a new box and install ISA Server 2006 on it.  Run it concurrently with 
ISA Server 2004.  When you're satisfied everything is working, you can then cut 
over to the ISA Server 2006 box and decommission the ISA Server 2004 box.
On Fri, Jan 8, 2010 at 10:56 AM, Mike Anderson 
<mike@xxxxxxxxxxxx<mailto:mike@xxxxxxxxxxxx>> wrote:
Hello there,

That is precisely the information I was looking for - so thank you for clearing 
that up :)

I am sure I will have more questions later this morning regarding this, so 
please stay tuned - I have to do the upgrade to 2006 tomorrow evening and I 
have no option for failure.  That SSL Cert is the life-blood to this company, 
and when https is not working, they literally are losing money every minute 
it's not working.  Pretty scary position for somebody like me to be in, 
considering this entire task falls on my shoulders exclusively.

Again, thank you ALL for all your incredible help - we are indeed lucky to have 
a resource like this list available.

Mike

From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx>] On 
Behalf Of Jerry Young
Sent: Friday, January 08, 2010 8:15 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: SSL no longer responds after upgrading from ISA 2004 
->2006

Mike,
My apologies; I hit the send button too soon. (O.o)
In answer to your question about CSR generation, if you're going to be 
installing a certificate on the ISA Server and only plan on using it there, 
you're going to have to create the CSR via IIS on another server. Once you get 
the certificate back from your chosen certificate authority, you'll have to 
install it on the surrogate IIS box, export it with the private key, and then 
import it into ISA Server.
On Thu, Jan 7, 2010 at 9:36 PM, Mike Anderson 
<mike@xxxxxxxxxxxx<mailto:mike@xxxxxxxxxxxx>> wrote:
Hello again,
I long ways back, we upgraded our ISA 2004 to ISA 2006 Enterprise and things 
seemed to go just fine until we tried getting the SSL stuff working.
In 2004, what we did previously was export our cert from our internal web 
server and installed it on our ISA Server. Then we simply published another web 
server (1 regular and 1 secure), so we had 1 listener for our regular Port 80 
and another listener for Port 443.
After upgrading to ISA 2006, no matter what I tried, I couldn't get the cert 
recognized to save my life. Just a FYI, we couldn't run the upgrade from 2004 
to 2006, because we were trying to upgrade from Standard to Enterprise. With 
that said, in order to install 2006, I had to first uninstall 2004 and install 
2006 fresh.
My question is: What is different about 2006 when it comes to certs? Must I 
generate the key and install the actual cert on the ISA Server itself? Since 
this is usually done from within IIS, can I generate a key within Windows 
Server 2003 itself since IIS won't be running on the ISA Server?
This is where I am very confused...
Any help would be greatly appreciated :)
Thanks,
Mike



--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
www.youngcss.com<http://www.youngcss.com/>
________________________________

avast!/SMTP2000 Antivirus: Inbound message clean.

Virus Database (VPS): 1/7/2010
Tested on: 1/8/2010 08:16:09 -0500
avast! - copyright (c) 1988-2010 ALWIL Software.





--
Cordially yours,
Jerry G. Young II
Microsoft Certified Systems Engineer
Young Consulting & Staffing Services Company - Owner
www.youngcss.com<http://www.youngcss.com>

***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com ***

PNG image

JPEG image

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 01-2010