Installing and Configuring ISA Server 2000 on Windows Server 2003

 

 

Installing ISA Server 200 on a Windows Server 2003 machine is a little different than how you do it on a Windows 2000 machine. You need to perform the following procedures to get ISA Server 2000 to install correctly on a Windows Server 2003 machine:

 

• Install Windows Server 2003
• Install ISA Server 2000
• Install ISA Server Service Pack 1
• Install isahf255.exe
• Install Feature Pack 1

 

The remainder of this ISA Server 2000 Exchange Server 2000/2003 Deployment Kit document discusses each of these steps in detail.

 

 

 

Install Windows Server 2003

 

In order to successfully install ISA Server 2000 in Integrated Mode on Windows Server 2003, the machine should have the following characteristics:

 

• At least two network interfaces – one internal and one external
• DNS settings on network interfaces are correct
• Disable non-essential services

 

You need at least one internal and one external interface. The internal interface will be on the Local Address Table (LAT) and it is not configured with a default gateway. The external interface is never on the LAT. Only the external interface is configured with a default gateway address. Windows Server 2003, like Windows 2000, allows one interface to have a default gateway. The result is that ISA Server on Windows Server 2003 supports a single external interface or single Internet interface. You can have multiple public address DMZ interfaces, but only a single interface can connect the internal network to the Internet.

 

The DNS settings on the ISA Server interfaces must be correct. The preferred configuration is to configure the internal interface of the ISA Server with the address of a DNS server on the internal network that is capable of resolving Internet host names. You should also put the internal interface on the top of the interface list because Windows Server 2003 uses the interface order to determine which name server addresses to query first.

 

Perform the following steps to configure the interface order on the ISA Server computer:

 

1. Click Start, point to Control Panel and right click on Network Connections. Click the Open command.

 

Figure 1

 

2. In the Network Connections window, click the Advanced menu and then click the Advanced Settings command.

 

Figure 2

 

3. In the Advanced Settings dialog box, select the interface that represents the internal interface and click the up arrow to move the internal interface to the top of the interface list. Click OK in the Advanced Settings dialog box after making the changes.

 

Figure 3

 

Do not put both an internal DNS server and an external DNS server on the same interface. The external DNS server will not be able to resolve internal network host names. Under certain circumstances the Internet DNS server could be placed on the top of the DNS server list and this can lead to the ISA Server not being able to communicate with the internal network domain controllers and interfere with authentication.

 

All non-essential services should be disabled on the ISA Server computer. While each implementation of ISA Server requires a customized set of services, it is safe to conclude that you should not run the IIS W3SVC (the World Wide Web service) on the ISA Server firewall computer. We also recommend that you do not use the Web browser or email client software on the ISA Server firewall, as Web browsing and email clients are major vectors for virus and worm attacks. A properly configured ISA Server firewall is very secure, but the addition of client applications can have a significant negative impact on ISA Server security.

 

 

 

Install ISA Server 2000

 

Locate your ISA Server 2000 CD-ROM disk and put it into the CD-ROM drive or connect to a network share containing the ISA Sever 2000 installation files. Perform the following steps to install ISA Server on a Windows Server 2003 machine:

 

1. Double click on the ISAAutorun.exe file on the ISA Server CD, local hard disk, or network share point.

 

Figure 4

 

2. Click on the Install ISA Server link on the Internet Security & Acceleration Server 2000 splash page.

 

Figure 5

 

3. You will see an ISA 2000 dialog box informing that you need to install ISA 2000 Service Pack 1. Error messages will occur during the installation. Don’t be concerned about these errors as we will perform the required procedures to prevent them from becoming a problem.  Click Continue.

 

Figure 6

 

4. Click Continue on the Welcome to the Microsoft ISA Server installation program page.

 

Figure 7

 

5. Enter your CD Key in the CD Key dialog box. Click OK.

 

Figure 8

 

6. Write down your Product ID as list in the Product ID dialog box. Click OK in the Product ID dialog box after writing this number down.
7. Click I Agree in the Microsoft ISA Server Setup dialog box.

 

Figure 9

 

8. Click the Full Installation button in the installation type dialog box. I am assuming you want to use all the features that ISA Server has to offer. You can use the Add/Remove Programs applet later if you want to remove some ISA Server features.

 

Figure 10

 

9. In this example we are installing ISA Server in standalone mode, not in enterprise array mode. Click Yes in the dialog box that asks if you want to continue.

 

Figure 11

 

10. Select the Integrated mode option on the Select the mode for this server page. You want to take advantage of the full power of your ISA Server firewall. Integrated mode gives you everything the Web Proxy and Firewall services have to offer. Go for it! Click Continue.

 

Figure 12

 

11. On the Web cache page, select a drive to put the Web cache file on. The drive must be NTFS. Type in a size of the cache in the Cache size (MB) text box and then click the Set button. Then click OK.

 

Figure 13

 

12. On the LAT page, click the Construct Table button. On the Local Address Table page, remove the checkmark in the Add the following private ranges checkbox. Put a checkmark in the Add address ranges based on the Windows 2000 Routing Table checkbox. Remove the checkmark from the checkbox representing the external interface, and leave the checkmark in the checkbox for the internal interface. Click OK in the Local Address Table dialog box, then click OK in the Setup Message dialog box that informs you that the LAT was contstructed based on the Windows 2000 routing table (in spite of the fact that you’re installing ISA Server on a Windows Server 2003 machine).

 

Figure 14

 

13.   Click OK on the LAT dialog box after reviewing the list listing in the Internal IP ranges list.

 

Figure 15

 

14. Unlike Windows 2000, Windows Server 2003 does not install IIS by default. You will see a dialog box telling you that you’ll have to install the SMTP service if you want to run the SMTP Message Screener. Click OK to continue.

 

Figure 16

 

15. The ISA Server services are installed. You will see a warning balloon informing you that ISA 2000 will cause Windows to become unstable. Close the balloon, remove the checkmark from the Start ISA Server Getting Started Wizard checkbox, and then click OK in the Launch ISA Management Tools dialog box.

 

Figure 17

 

16. Click OK in the dialog box that informs you that setup was completed.

 

Figure 18

 

17. Click OK in the dialog box that informs you that setup has failed to start one or more services.

 

Figure 19

 

Now you’re ready to install ISA Server Service Pack 1.

 

 

 

Install ISA Server Service Pack 1

 

The next step is to immediately install ISA Server Service Pack 1. You can get Service Pack 1 at http://www.microsoft.com/isaserver/downloads/sp1.asp Download SP1. Download the Service Pack to a machine on the internal network, scan it for viruses, then copy it to the ISA Server. Perform the following steps after copying the service pack to the ISA Server:

 

1. Double click on the isasp1.exe file. Type in a path to put the temporary files in the Choose Directory for Extracted Files dialog box. Click OK.

 

Figure 20

 

2. Click I Agree in the End User License Agreement (EULA) dialog box.

 

Figure 21

 

3. Click OK in the Microsoft ISA Server 2000 Update Setup dialog box. The computer will restart.

 

Figure 22

 

That’s all there is to installing ISA Server service pack 1.

 

 

 

Install HotFix isahf255.exe

 

Log onto the machine after the ISA Server service pack 1 installation routine restarts the machine. There are a few hotfixes and updates you need to install on the Windows Server 2003/ISA Server machine to insure that everything works correctly. You can download the HotFix pack, isahf255.exe at http://www.microsoft.com/downloads/details.aspx?familyid=77d89f87-5205-4779-b1ab-fc338283b2d9&displaylang=en

 

Download the file to a machine on the internal network, scan it for viruses, and then copy it to the ISA Server. Perform the following steps after copying the file to the ISA Server:

 

1. Double click on the isahf255.exe file. Read the  click I Agree in the ISA Server 2000 hot fix 255 (331062) dialog box. Type in a path for the temporary files in the Choose Directory for Extracted Files dialog box, then click OK.

 

Figure 23

 

2. Click I Agree in the EULA dialog box.
3. Click OK in the Microsoft ISA Server 2000 Update Setup dialog box that informs you that the update was successful applied.

 

Figure 24

 

 

Note that you do not need to restart the server. The next step is to install Feature Pack 1.

 

 

 

Install Feature Pack 1

 

Feature Pack 1 (FP1) is not required. You don’t have to install ISA Server Feature Pack 1 on the Windows Server 2003/ISA Server machine to get ISA Server 2000 working correctly. However, I do highly recommend that you install ISA Server Feature Pack 1 because it adds a several new and useful features. You can download ISA Server Feature Pack 1 at http://www.microsoft.com/downloads/details.aspx?FamilyID=2f92b02c-ac49-44df-af6c-5be084b345f9&DisplayLang=en

 

Download the feature pack to a machine on the internal network and scan it for viruses. Then copy the file to the ISA Server and perform the following steps:

 

1. Double click on the isaftp1.exe file. Type in a path for the extracted files in the Choose Directory For Extracted Files dialog box.

 

Figure 25

 

2. Click I Agree in the Feature Pack 1 EULA dialog box.
3. Click OK in the Microsoft ISA Server 2000 Feature Pack 1 dialog box. Leave the checkmark in the Read about ISA Server Feature Pack 1 checkbox to learn more about what you get with Feature Pack 1.