Changing ISA Firewall Domain Membership
Have you ever tried to change an ISA firewall’s domain membership either from a workgroup to a domain or from a domain to a workgroup? Sometimes it works and sometimes it doesn’t. If it works, it’s most likely that you’re using ISA Standard Edition. However, if you’re using ISA Enterprise Edition and you tried to change domain membership, you’ve probably felt the pain of the ISA firewall no longer working.
The fact is that you should avoid changing domain membership after installing the ISA firewall. If you want the machine to be a domain member, then join the machine to the domain before installing the ISA firewall software. If you want the machine to be in a workgroup, then don’t join the machine to the domain before or after the ISA firewall software is installed.
However, if you find yourself in a fix with your ISA Enterprise Edition because of a change in domain membership, you can use the following instructions to get yourself out of it:
1. On computers running Windows Server 2003, click Start, click Control Panel, and then double-click Add or Remove Programs.
2. In Microsoft ISA Server 2004, click Change/Remove.
3. On the Welcome page, click Next.
4. On the Program Maintenance page, select Repair.
5. On the Enterprise Deployment Environment page, choose the I am deploying in a workgroup or in domains without trust relationships
Now do the following:
1. In Server certificate, type the path and file name of the certificate.
2. In Certificate password, type the password of the certificate file.
3. Click Next.
4. Click Install.
For more information on troubleshooting setup, check out: http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ts_setup.mspx
Thomas W Shinder, M.D.
MVP — ISA Firewalls