02 March 2011

Changing or adding a TMG standalone array into an enterprise (EMS) array

Why you would want to do this
When you only have to manage one TMG array these is no need for using an Enterprise Management server.   This is because all setting on that Array apply only to that array.  When you have to manage multiple arrays this changes quite a bit, especially if there are multiple similar arrays, say in a large multi site deployment.  This would be difficult to mange in dispersed manner and since there would be many common configuration items (such as computer groups) it would make sense to be able to centrally configure and reuse those items.  Same goes fir certain rules.

But what if you started of with one or more standalone arrays and you now want to move over to a EMS or enterprise array.

There is not direct way of doing this.  You can either join an array manged by an EMS or a stand alone server.  You cannot natively "merge" a stand alone array into an enterprise EMS directly.  I will step through the process required to achieve this, namely:


  • Prepare your EMS
  • Export your existing standalone array configuration
  • Create new blank array
  • Import your standalone configuration into your new array
  • Disjoin standalone array members
  • Join member to the EMS array
  • Join former array manager server to the EMS

Preparing your EMS
Singe this is a general procedure and not specific to this process I have a separate  article on this : http://fixmyitsystem.com/2011/03/installing-tmg-enterprise-management.html

Export your standalone array configuration
All the setting of your array can be exported in one big xml file.

Log onto the TMG management console

  • From the array top level node, Right click and Export (Backup)


This will start the Export Wizard

  • Since we want to export the Entire Array configuration check the following
  • Export confidential information
  • Export user permission settings
  • Follow the wizard and specify the export file name
  • Wait for the export to complete - if you have any errors you you have a problem.  Do not proceed without fixing it.


  • Copy this exported XML file to the new EMS server
  • It is a good idea to keep this xml file since it is a current complete config backup.
  • Although not required for this procedure - I would also suggest exporting all the certificates on the servers.  You can do a bulk export - just multi select all of the certs you want to export form the certificates MMC console and export those in one go.
Create a new blank array
You need a container to import the existing array information to.  For this you need to create a new array in the EMS

  • From the management console expand the Arrays node
  • Right click and select new array
  • Specify the same name as the exported array
  • Specify the DNS name from the exported array
  • Select to apply the default policy
  • Make sure that the " Deny" "Allow" and Publish check boxes are checked
  • Finish
  • Do not Apply the changes yet




Import your standalone configuration into your new array
We now need to make sure that the new array will have the identical configuration as the standalone array, if it is not 100% you will have issues.


  • Right Click the new blank array name and select import
  • Ignore the warning stating that there are outstanding changes
  • The Import Wizard will start , click Next
  • Specify the xml file you exported and copied earlier
  • Choose to overwrite
  • Check "Import server Specific information" (This includes information such as installed certificates etc.)
  • Check "Import user permission settings information"
  • Specify the password from the export
  • Confirm that you will indeed be overwriting the current configuration
  • Once the import completes you can apply the changes

You will now be prompted about affecting the following services, Select "Save the changes and restart the services"


After completion of this step you will now a an array but all the comms will be broken.  You cannot contact any of the servers in the array form the management console. DO NOT PANIC! Your array is working away unaware of the new EMS array.



Disjoin standalone array members
The reason your servers are not reachable is because they are still talking to their standalone configuration store.  To get them to use your new EMS one you need to disjoin them from the standalone and join them to you new EMS one.

NOTE: While any server is not part of an array it has no TMG configuration. It is however still bound in the NLB.  As a result it will not handle traffic correctly until is it an array member again.  This will most likely cause some disruption.  Plan for, and do this when it is acceptable to have a 15 minute intermittent break in service

  • Log back onto the stand alone array. 
  • Starting with the array member that is not the array manager.
  • Select the array level node - in the action pane there will be an option to  Disjoin Server from array
  • Follow the wizard
  • Next
  • Finish
  • WAIT, WAIT, WAIT and the WAIT some more


Join member to the EMS array
Once your server has been dis-joined you can join it to your new array.  Your server will find it's old configuration waiting for it in the new array so everything should work perfectly.


  • Starting with the array member that is not the array manager.
  • Select the array level node - in the action pane there will be an option to join array
  • From the Wizard select  "Join an array managed by an EMS server"
  • Specify the EMS server's FQDN
  • It will check connectivity.
  • From the Join EMS array screen use the drop down box to select the array you created earlier
  • Next, Finish
  • Wait for join to complete
By this stage you should be able to see connectivity from the EMS console to the member you just added.


Join former array manager server to the EMS
Once all the array members (other then the array manager) are removed you can now join the array manager to the ems array in the same method as the member server process above, with the exception that you do not need to disjoin it first.

Once this step is completed you should now be able to manage the array successfully from the EMS console. All servers in the array should show up as synced to the EMS configuration store.


Disclaimer: I have not been able to find any documentation on doing this, so this is my winging it procedure.  I have submitted this article to the MS TMG blog for verification.  The process worked flawlessly for me though.  Check the comments below for more info.

5 comments:

Anonymous said...

I am about to do this with two Standalone arrays this weekend.

I thought this was the process but not had the time to test.

Nice to see it rubber stamped.

Many thanks.

Etienne Liebetrau said...

Let me know how it goes. Would really like to get some more feedback on this procedure, good or bad...

Anonymous said...

Hi,

One thing to note. I had prepped the EMS with SP1 + SU1 and RU3.

The Standalone had the above but did include RU1. As I thought the Rollups are accumulative I never bothered with RU1 on the EMS.

The import then failed the import with error of miss match arrays?

I removed the RU3 and then added RU1 and RU3 this then allowed the import to work.

One off the two arrays now ported.

Regards,

Rich (Anon from the first comment)

Etienne Liebetrau said...

Hi Rich

Thanks for the update.

Yes the EMS has to be the same version (exactly )as the standalone array. The other little issue I picked up was that I created my EMS array before installing the updates. Afterward my import failed because the version were different. I had to delete my "empty array" and recreate it post updates for the import to work.

This export/import version match should also be a real consideration for doing export backups...

Thanks again for the update

Anonymous said...

Thanks for this excelent article.
I follow this step by step but i had an error while importing the xml:
"The file cannot be imported because the enterprise management mode is 2008-only in the exported file and 2010SP1 in the stored configuration.
The error occurred on object 'Web Proxys' of class 'Array' in the scope of array 'Web Proxys'."

After some tests i edit the exported XML file and change the line:

2

to

3

The import end successful.

Best Regards,
Marco Cosme

Post a Comment