Switching ISP's at work and trying to cover all the bases...

[ScottWIT]

We are switching ISP's at work and since I haven't been through this proccess before I'm trying to be sure it goes as smoothly as possible. We have several public IP's tied to our exchange server, VPN, etc so I'll be assigning new ones from the new ISP. As of now this is what I know needs to be done when I'm ready to make the switch:

1) Change my router config and DNS servers to reflect new public IP addresses.
2) Login to control panel of our domain hosting company to change public IP addresses and wait for DNS propagation to complete over the weekend.
3) Contact new ISP with reverse DNS info

Am I missing anything???

 

[dearingkr]

If you have any control over scheduling the cut-over, try to do it late on a Friday.
This gives you time to troubleshoot any issues.
It also gives you the weekend for DNS to propagate so everything is done by Monday morning.

MCSE CCNA CCDA

 

[ScottWIT]

Right, that is exactly what I planned on doing. I'm just worried I might forget something...

One other thing I forgot... I have a site to site VPN tunnel to another location so I guess I'll need to have them modify their router config at the same time that I do the cut over.

 

[dearingkr]

A few other things to think about...

While you're modifying your DNS, don't forget the MX records as well as any SenderID/SPF records.

Check all your remote access (VPN, RDP, VNC, etc.)

If you are using Exchange 2007, you may have to mess with your digital certificates.

If you use SharePoint, you may have to modify that too.

MCSE CCNA CCDA

 

[ScottWIT]

Thnaks. I planned on modifying the existing Cisco VPN config file with the new public IP and sending it out to everyone in advance. As soon as the old one stops working I'll tell them to use the new config.

We won't miss any e-mail, will we? We're still in the dark ages.... Exchange 2000.

 

[dearingkr]

Until your DNS changes propagate, you probably won't recieve much email.

The majority of email servers will queue the mail and resend several times before outright bouncing it. How long it take before it gives up and bounces the email is dependent on how the server is configured. I've seen as little as 12 hours and as much as 48 hours. Most are at least 24 hours.

The end result is that it is possible that you will miss some email that is sent within the first few hours of the change. But I've done several cut-overs like this and I can only remember one instance where two emails were bounced back to the sender.


MCSE CCNA CCDA

 

[ScottWIT]

Thanks. Did your cut overs go smooth for the most part? If you ran into any issues what were they?

 

[dearingkr]

The majority of the cut-overs went well.

There've been some minor issues:
Had one domain registrar where they wouldn't let me change the DNS records online; had to call them and tell them what I wanted; they said they would make the changes some time in the next 24 hours. Very frustrating.

As noted above, I've had issues with Exchange 2007 security as wall as SharePoint.

The biggest factor in how smoothly it goes is how well you have pre-planned and prepared. It looks like you're doing very well on that point. You'd be surprised at how many times I'd have clients say "we want to do it tomorrow".

One big thing we haven't discussed yet...

Make absolutely sure that the new circuit is up and running beforehand. This is critical, test it yourself, don't depend on the telco to tell you it's working.

MCSE CCNA CCDA

 

[ScottWIT]

One other question........ is there a particular order I should do the steps in? I was thinking change my DNS records online first, change the router config next and then connect the new ISP ethernet cable into my router port after that. Does it matter?

 

[dearingkr]

This is how I normally do it

1. Test new circuit several days before scheduled cut-over.

Cut-over scheduled for a Friday at 5:50pm

2. Back up current configs

3. Cut-over circuit & re-config network. Remember, you're going to have new DNS servers. If you have a Windows AD domain you'll need to re-config your DC's DNS Forwarders.

4. Test new network config

5. Make changes to external DNS

I don't make the DNS changes until I know the new config is working.

Assuming you finish this Friday evening, all DNS change propagations will be done by Monday morning.


MCSE CCNA CCDA

 

[ScottWIT]

Thanks for all your help. I checked my DNS server(s) and there are no DNS forwarders listed. The previous Admin never added them and I haven't, either. When I switch to the new ISP should I add their primary and secondary DNS IP addresses?

 

[dearingkr]

That's very strange.
I'm surprised you haven't had DC connectivity problems.
Proper DNS config is critical to Active Dierctory.

Here's the way it should be set up:
All internal DNS should point to the server.
The server NICs should be configured to point to itself.
The only place your ISP DNS is configured is your AD server's DNS Forwarders.

MCSE CCNA CCDA

 

[ScottWIT]

Ok... the previous Admin had the server NICs listing the external DNS servers in the TCP/IP properties instead of pointing to itself. I will change that when I do the cut-over and also add the new ISP DNS info to the DNS forwarders.

So, we have three servers we host here on our network including the Exchange server. They all will receive new IP addresses. Should I tell my users due to DNS propagation they won't be accessible until at least Saturday afternoon then you think?

Thanks for all your help.