Migrate Network Policy Server (NPS) From Windows Server 2008 R2 to Windows Server 2012 R2

Posted on by

Scenario:

  1. Migrate to a new server with new NetBIOS Name and New IP Address
  2. Migrate to a new server retaining NetBIOS Name and IP Address

Step1: Backup NPS Server, NPS Policy & certificate

  1. Open NPS Policy Server from Server Manager>Right Click on NPS(Local)>Export Configuration.
  2. Select I am aware that I am exporting all shared secret. Click Ok>Export as a XML File into a UNC path accessible to new server.
  3. right Click on Template Management>Export Template to a File. Export as a XML File into a UNC path accessible to new server.
  4. Open MMC>Add Certificate Snap-in>Computer Account>Select Personal>Certificate>Export Certificate with Private Key.
  5. Use Windows Backup to backup NPS server. If NPS server is virtualized, then simply right click the virtual machine from Hyper-v manager and rename the machine. Now Power of the VM.

Step2: Build a new Server.

  1. Build a new server. Activate Windows. Assign TCP/IP and join to the domain.
  2. Open MMC>Add Certificate Snap-in>Computer Account>Select Personal>Certificate>Import Certificate with Private Key.
  3. From Roles and Feature Wizard>add network Policy and Services>Select NPS, NAP and Health registration services, Click Next>Select Certificate Authority>Select Certificate>Select Finish Installation.

Step3: Register NPS.

  1. If you have retained NetBIOS Name and IP Address mentioned in scenario 2 then you don’t  need to re-register. It’s already registered.
  2. If you have a different NetBIOS Name and IP address then Right Click NPS(Local)>Register NPS Server to Active Directory.

Step4: Import NPS Policies

  1. Open NPS Policy Server>right Click on NPS(Local)>Import Configuration. Point to the XML file you have exported in step1 and import the file.
  2. Right Click on Template Management>Import template from a File. Point to the XML file you have exported in step1 and import the file.

Step5: Test Client

  1. Connect a client using WIFI or VPN whichever purpose you have configured NPS.
  2. Open Event Viewer in NPS Server and Check Security log. You will see clients are connected successfully.

Relevant Articles:

Windows Server 2008: how to configure Network Policy Server or Radius Server –Step by Step Guide

How to configure L2TP IPSec VPN using Network Policy Server in Windows Server 2008 R2

Step by Step guide to build a Cisco wireless infrastructure using Cisco WLC 5500, Cisco 1142 AP and Microsoft Radius server

2 thoughts on “Migrate Network Policy Server (NPS) From Windows Server 2008 R2 to Windows Server 2012 R2

  1. hi Raihan- Just wondering if you come across this issue on a NPS server which does wireless authentication via certs

    The problem I’m having is:
    On the NPS server, the computer certificate container has three certificates (RAS Certificate, computer & Domain Controller Auth cert). When we open the NPS policy and drill down to the list of available certificates, it picks up all the certificates from the computer store and select’s the certificate with the longest lifetime (regardless of the cert type) I wanted to know how we can set the NPS server to pick-up only the “RAS certificate” with subject information. NPS server role is running on the same server as the RODC on WIN2012 R2.

    Like

    Reply

    • Even though NPS can be configured in a RODC I would recommend isolating two roles in two servers. By default RODC is locked down for authentication purpose. What is experiencing is real. My suggestion would be Remove all certificates installed on NPS server. Then re-issue and reinstall certificate on NPS server. Test again to see how it behaves.

      Like

      Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.