Migrate Network Policy Server (NPS) From Windows Server 2008 R2 to Windows Server 2012 R2

Scenario:

  1. Migrate to a new server with new NetBIOS Name and New IP Address
  2. Migrate to a new server retaining NetBIOS Name and IP Address

Step1: Backup NPS Server, NPS Policy & certificate

  1. Open NPS Policy Server from Server Manager>Right Click on NPS(Local)>Export Configuration.
  2. Select I am aware that I am exporting all shared secret. Click Ok>Export as a XML File into a UNC path accessible to new server.
  3. right Click on Template Management>Export Template to a File. Export as a XML File into a UNC path accessible to new server.
  4. Open MMC>Add Certificate Snap-in>Computer Account>Select Personal>Certificate>Export Certificate with Private Key.
  5. Use Windows Backup to backup NPS server. If NPS server is virtualized, then simply right click the virtual machine from Hyper-v manager and rename the machine. Now Power of the VM.

Step2: Build a new Server.

  1. Build a new server. Activate Windows. Assign TCP/IP and join to the domain.
  2. Open MMC>Add Certificate Snap-in>Computer Account>Select Personal>Certificate>Import Certificate with Private Key.
  3. From Roles and Feature Wizard>add network Policy and Services>Select NPS, NAP and Health registration services, Click Next>Select Certificate Authority>Select Certificate>Select Finish Installation.

Step3: Register NPS.

  1. If you have retained NetBIOS Name and IP Address mentioned in scenario 2 then you don’t  need to re-register. It’s already registered.
  2. If you have a different NetBIOS Name and IP address then Right Click NPS(Local)>Register NPS Server to Active Directory.

Step4: Import NPS Policies

  1. Open NPS Policy Server>right Click on NPS(Local)>Import Configuration. Point to the XML file you have exported in step1 and import the file.
  2. Right Click on Template Management>Import template from a File. Point to the XML file you have exported in step1 and import the file.

Step5: Test Client

  1. Connect a client using WIFI or VPN whichever purpose you have configured NPS.
  2. Open Event Viewer in NPS Server and Check Security log. You will see clients are connected successfully.

Relevant Articles:

Windows Server 2008: how to configure Network Policy Server or Radius Server –Step by Step Guide

How to configure L2TP IPSec VPN using Network Policy Server in Windows Server 2008 R2

Step by Step guide to build a Cisco wireless infrastructure using Cisco WLC 5500, Cisco 1142 AP and Microsoft Radius server

Configure Forefront TMG as a NPS (Radius) Client for VPN and local clients

Gallery

In this article, I will describe how to configure Forefront TMG as a RADIUS client. As a radius client FF TMG act as a messenger sending RADIUS request to NPS for authentication and authorization of VPN connection. The following Visio … Continue reading

Blogging year 2010—-what stats says

Gallery

Sharing stats of my blog https://araihan.wordpress.com with my visitors. I started this free wordpress before founding http://microsoftguru.com.au Team WordPress.com + Stats Helper MonkeysJanuary 2nd, 2011, 03:35pm Here’s a high level summary of my overall blog health: Wow Blog-Health-o-Meter™ “We think … Continue reading

Understanding Network Access Protection (NAP) in Windows Server 2008

Gallery

This gallery contains 10 photos.

Network Access Protection (NAP) is a platform you can install in Windows Server 2008 for enforcing computer system health requirements on Client machine before they are allowed to access network resources. NAP can ensure that the system complies with a … Continue reading