Dear All,
I have created a thread in migration forum but moderator suggested me to post into this forum for further help.
I did a lab testing to perform migration but found out NPS server certificate is not show in EAP settings.
Please find below links for this thread.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/db18a770-3710-4048-880c-2eec89c7c364/network-policy-server-and-certificate-authority-migration?forum=winserverMigration#d8923525-3e5f-4ff3-a3ca-443b9e4c3fab
We are currently planning to migrate below server from Windows 2008R2 to Windows 2016
Server1 - ADDS/DNS/NPS/File Server
Server2 - ADDS/DNS/NPS/CA
Due to there are many roles are running in one server and we would like to use back the same hostname and IP for both servers.
My planning is to migrate server2 roles first but i have concern with NPS and CA roles migration. NPS configure with Microsot EAP (PEAP)for wireless and switch access.
The NPS server is act as a radius server also, radius client is cisco WLC wireless AP and cisco switch.
Client authentication is EAP, MS-CHAP or MS-CHAP-v2 based and not certificate based.
After migrate, do i need to publish those certs again to let clients to trust the cert for NPS authentication? May i know how to configue to let my client to trust the cert again?
Current NPS Conection Request Policies
- Condition: NAS Port Type (Wireless - IEEE 802.11 or wireless - other)
- Settings: Authentication Provider: Local Computer
Current Network Policies
- Domain User connection: NAS Port Type (Wireless - IEEE 802.11 or wireless - other)
- Domain computer: NAS Port Type (Wireless - IEEE 802.11 or wireless - other)
Below is the planning steps for server2 migration. Can i know the migration sequence is correct and any other things are missing?
-Create new server with new hostname and ip address
-Check ADDS/DNS/NPS health
- Change by schedule the publication of the certificate revocation list to extend the date to few weeks and delta CRL to one week
-Backup and export CA config and remove CA roles
-Demote old server as DC and perform ADDS/DNS roles remove
-Check ADDS/DNS health
-Export NPS config and stop NPS services (NPS for server2 stopped and server1 is serving to wireless client access)
-Change IP and Hostname for old server2 to free up of existing hostname & IP, shutdown old server2 server
-Change Hostname and IP for new server2 by using back existing hostname and IP.
-Install back CA roles and import back config
-Check NPS and CA health
-add ADDS/DNS role for new server2 and promote it become DC again
-transfer FSMO roles from old ADDS/DNS server to new server2 ADDS/DNS server
-Install NPS role and import back the config
-Start NPS services