Solved

Replacing RADIUS Server - Windows Server 2008 R2 - General Questions

Posted on 2013-06-10
5
467 Views
Last Modified: 2013-06-11
Greetings.  We have an old P4 black box server running ADDS, print services and RADIUS for VPN authentication through our Cisco ASA.

The new box is Windows Server 2008 R2 Enterprise, quad-core Xeon, 16GB.

ADDS on the new box is done.  DNS is not a problem.  And I already have a new print server set up.

For RADIUS, if I keep the same IP address as the old server and import RADIUS settings from the old one, is it as simple as that ?  The shared secret pw is not changing.  Of course, there will be a lag in bringing down the old one and bringing up the new one if I keep the same IP.

Suggestions ?
Thanks much.
-Stephen
0
Comment
Question by:lapavoni
5 Comments
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 200 total points
ID: 39236852
Should go straight ahead.
What authentication (network policies) do you have?
If you using PEAP - and old Radius has a certificate - make sure you get a new certificate for new server.

Also - this is a far fetch problem, but if you have a period ( . ) in the Netbios domain name for the domain, you need Win2008SP2 and not 2008R2 or 2012 ---
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b6b80ab1-a3ee-48eb-b45c-3eb0be27aec7
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39237000
You could have a look at iasmigreader.

http://social.technet.microsoft.com/wiki/contents/articles/12997.migrate-radius-config-from-windows-2003-ias-to-windows-20082008-r2-nps.aspx

Should do the trick.

-edit-

Though (after reading again) it looks like you might have already found that. So to answer your question, yes it should be that simple.
0
 
LVL 77

Expert Comment

by:arnold
ID: 39237047
You can reconfigure the cisco devices to add an additional tacacs server that will be attempted if the current one is not responding.
0
 
LVL 9

Accepted Solution

by:
DanJ earned 300 total points
ID: 39237326
you can have both servers to be up at the same time with different IP addresses.
then you just change the config on the asa to point to the new IP.
0
 

Author Closing Comment

by:lapavoni
ID: 39238472
Thanks, all.  No network policies. The only client is the Cisco ASA for remote VPN connections. It was pretty straightforward.  Good stuff.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question