Solved

Replacing RADIUS Server - Windows Server 2008 R2 - General Questions

Posted on 2013-06-10
5
463 Views
Last Modified: 2013-06-11
Greetings.  We have an old P4 black box server running ADDS, print services and RADIUS for VPN authentication through our Cisco ASA.

The new box is Windows Server 2008 R2 Enterprise, quad-core Xeon, 16GB.

ADDS on the new box is done.  DNS is not a problem.  And I already have a new print server set up.

For RADIUS, if I keep the same IP address as the old server and import RADIUS settings from the old one, is it as simple as that ?  The shared secret pw is not changing.  Of course, there will be a lag in bringing down the old one and bringing up the new one if I keep the same IP.

Suggestions ?
Thanks much.
-Stephen
0
Comment
Question by:lapavoni
5 Comments
 
LVL 20

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 200 total points
Comment Utility
Should go straight ahead.
What authentication (network policies) do you have?
If you using PEAP - and old Radius has a certificate - make sure you get a new certificate for new server.

Also - this is a far fetch problem, but if you have a period ( . ) in the Netbios domain name for the domain, you need Win2008SP2 and not 2008R2 or 2012 ---
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b6b80ab1-a3ee-48eb-b45c-3eb0be27aec7
0
 
LVL 35

Expert Comment

by:Ernie Beek
Comment Utility
You could have a look at iasmigreader.

http://social.technet.microsoft.com/wiki/contents/articles/12997.migrate-radius-config-from-windows-2003-ias-to-windows-20082008-r2-nps.aspx

Should do the trick.

-edit-

Though (after reading again) it looks like you might have already found that. So to answer your question, yes it should be that simple.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
You can reconfigure the cisco devices to add an additional tacacs server that will be attempted if the current one is not responding.
0
 
LVL 9

Accepted Solution

by:
DanJ earned 300 total points
Comment Utility
you can have both servers to be up at the same time with different IP addresses.
then you just change the config on the asa to point to the new IP.
0
 

Author Closing Comment

by:lapavoni
Comment Utility
Thanks, all.  No network policies. The only client is the Cisco ASA for remote VPN connections. It was pretty straightforward.  Good stuff.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now