Solved

Replacing RADIUS Server - Windows Server 2008 R2 - General Questions

Posted on 2013-06-10
5
469 Views
Last Modified: 2013-06-11
Greetings.  We have an old P4 black box server running ADDS, print services and RADIUS for VPN authentication through our Cisco ASA.

The new box is Windows Server 2008 R2 Enterprise, quad-core Xeon, 16GB.

ADDS on the new box is done.  DNS is not a problem.  And I already have a new print server set up.

For RADIUS, if I keep the same IP address as the old server and import RADIUS settings from the old one, is it as simple as that ?  The shared secret pw is not changing.  Of course, there will be a lag in bringing down the old one and bringing up the new one if I keep the same IP.

Suggestions ?
Thanks much.
-Stephen
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 200 total points
ID: 39236852
Should go straight ahead.
What authentication (network policies) do you have?
If you using PEAP - and old Radius has a certificate - make sure you get a new certificate for new server.

Also - this is a far fetch problem, but if you have a period ( . ) in the Netbios domain name for the domain, you need Win2008SP2 and not 2008R2 or 2012 ---
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b6b80ab1-a3ee-48eb-b45c-3eb0be27aec7
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39237000
You could have a look at iasmigreader.

http://social.technet.microsoft.com/wiki/contents/articles/12997.migrate-radius-config-from-windows-2003-ias-to-windows-20082008-r2-nps.aspx

Should do the trick.

-edit-

Though (after reading again) it looks like you might have already found that. So to answer your question, yes it should be that simple.
0
 
LVL 78

Expert Comment

by:arnold
ID: 39237047
You can reconfigure the cisco devices to add an additional tacacs server that will be attempted if the current one is not responding.
0
 
LVL 9

Accepted Solution

by:
DanJ earned 300 total points
ID: 39237326
you can have both servers to be up at the same time with different IP addresses.
then you just change the config on the asa to point to the new IP.
0
 

Author Closing Comment

by:lapavoni
ID: 39238472
Thanks, all.  No network policies. The only client is the Cisco ASA for remote VPN connections. It was pretty straightforward.  Good stuff.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question