Solved

Replacing RADIUS Server - Windows Server 2008 R2 - General Questions

Posted on 2013-06-10
5
466 Views
Last Modified: 2013-06-11
Greetings.  We have an old P4 black box server running ADDS, print services and RADIUS for VPN authentication through our Cisco ASA.

The new box is Windows Server 2008 R2 Enterprise, quad-core Xeon, 16GB.

ADDS on the new box is done.  DNS is not a problem.  And I already have a new print server set up.

For RADIUS, if I keep the same IP address as the old server and import RADIUS settings from the old one, is it as simple as that ?  The shared secret pw is not changing.  Of course, there will be a lag in bringing down the old one and bringing up the new one if I keep the same IP.

Suggestions ?
Thanks much.
-Stephen
0
Comment
Question by:lapavoni
5 Comments
 
LVL 21

Assisted Solution

by:Jakob Digranes
Jakob Digranes earned 200 total points
ID: 39236852
Should go straight ahead.
What authentication (network policies) do you have?
If you using PEAP - and old Radius has a certificate - make sure you get a new certificate for new server.

Also - this is a far fetch problem, but if you have a period ( . ) in the Netbios domain name for the domain, you need Win2008SP2 and not 2008R2 or 2012 ---
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b6b80ab1-a3ee-48eb-b45c-3eb0be27aec7
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 39237000
You could have a look at iasmigreader.

http://social.technet.microsoft.com/wiki/contents/articles/12997.migrate-radius-config-from-windows-2003-ias-to-windows-20082008-r2-nps.aspx

Should do the trick.

-edit-

Though (after reading again) it looks like you might have already found that. So to answer your question, yes it should be that simple.
0
 
LVL 77

Expert Comment

by:arnold
ID: 39237047
You can reconfigure the cisco devices to add an additional tacacs server that will be attempted if the current one is not responding.
0
 
LVL 9

Accepted Solution

by:
DanJ earned 300 total points
ID: 39237326
you can have both servers to be up at the same time with different IP addresses.
then you just change the config on the asa to point to the new IP.
0
 

Author Closing Comment

by:lapavoni
ID: 39238472
Thanks, all.  No network policies. The only client is the Cisco ASA for remote VPN connections. It was pretty straightforward.  Good stuff.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question