Migrate from IAS to NPS for use with Cisco WLC

Hi,
I have attempted to migrate a Windows 2003 based IAS setup to a Win2008r2 based NPS setup using MS's doc for exporting the DB from IAS and importing it into NPS on the newer server and it seems to work mostly.  The VPN setup on the Cisco ASA works fine after being pointed to the new NPS install but clients on the Cisco 4400 WLC does not authenticate when that is set to use the new NPS radius setup.  Obviously I missed a step or two.  

I cannot find much documentation on deciphering the logs from NPS, but it seems that I am not getting to the "Secured password" sequence that I see in teh IAS log.  

Has anyone done this and could give some advice?  Or even a little help with what the logs are telling me about what happened when I switched the WLC over to the new radius setup?  Thanks.
SIDESHOWBLAHAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
Assuming the NPS server has a different IP, have you added the new NPS server as a RADIUS server on the WLC?
0
SIDESHOWBLAHAuthor Commented:
Yes. It is a different server on a different IP.  So I added the IP to the Security section of the WLC under AAA > Radius > Authentication Servers, Then selected that server under the WLAN > Security > AAA Servers in place of the older IAS server.
0
Craig BeckCommented:
Ok so can you see any errors in the WLC logs or in the custom NPS logs in event viewer?
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

SIDESHOWBLAHAuthor Commented:
There is nothing in the NPS logs on the Win2008 server and it looks like I overwrote the logs on the WLC.  So I'll have to wait until I can set it back up again and grab those logs.
0
Craig BeckCommented:
Where did you view the NPS logs?  If you don't look in the Custom section of the Event Viewer you'll probably not see anything.

If you did look in the Custom section I'd say the WLC isn't talking to the NPS.  It might be worth checking your firewall if you have one.  You need to allow ports 1812 and 1813.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SIDESHOWBLAHAuthor Commented:
Should be no firewall between the WLC and NPS server.  And I found the logs from that day for the NPS box.  It looks like things just stop talking if I compare that log to the one from the working IAS box.  I will try to get a chance to test again this week.  Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.