Moving roles from physical to virtual

InSearchOf
InSearchOf used Ask the Experts™
on
I am moving some roles from a physical server to a virtual server and was wondering what the order of operations should be. I have a physical server that is a domain controller (no fsmo roles), network policy server and a certificate server. I will have the same roles on the virtual server. Both servers are running Windows 2016.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
systechSenior Technical Lead

Commented:
Hi,

What are the roles you are planning to move?

1) You can follow the steps to move Certificate Services https://www.petenetlive.com/KB/Article/0001473
2) For Network Policy server, you can export the NPS configuration and import it on the other server. The procedures are outlined here https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-export

No matter which one you are moving first as there isn't any order for these 2 roles.
Network Engineer
Commented:
I wouldn't put certificate services on a DC. That should go on a member server.

Export NPS configuration from old server and import into new server. You can then test it with new equipment to see that it works properly. To avoid reconfiguring all NPS clients, I would take physical server and give it a new IP, and then take the VM wih NPS and give it the original IP and reboot. Assuming all your NPS clients are using IP and not DNS to find their RADIUS server, then they will pick up the new server without any changes to their configuration.
InSearchOfIT Director

Author

Commented:
The reason for the cert services was because of the recommendation made here when I was setting up radius on my NPS for wireless access
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

kevinhsiehNetwork Engineer

Commented:
You do need certificate services server, but not on a DC. Member server is better because you don't want to keep having to move it when you upgrade DCs. I am sure there are other reasons to put on a member server as well.
InSearchOfIT Director

Author

Commented:
This is a one of. At the time of visualizing we could not do this one because P2V was not recommended on a DC. Are there other reasons not to have cert services on a DC?
systechSenior Technical Lead

Commented:
One of the reason i know is, if you want to demote the DC (for some reason), you need to remove the CA role first then only it will allow you to demote. Other than this i didn't face any issues if this resides on a DC.
InSearchOfIT Director

Author

Commented:
OK. Thanks for the useful advice all.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial