Verify Configuration After Renaming an NPS Server
Updated: February 29, 2012
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
There might be circumstances when you need to change the name of an NPS server or proxy, such as when you redesign the naming conventions for your servers.
If you change an NPS server or proxy name, it is necessary to reconfigure portions of your NPS deployment.
Use the following general guidelines to assist you in verifying that a server name change does not interrupt network access authentication, authorization, or accounting.
To complete this procedure, you must be a member of the Administrators group.
If the NPS server is a member of a remote RADIUS server group and the group is configured with computer names rather than IP addresses, reconfigure the remote RADIUS server group with the new NPS server name.
If certificate-based authentication methods are deployed at the NPS server, the name change invalidates the server certificate. You can request a new certificate from the certification authority (CA) administrator or, if the computer is a domain member computer and you autoenroll certificates to domain members, you can refresh Group Policy to obtain a new certificate through autoenrollment. To refresh Group Policy:
Open Command Prompt.
Type gpupdate, and then press ENTER.
- Open Command Prompt.
After you have a new server certificate, request that the CA administrator revoke the old certificate.
After the old certificate is revoked, NPS will continue to use it until the old certificate expires. By default, the old certificate remains valid for a maximum time of one week and 10 hours. This time period might be different depending on whether the Certificate Revocation List (CRL) expiry and the Transport Layer Security (TLS) cache time expiry have been modified from their defaults. The default CRL expiry is one week; the default TLS cache time expiry is 10 hours.
If you want to configure NPS to use the new certificate immediately, however, you can manually reconfigure network policies with the new certificate.
After the old certificate expires, NPS automatically begins using the new certificate.
If you have configured the NPS server to use SQL Server logging, verify that connectivity between the computer running SQL Server and the NPS server is still functioning properly.