Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Planning Redundancy for a NAP CA Server

Updated: February 29, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Vista

To provide for fault tolerance, you must have at least two NAP CAs. In a large IPsec enforcement deployment, additional CAs might be required for performance. To configure NAP CA redundancy, add NAP CAs to the ordered list of CAs in HRA settings. If the HRA is unable to contact the first NAP CA in the list, it fails over to the second NAP CA, and so on until it goes through the complete list. By default, the HRA will retry a failed NAP CA again after five minutes. See the following figure.

43f6a977-e695-41c4-95ad-7c68db7574c2

NAP CA redundancy

If some NAP CAs are enterprise CAs and some are standalone CAs, you must configure HRA to use enterprise CA mode. For more information, see NAP Configuration Overview.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.