NPS Server Migration: Migrating the NPS Server

Updated: November 11, 2009

Applies To: Windows Server 2008 R2

This topic contains steps and procedures for migrating the Network Policy Server (NPS) role service from a legacy source server to a new x64-based destination server running Windows Server® 2008 R2.

Exporting settings from the source server

Use the following procedures to export the NPS settings from your x86-based or x64-based source server prior to migrating to an x64-based server running Windows Server 2008 R2. Follow the steps in the appropriate section based on the version of Windows Server that is running on the source server. See the following sections:

Warning

When you use the following procedures to export configuration settings, apply appropriate precautions when moving these files from the source server to destination servers. NPS server configurations are not encrypted in the exported XML file, and contain shared secrets for RADIUS clients and members of remote RADIUS server groups. Therefore, sending these files over a network connection might pose a security risk. You can add the file to an encrypted, password protected archive file before moving the file to provide greater security. In addition, store the file in a secure location to prevent access by unauthorized users.

Exporting settings from Windows Server 2003

Configuration settings for Internet Authentication Service (IAS) in Windows Server 2003 are stored in .MDB files. Configuration settings for Network Policy Server (NPS) in Windows Server 2008 R2 are stored in .XML files. Iasmigreader.exe is a command-line tool that exports the configuration settings of IAS on a computer running Windows Server 2003 to a text file. You can obtain the iasmigreader.exe command line migration tool for migrating Windows Server 2003 IAS settings to Windows Server 2008 R2 from the following locations:

  1. Windows Server 2008 R2 installation media provides a copy of the migration tool in the \sources\dlmanifests\microsoft-windows-iasserver-migplugin\ directory.

  2. The migration tool is available in the %windir%\syswow64\ directory on a server running Windows Server 2008 R2.

To export settings from a source server running Windows Server 2003

  1. Copy iasmigreader.exe to the source server into a directory configured in the %path% environment variable.

Tip

To review the source server’s %path% configuration, type echo %path% at a command prompt and press ENTER.

  1. At an elevated command prompt, type iasmigreader.exe, and then press ENTER. The migration tool will automatically export settings to a text file.

Important

Configuration changes made to IAS will take at least one minute to be available for export.

  1. IAS settings are stored in the file ias.txt located in the %windir%\system32\ias directory on the source server. If you are running a 64-bit version of Windows Server 2003, the ias.txt file is located in the %windir%\syswow64\ias directory.

  2. You must manually copy SQL log configuration settings on the source server to a file (example: sql.txt).

    To record these settings:

    1. At an elevated command prompt, type ias.msc, and then press ENTER.

    2. In the IAS console tree, click Remote Access Logging, right-click SQL Server, and then click Properties.

    3. Record the configuration settings on the Settings tab, and then click Configure.

    4. Manually record all configuration settings from the Connection and Advanced tabs by copying them into the sql.txt file. Alternatively, you can click the All tab and enter Name and Value settings displayed on each line into the sql.txt file. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

  3. Copy the ias.txt and sql.txt files to the migration store file location.

Warning

Store the ias.txt and sql.txt files in a secure location. These files contain shared secret information and SQL connection strings.

Important

When you migrate the configuration settings of the IAS role service that is running on a 32-bit or a 64-bit Windows Server 2003–based source server to the NPS role service that is running on a Windows Server 2008 R2–based destination server, the import procedure seems to complete successfully. However, the Extensible Authentication Protocol (EAP) method is misconfigured. This occurs because the migration tool generates a faulty parameter that is stored in the configuration text file (ias.txt). For more information about this issue and for a workaround, see The EAP method is configured incorrectly during the migration process from Windows Server 2003 32-bit or a 64-bit to Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkID=181982).

Exporting settings from Windows Server 2008

Configuration settings for NPS in Windows Server 2008 are stored in .XML files that can be directly imported to the destination server. The Network Shell (NetSh) command line utility can be used to export and import these settings. You can also use the Windows interface to import and export these settings.

Warning

You cannot use the Windows interface or a command line to export or import detailed SQL configuration settings. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

To export settings from a source server running Windows Server 2008 using a command line

  1. On the source NPS server, open an elevated command prompt, type the following command and then press ENTER:

    netsh nps export filename="path\file.xml" exportPSK=YES
    

    Replace path with the directory location where you want to save the source server configuration file, and replace file with the name of the .XML file that you want to save.

  2. Confirm that a message appears indicating that the export to file was successful.

  3. On the source server, type the following command and then press ENTER:

    netsh nps show sqllog > path\sql.txt
    

    Replace path with the directory location where you want to save the source server SQL configuration file, and replace sql with the name of the .TXT file that you want to save. This file contains the basic configuration for SQL logging that is found on the Settings tab in SQL logging properties. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

  4. Copy the file.xml and sql.txt files to the migration store file location. This information will be required for configuration of the destination server.

To export settings from a source server running Windows Server 2008 using the Windows interface

  1. On the source server, open Server Manager.

  2. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS.

  3. Right click NPS, and then click Export Configuration. See the following example.

  4. In the dialog box that appears, select the check box next to I am aware that I am exporting all shared secrets, and then click OK.

  5. Next to File name, type file.xml, navigate to the migration store file location, and then click Save.

  6. If you have configured SQL logging, you must manually record detailed SQL configuration settings.

    To record these settings:

    1. In the NPS console tree, click Accounting and then click Change SQL Server Logging Properties.

    2. Record the configuration settings on the Settings tab, and then click Configure.

    3. Manually record all configuration settings from the Connection and Advanced tabs by copying them into the sql.txt file. Alternatively, you can click the All tab and enter Name and Value settings displayed on each line into the sql.txt file. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

  7. Copy the ias.txt and sql.txt files to the migration store file location.

Exporting settings from Windows Server 2008 R2

Configuration settings for NPS in Windows Server 2008 R2 are stored in .XML files that can be directly imported to the destination server. The Network Shell (NetSh) command line utility can be used to export and import these settings. You can also use the Windows interface to import and export settings.

Warning

You cannot use the Windows interface or a command line to export or import detailed SQL configuration settings. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

Important

The netsh utility does not support migration of template configuration settings. To migrate these settings, you must use the Windows interface.

To export settings from a source server running Windows Server 2008 R2 using a command line

  1. On the source NPS server, open an elevated command prompt, type the following command and then press ENTER:

    netsh nps export filename="path\file.xml" exportPSK=YES
    

    Replace path with the directory location where you want to save the source server configuration file, and replace file with the name of the .XML file that you want to save.

  2. Confirm that a message appears indicating that the export to file was successful.

  3. On the source server, type the following command and then press ENTER:

    netsh nps show sqllog > path\sql.txt
    

    Replace path with the directory location where you want to save the source server SQL configuration file, and replace sql with the name of the .TXT file that you want to save. This file contains the basic configuration for SQL logging that is found on the Settings tab in SQL logging properties. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

  4. Copy the file.xml and sql.txt files to the migration store file location. This information will be required for configuration of the destination server.

To export settings from a source server running Windows Server 2008 R2 using the Windows interface

  1. On the source server, open Server Manager.

  2. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS.

  3. Right click NPS, and then click Export Configuration. See the following example.

  4. In the dialog box that appears, select the check box next to I am aware that I am exporting all shared secrets, and then click OK.

  5. Next to File name, type file.xml, navigate to the migration store file location, and then click Save.

  6. In the console tree, right-click Templates Management and then click Export Templates to a file. See the following example.

  7. Next to File name, type iastemplates.xml, navigate to the migration store file location, and then click Save.

  8. If you have configured SQL logging, you must manually record detailed SQL configuration settings.

    To record these settings:

    1. In the NPS console tree, click Accounting and then click Change SQL Server Logging Properties.

    2. Record the configuration settings on the Settings tab, and then click Configure.

    3. Manually record all configuration settings from the Connection and Advanced tabs by copying them into the sql.txt file. Alternatively, you can click the All tab and enter Name and Value settings displayed on each line into the sql.txt file. For a list of text logging and SQL configuration settings that you need to record manually, see NPS Server Migration: Appendix A - Data Collection Worksheet.

  9. Copy the file.xml, iastemplates.xml, and sql.txt files to the migration store file location. This information will be required for configuration of the destination server.

Importing settings to the destination server

Use the following procedures to import the NPS settings from your x86-based or x64-based source server to an x64-based destination server running Windows Server 2008 R2.

Importing settings from Windows Server 2003

The configuration file ias.txt that was exported from the source server is in a format that can be imported to a destination server running Windows Server 2008 R2. If SQL accounting settings were saved, these settings are recorded manually in the sql.txt file.

Important

When you migrate the configuration settings of the IAS role service that is running on a 32-bit or a 64-bit Windows Server 2003–based source server to the NPS role service that is running on a Windows Server 2008 R2–based destination server, the import procedure seems to complete successfully. However, the Extensible Authentication Protocol (EAP) method is misconfigured. This occurs because the migration tool generates a faulty parameter that is stored in the configuration text file (ias.txt). For more information about this issue and for a workaround, see The EAP method is configured incorrectly during the migration process from Windows Server 2003 32-bit or a 64-bit to Windows Server 2008 R2 (https://go.microsoft.com/fwlink/?LinkID=181982).

To import settings from a source server running Windows Server 2003

  1. Copy the configuration file ias.txt that was exported to the migration store file location to the destination NPS server. Alternatively you can import configuration settings directly from the migration store file location by supplying the appropriate path to the file in the import command.

  2. On the destination server, open an elevated command prompt, type the following command and then press ENTER:

    netsh nps import filename="path\ias.txt"
    

    Replace path with the directory where the ias.txt file is located. Verify that a message appears indicating that the import process was successful.

Tip

If the configuration file is located on a network share, provide full path to the file. For example: netsh nps import filename = “\fileserver1\Data\ias.txt”.

  1. If required, configure SQL accounting. To configure SQL accounting:

    1. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS\Accounting.

    2. Click Accounting and then click Change SQL Server Logging Properties.

    3. Manually enter SQL settings from the sql.txt file that you created.

Importing settings from Windows Server 2008

The configuration file file.xml that was exported from the source server is in a format that can be imported to a destination server running Windows Server 2008 R2. SQL accounting settings are saved in the sql.txt file.

To import settings from a source server running Windows Server 2008

  1. Copy the configuration files file.xml and sql.txt that were exported to the migration store file location to the destination NPS server. Alternatively you can import configuration settings directly from the migration store file location by supplying the appropriate path to the file in the import command.

  2. On the destination server, open an elevated command prompt, type the following command and then press ENTER:

    netsh nps import filename="path\file.xml"
    

    Replace path with the directory where the file.xml file is located. Verify that a message appears indicating that the import process was successful.

Tip

If the configuration file is located on a network share, provide full path to the file. For example: netsh nps import filename = “\fileserver1\Data\file.xml”.

  1. If required, configure SQL accounting. To configure SQL accounting:

    1. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS\Accounting.

    2. Click Accounting and then click Change SQL Server Logging Properties.

    3. Manually enter SQL settings from the sql.txt file.

Importing settings from Windows Server 2008 R2

The configuration file file.xml that was exported from the source server is in a format that can be imported to a destination server running Windows Server 2008 R2. SQL accounting settings are saved in the sql.txt file. If you saved a templates configuration file, iastemplates.xml, you must use the Windows interface to import these settings.

To import settings from a source server running Windows Server 2008 R2

  1. Copy the configuration files file.xml and sql.txt that were exported to the migration store file location to the destination NPS server. Alternatively you can import configuration settings directly from the migration store file location by supplying the appropriate path to the file in the import command.

  2. On the destination server, open an elevated command prompt, type the following command and then press ENTER:

    netsh nps import filename="path\file.xml"
    

    Replace path with the directory where the file.xml file is located. Verify that a message appears indicating that the import process was successful.

Tip

If the configuration file is located on a network share, provide full path to the file. For example: netsh nps import filename = “\fileserver1\Data\file.xml”.

  1. If required, configure SQL accounting. To configure SQL accounting:

    1. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS\Accounting.

    2. Click Accounting and then click Change SQL Server Logging Properties.

    3. Manually enter SQL settings from the sql.txt file.

Using the NPS console to migrate NPS settings

You can also use the Windows interface on the destination server to import configuration settings.

To import settings from a source server using the Windows interface

  1. Copy the configuration files file.xml, iastemplates.xml, and sql.txt that were exported to the migration store file location to the destination NPS server. Alternatively you can import configuration settings directly from the migration store file location by supplying the appropriate path to the file in the import command. If you have custom settings that were recorded using the NPS Server Migration: Appendix A - Data Collection Worksheet, these must be configured manually on the destination server.

  2. On the destination server, open Server Manager.

  3. In the Server Manager console tree, open Roles\Network Policy and Access Services\NPS.

  4. To import template configuration settings, follow steps 5 to 13. If you do not have template settings, skip to step 7.

  5. In the console tree, right-click Templates Management and then click Import Templates from a file. See the following example.

  6. Select the template configuration file iastemplates.xml that you copied from the source server and then click Open.

  7. In the console tree, right-click NPS and then click Import Configuration. See the following example.

  8. Select the configuration file file.xml or ias.txt that you copied from the source server and then click Open.

  9. Verify that a message appears indicating the import was successful. See the following example.

  10. Configure SQL accounting if required using the sql.txt file and the data collection worksheet. To configure SQL accounting, follow steps 11 to 13.

  11. In the NPS console tree, click Accounting and then click Change SQL Server Logging Properties in the details pane. See the following example.

  12. Modify the properties on the Settings tab if required, and then click Configure to enter detailed settings. See the following example.

  13. Using information recorded in the sql.txt file, enter the required settings on the Connection and Advanced tabs, and then click OK. See the following example.

See Also

Concepts

NPS Migration Guide
NPS Server Migration: Preparing to Migrate
NPS Server Migration: Verifying the Migration
NPS Server Migration: Post-migration Tasks
NPS Server Migration: Appendix A - Data Collection Worksheet