Migrate NPS Server KB ID 0001841
Problem
If you have deployed an NPS Server on your network, there may be a time when you want to replace that server – if all its doing is NPS and its 2012 or newer I’d be tempted to simply in-place upgrade it, but some people are rigid in their beliefs that that is not a good idea. So in that case you need to migrate to a new server.
Solution : Migrate NPS Server
Locate NPS Server
Just in case you know you have an NPS server, but you don’t know what server it’s on, (or how many you have!) The simplest way to find out is to look in the RAS and IAS Servers group in AD.
You can use the following procedure on Server 2012 (and newer) If your source server is Server 2008 then you need to use the netsh method I’ll outline below.
Migrate NPS Server : Export NPS Settings PowerShell
On the OLD (source) server,
[box]
Export-NpsConfiguration -Path C:\NPS-PS-Exported.xml
[/box]
Then simply copy that exported XML file to the new NPS server.
Migrate NPS Server : Import NPS Settings PowerShell
At this point I’ll assume that your target server is built, updated and domain joined. So we have three tasks, install NPS, authorise the NPS server in AD, then import the settings from the file you exported above. Note: There is no direct PowerShell command to authorise the new server in AD (at time of writing) So we need to use the netsh command to do that.
[box]
Install-WindowsFeature NPAS -IncludeManagementTools
netsh ras add registeredserver
Import-NpsConfiguration -Path C:\NPS-PS-Exported.xml
[/box]
Then at this point I’d stop and disable NPS services on the old server and give everything a test. REMEMBER if you have RADIUS clients you may need to change the IP address that THEY are set to to the new NPS Server.
WARNING: If you are using authentication protocols that need certification like PEAP–MS-CHAP v2, PEAP–TLS, or EAP–TLS – AND your client are set to check the server’s identification (this is optional usually). Then check the new server has the correct certificates.
Migrate NPS Server (Server 2008)
On older OSs you don’t have the Export-NpsConfiguration and Import-NpsConfiguration PowerShell commandlets to use, so you have to use the netsh command instead.
Export NPS with Netsh
[box]
netsh
nps
export filename="C:\NPS-Exported-NETSH.xml" exportPSK=YES
[/box]
Import NPS with Netsh
[box]
netsh
nps
import filename="C:\NPS-Exported-NETSH.xml"
[/box]
Remove NPS
Once you’ve waited long enough to be sure you no longer need the old NPS server you can remove it with the following commands.
[box]
netsh ras delete registeredserver Uninstall-WindowsFeature NPAS Restart-Computer
[/box]
Note: If you are removing from Server 2008 you may need to use Remove-WindowsFeature NPAS instead!
Related Articles, References, Credits, or External Links
NA