Wednesday, July 29, 2009

Migrate IAS from Windows 2003 to Windows 2008

I recently had to migrate IAS running on a Windows Server 2003 to 2008 and was fortunate enough to run across this post: http://blogs.technet.com/nap/archive/2009/01/15/tool-for-migrating-ias-configuration-settings-to-nps-is-now-available.aspx

In a nutshell, using netsh aaa show config to export the IAS settings from 2003 does not put it into the proper import format for Server 2008, thus the import will fail. The link above leads you to Microsoft Hotfix 955995 providing you with the utility IASMigReader.exe which is used to create a properly formatted IAS import file for Server 2008.

Basic steps are to:
1. Install the Network Policy Server Role on the 2008 Server
2. Install the 955995 Hotfix on the 2008 Server and reboot
3. Copy the IASMigReader.exe file from the 2008 to the 2003 Server
4. On the 2003 server, open a command prompt and execute IASMigReader
5. Copy the resulting ias.txt file from the 2003 to the 2008 Server
6. From the 2008 NPS, open a command prompt and execute netsh nps import path\ias.txt
7. Launch the Network Policy Server MMC and verify the settings have been imported and test the new configuration

3 comments:

Cypher said...

An old post, but is exactly what I need.

I am curious did your 2008 server have a different hostname and does that cause any problems? Also how did you deal with a new certificate, was it needed how you implemented that part of the migration.

The last thing I guess is just point all the clients (in my case a bunch of Juniper equipment - VPN, WiFi) to the new server.

Anonymous said...

It will work with a different hostname.

Anonymous said...

Certificate doesn't matter is uses the cert off of the new machine.