question

Adam-5245 avatar image
0 Votes"
Adam-5245 asked Adam-5245 commented

NPS (NAP) 2012 R2 Upgrade and Redundancy

Hello All, I have a server that is 2012 R2 that is running NPS / NAP role. Under NAP nothing specific seems to be configured just default settings. ![80263-image.png][1] [1]: /answers/storage/attachments/80263-image.png I have couple questions: 1) If I export the configurations and import it into a 2016 Server and will everything work good? 2) If I want to have redundancy, can I cluster this role over two servers so that it is active / passive? If this is not possible, what is the correct method of achieving such redundancy?

windows-server-2016
image.png (31.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered Adam-5245 commented

Hi,

Thanks for posting in Q&A platform.

For 1st question, please kindly note that Network Access Protection (NAP) was deprecated in Windows Server 2012 R2 and it was not available in Windows Server 2016.

80589-image-1.jpg

Here is a similar thread talking about the replacement of NAP in server 2016, you could refer to the method mentioned in this thread.

Begining with NAP

If you have a single Network Policy Server, you will experience some downtime as you will have to retire the old machine and setup a new one.

When deploying the destination server with the same host name and IP address, network access requests cannot be evaluated by NPS while the source server is offline and before the destination server brought online with the same name and IP address. During this time, client computers requesting access to the network cannot authenticate and are denied network access.

When deploying the destination server with a different host name and IP address, RADIUS client settings for all network access servers that are configured to use the source server must be updated.

For more detailed steps regarding of how to upgrade NPS server, please refer to the following article:

Upgrading Network Policy Server from Server 2008 R2 to Server 2012 R2

Moving NPS from Windows 2008 to Windows 2016
Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

For your 2nd question, you can configure load balancing for NPS server, for detailed steps, please refer to the following article:

NPS Proxy Server Load Balancing


Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image-1.jpg (39.7 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your response. After referring to all the links and articles, below is what I ended up doing for my environment, in theory it should work. Will test it out soon. My orignal 2012 Server was NPS1 and NPS2 was the newly built 2016 Server with NPS role installed.

There is no built-in Active / Passive availability when it comes to NPS. So here is what will happen:

• Every night at 12:00 on NPS1, NPS configuration (Powershell Script) will be exported and saved to \\fileshare\npsconfig
• Every night at 12:05 on NPS2, NPS configuration will be imported (Powershell Script) and over write the old one.

In the event of NPS1 failure, NPS2 will have all the configuration and ready to serve the clients.

In the event of NPS1 failure, we may still have to assign NPS1s old IP to NPS2 as an additional IP address.

0 Votes 0 ·

Hi,


Just want to confirm the current situations.


Please feel free to let us know if you need further assistance.


Best Regards,
Sunny

0 Votes 0 ·