請確認之後 NPS 伺服器變更的設定Verify Configuration After NPS Server Changes

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

若要確認 NPS 伺服器設定伺服器的 IP 位址或名稱變更之後,您可以使用此主題。You can use this topic to verify NPS server configuration after an IP address or name change to the server.

請確認之後 NPS 伺服器 IP 位址變更的設定Verify Configuration After an NPS Server IP Address Change

可能會有環境,您需要變更 NPS 伺服器或 proxy,例如當您將伺服器移到不同的 IP 子網路的 IP 位址。There might be circumstances where you need to change the IP address of an NPS server or proxy, such as when you move the server to a different IP subnet.

如果您變更 NPS 伺服器或 proxy IP 位址,則必須重新設定您的 NPS 部署的部分。If you change an NPS server or proxy IP address, it is necessary to reconfigure portions of your NPS deployment.

使用下列的一般指導方針協助您確認您的 IP 位址變更不會中斷網路存取驗證、授權或計量 RADIUS proxy 伺服器 NPS RADIUS 伺服器,您網路上。Use the following general guidelines to assist you in verifying that an IP address change does not interrupt network access authentication, authorization, or accounting on your network for NPS RADIUS servers and RADIUS proxy servers.

您必須成員的系統管理員,或相當於,才能執行這些程序。You must be a member of Administrators, or equivalent, to perform these procedures.

若要檢查之後 NPS 設定伺服器的 IP 位址變更To verify configuration after an NPS server IP address change

  1. 重新設定所有 RADIUS 戶端,例如 wireless 存取點和 VPN 伺服器的新 NPS 伺服器的 IP 位址。Reconfigure all RADIUS clients, such as wireless access points and VPN servers, with the new IP address of the NPS server.

  2. 如果 NPS server 的遠端 RADIUS 伺服器群組成員,重新設定 NPS proxy 具有 NPS 伺服器新的 IP 位址。If the NPS server is a member of a remote RADIUS server group, reconfigure the NPS proxy with the new IP address of the NPS server.

  3. 如果您已設定 NPS 伺服器使用 SQL Server 登入,請確認連接的電腦執行 SQL Server,而且 NPS 伺服器之間仍然正常運作。If you have configured the NPS server to use SQL Server logging, verify that connectivity between the computer running SQL Server and the NPS server is still functioning properly.

  4. 如果您有部署保護 RADIUS NPS 伺服器與 NPS proxy 或其他伺服器或裝置間的流量 IPsec,重新 ipsec 或連接安全性規則在 Windows 防火牆使用進階安全性,以使用新的 NPS 伺服器的 IP 位址設定。If you have deployed IPsec to secure RADIUS traffic between your NPS server and an NPS proxy or other servers or devices, reconfigure the IPsec policy or the connection security rule in Windows Firewall with Advanced Security to use the new IP address of the NPS server.

  5. 如果 NPS 伺服器多重主目錄,而且您已設定繫結至特定網路介面卡的伺服器,重新 NPS 連接埠設定新的 IP 位址。If the NPS server is multihomed and you have configured the server to bind to a specific network adapter, reconfigure NPS port settings with the new IP address.

若要檢查之後 NPS 設定 proxy IP 位址變更To verify configuration after an NPS proxy IP address change

  1. 重新所有 RADIUS 戶端,例如 wireless 存取點和 VPN 伺服器的 IP 位址 NPS proxy 的新的都設定。Reconfigure all RADIUS clients, such as wireless access points and VPN servers, with the new IP address of the NPS proxy.

  2. 如果 NPS proxy 多重主目錄,且您已設定 proxy 繫結至特定網路介面卡,重新 NPS 連接埠設定新的 IP 位址。If the NPS proxy is multihomed and you have configured the proxy to bind to a specific network adapter, reconfigure NPS port settings with the new IP address.

  3. 重新使用的 proxy 伺服器的 IP 位址所有遠端 RADIUS 伺服器群組的所有成員的都設定。Reconfigure all members of all remote RADIUS server groups with the proxy server IP address. 若要完成這項工作,每個 NPS 伺服器具有 NPS proxy 設定為 RADIUS client:To accomplish this task, at each NPS server that has the NPS proxy configured as a RADIUS client:

    a。a. 按兩下NPS(本機),按兩下 [ RADIUS 戶端與伺服器,按一下 [ RADIUS 戶端,然後在詳細資料窗格中,按兩下您想要變更 RADIUS client。Double-click NPS (Local), double-click RADIUS Clients and Servers, click RADIUS Clients, and then in the details pane, double-click the RADIUS client that you want to change.

    b。b. 在 RADIUS client屬性,請在位址 (IP or DNS),輸入 NPS proxy 的新的 IP 位址。In RADIUS client Properties, in Address (IP or DNS), type the new IP address of the NPS proxy.

  4. 如果您已設定 NPS proxy 使用 SQL Server 登入,請確認連接的電腦執行 SQL Server,而且 NPS proxy 之間仍然正常運作。If you have configured the NPS proxy to use SQL Server logging, verify that connectivity between the computer running SQL Server and the NPS proxy is still functioning properly.

請確認之後重新命名 NPS 伺服器設定Verify Configuration After Renaming an NPS Server

當您需要變更 NPS 伺服器或 proxy,例如重新命名規格設計伺服器的名稱,可能會環境。There might be circumstances when you need to change the name of an NPS server or proxy, such as when you redesign the naming conventions for your servers.

如果您變更 NPS 伺服器或 proxy 名稱,則必須重新設定您的 NPS 部署的部分。If you change an NPS server or proxy name, it is necessary to reconfigure portions of your NPS deployment.

協助您確認 [伺服器名稱變更不會中斷網路存取驗證,驗證或計量使用下列的一般指導方針。Use the following general guidelines to assist you in verifying that a server name change does not interrupt network access authentication, authorization, or accounting.

您必須成員的系統管理員,或相當於,才能執行此程序。You must be a member of Administrators, or equivalent, to perform this procedure.

若要確認之後 NPS 伺服器或 proxy 名稱變更的設定To verify configuration after an NPS server or proxy name change

  1. 如果 NPS server 的遠端 RADIUS 伺服器群組成員,且群組的電腦名稱,而非 IP 位址設定,請重新設定遠端 RADIUS 伺服器群組具有 NPS 伺服器名稱。If the NPS server is a member of a remote RADIUS server group and the group is configured with computer names rather than IP addresses, reconfigure the remote RADIUS server group with the new NPS server name.

  2. 如果憑證架構的驗證方法在 NPS 伺服器部署,該名稱變更失效伺服器的憑證。If certificate-based authentication methods are deployed at the NPS server, the name change invalidates the server certificate. 您可以從「憑證授權單位系統管理員要求一個新的憑證,或如果您的電腦位於網域成員電腦及您的網域成員註冊憑證,您可以重新整理群組原則」來取得新的憑證透過自動註冊。You can request a new certificate from the certification authority (CA) administrator or, if the computer is a domain member computer and you autoenroll certificates to domain members, you can refresh Group Policy to obtain a new certificate through autoenrollment. 重新整理群組原則中︰To refresh Group Policy:

    a。a. 命令提示字元」或「Windows PowerShell 開放。Open Command Prompt or Windows PowerShell.

    b。b. 輸入gpupdate,然後按 ENTER 鍵。Type gpupdate, and then press ENTER.

  3. 新的伺服器憑證之後,請要求 CA 系統管理員撤銷舊的憑證。After you have a new server certificate, request that the CA administrator revoke the old certificate.

    舊憑證已被撤銷後,NPS 持續使用它,直到結束舊的憑證。After the old certificate is revoked, NPS continues to use it until the old certificate expires. 根據預設,舊的憑證維持有效的一星期 10 小時的時間上限。By default, the old certificate remains valid for a maximum time of one week and 10 hours. 這段期間,可能會不同而定是否憑證撤銷清單 (CRL) 到期與傳輸層級的安全性 (TLS) 快取時間到期經過修改的預設值。This time period might be different depending on whether the Certificate Revocation List (CRL) expiry and the Transport Layer Security (TLS) cache time expiry have been modified from their defaults. 預設 CRL 到期是一星期;預設 TLS 快取到期是 10 小時的時間。The default CRL expiry is one week; the default TLS cache time expiry is 10 hours.

    如果您想要設定 NPS 立即使用新的憑證,但是您以手動方式可以重新設定新的憑證的網路原則。If you want to configure NPS to use the new certificate immediately, however, you can manually reconfigure network policies with the new certificate.

  4. 舊的憑證到期之後,NPS 自動開始使用新的憑證。After the old certificate expires, NPS automatically begins using the new certificate.

  5. 如果您已設定 NPS 伺服器使用 SQL Server 登入,請確認連接的電腦執行 SQL Server,而且 NPS 伺服器之間仍然正常運作。If you have configured the NPS server to use SQL Server logging, verify that connectivity between the computer running SQL Server and the NPS server is still functioning properly.