After the migration of your Network Policy Server (NPS) server is complete, you can perform some tasks to verify that the migration was successful.
Verifying NPS Migration
To verify the functionality of NPS on the destination server, confirm that the service is running, that the correct configuration was migrated, and that client computers can authenticate successfully.
To verify NPS migration
To verify that the NPS service is running on the destination server, type the following command at an elevated command prompt on the destination server and then press ENTER.
sc query ias
In the command output, verify that RUNNING is displayed next to STATE.
To verify that the source NPS configuration has been migrated to the destination server, type the following command at an elevated command prompt on the destination server and then press ENTER:
netsh nps show config
Verify that the destination server is not using default NPS settings. For example, default settings display a single policy under Connection request policy configuration with the name Use Windows authentication for all users.
To verify that the NPS console on the destination server displays the correct settings, type the following command at an elevated command prompt on the destination server and then press ENTER:
nps.msc
The NPS console will open. In the console tree, click Accounting, click Change SQL Server Logging Properties, click Configure, and verify that the correct settings are displayed on the Connection and Advanced tabs.
In the NPS console tree, click Policies and then click Connection Request Policies, Network Policies, and Health Policies. For each type of policy, verify that the correct policies are displayed.
In the NPS console tree, click RADIUS Clients and Servers and then click RADIUS Clients and Remote RADIUS Server Groups. Verify that the correct RADIUS clients and remote RADIUS server groups are displayed.
In the NPS console tree, click Network Access Protection, and then click System Health Validators and Remediation Server Groups. Verify that the correct Network Access Protection (NAP) related settings are displayed.
In the NPS console tree, click Templates Management. If the source server was running Windows Server2008R2, verify that the correct templates settings are displayed.
In the NPS console tree, right-click NPS, click Properties, and then click the Ports tab. Verify that the correct Authentication and Accounting ports are displayed.
To verify the configuration of authentication methods, you must manually review settings in connection request policy and network policy. Certificate based EAP methods require that the proper certificate is chosen, and might require that you provision a computer certificate on the destination server.
Verifying authentication methods
If you use certificate based EAP methods, your destination server might already be provisioned with a suitable certificate through autoenrollment. You might also be required to manually enroll the destination server with a computer certificate. For an overview of certificate requirements for network authentication, see Network access authentication and certificates (https://go.microsoft.com/fwlink/?LinkId=169625).
To view certificates associated with EAP methods, click Start, click Run, type nps.msc, and press ENTER.
In the NPS console tree, open Policies and then open the type of policy you are using to perform authentication. For example, if the option to Override network policy authentication settings is enabled on the Settings tab in a connection request policy, then authentication is performed in connection request policy. Otherwise, authentication is performed in network policy. Authentication can be configured in both types of policies.
For connection request policy, double-click the policy name and then click the Settings tab. For network policy, double-click the policy name and then click the Constraints tab.
Click Authentication Methods, and then under EAP Types click the name of the certificate-based authentication method. For example: Microsoft: Protected EAP (PEAP) or Microsoft: Smart Card or other certificate.
Click Edit, verify that the correct certificate is chosen next to Certificate issued or Certificate issued to, and then click OK.
Note
Client computers using certificate based authentication methods must trust the certification path for this certificate.
To verify that client computers can authenticate using the destination server, attempt to connect to the network using client VPN connection, an 802.1X connection, or another connection that requires successful RADIUS authentication for network access.
Verifying client connections
To verify that client computers are successfully connecting to the network, click Start, click Run, type eventvwr.msc, and then press ENTER.
In the event viewer console tree, open Custom Views\Server Roles\Network Policy and Access Services.
In the details pane, verify under Event ID that event number 6272 is displayed.
Events 6273 or 6274 indicate that client authentication attempts are unsuccessful.
If no events are displayed, client connection requests are unable to reach the destination server, or the server is not logging authentication attempts.
Purpose. Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. It is the successor of Internet Authentication Service (IAS).
Purpose. Network Policy Server (NPS) is the Microsoft implementation of a Remote Authentication Dial-in User Service (RADIUS) server and proxy. It is the successor of Internet Authentication Service (IAS).
To authorize the DHCP server using Active Directory: From the Windows desktop, open the Start menu, select Windows Administrative Tools > DHCP.Expand your DHCP server name, right-click, then select Authorize.
To provide fault tolerance for RADIUS-based authentication and accounting, use at least two NPSs. One NPS is used as the primary RADIUS server and the other is used as a backup. Each RADIUS client is then configured on both NPSs.
As a RADIUS server, NPS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless, authenticating switch, dial-up and virtual private network (VPN) remote access, and router-to-router connections.
By default, NPS listens for RADIUS traffic on ports 1812, 1813, 1645, and 1646 for both Internet Protocol version 6 (IPv6) and IPv4 for all installed network adapters.
NPS must be registered in Active Directory so that they have permission to read the dial-in properties of user accounts during the authorization process.
Network Policy Server logs can be viewed using Windows Server Manager or Windows Event Viewer UI (another system, part of the larger Windows Server package).
An NPS subscriber must fill up the form and submit it to the POP-SP or the CRA. They will take the initiative to activate your account. The NPS account will unfreeze within a few days from your date of submission of the form.
Network Policy Server (NPS) allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.
Introduction: My name is Msgr. Refugio Daniel, I am a fine, precious, encouraging, calm, glamorous, vivacious, friendly person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
