Hi, I am trying to move my IAS service from Win 2003 to Network Policy Server on my new Windows 2008 machine. I used IasMigReader.exe and successfully copied settings from IAS to NPS. But my IAS server uses certificates for PEAP authentication which seems not to be migrated with this tool. I tried to use mmc then and open certificates for IAS service and exporting them, then importing on NPS machine but it did not work because the cetificate which appears on IAS console does not appear on the list to be exported. Any comments on how I can export certifictes used by IAS to NPS? Thanks Vad

Hi Vadood, Thanks for posting here. > I tried to use mmc then and open certificates for IAS service and exporting them, then importing on NPS machine but it did not work because the cetificate which appears on IAS console does not appear on the list to be exported. Could you recheck your stored certificates on this server with following the introduction in the article below by using certificate MMC snap in: Certificates Console http://social.technet.microsoft.com/wiki/contents/articles/certificates-console.aspx For more information please refer to the link below: Import and Export Certificates http://technet.microsoft.com/en-us/library/cc782788(WS.10).aspx Network access authentication and certificates http://technet.microsoft.com/en-us/library/cc759575(WS.10).aspx Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, I am trying to move my IAS service from Win 2003 to Network Policy Server on my new Windows 2008 machine. I used IasMigReader.exe and successfully copied settings from IAS to NPS. But my IAS server uses certificates for PEAP authentication which seems not to be migrated with this tool. I tried to use mmc then and open certificates for IAS service and exporting them, then importing on NPS machine but it did not work because the cetificate which appears on IAS console does not appear on the list to be exported. Any comments on how I can export certifictes used by IAS to NPS? Thanks Vad you just need to add new RADIUS server to RAS and IAS Servers group and re-enroll for a certificate. Since RADIUS is on another server (as I see from your initial post) computer name is changed, thus certificate migration is useless, because Subject filed will not match new computer name.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

Thank you for answers, I am still working on the issue. Now I am considering the possibility to buy a server certificate from trusted CAs instead of using the certificates issued by our own windows certificate services CA. I looked at websites for a few CAs and all I find is that they sell SSL certificates for web sites. Do they issue server certificates for use with NPS? Or maybe I am not understanding the matter correctly?

you can ask them for such certificate support.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com

you can ask them for such certificate support. Many of them provide this type of certificates. My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com