We recently added Windows 2008 domain controllers and migrated our Enterprise CA to the Windows 2008 server. How can I verify that it is truly working? The reason I am asking this is because all of our RADIUS authentication has stopped working.Our old Windows 2003 Domain Controller had IAS and the Cert Services on it. The new 2008 DC has NPS and Cert Services. I am not seeing errors in the event log, but from the Cisco devices if I turn on debugging I can see RADIUS SERVER 10.10.10.10:1645, 1646is not responding.The ports are open on the Windows Firewall and we have tried turning it off.Because of the migration of Certs from one box to the other, I am suspicious of the certs being the issue.What would the ramifications be of completely removing Cert Services and building it from scratch. We have almost ZERO certs signed from the CA other than domain computers requesting certs automatically. We have one or two web sites with self signed certs, but they can be redone. They are dev.our exchange and OCS environment is using certs from external trusted companies.

Rather than jumping to the step of tearing it down, check out a few things:1) Have any certificates been issued after the migration (sort by request ID)2) Are there any failed request? What was the reason3) Look for errors on the NPS server. You should see authentication successes or failuresBrian

Sorry for the delay in posting the answer. It actually turned out to be the order of the rules in NPS. Once we re ordered the rules it started working. We had to put the default rules first and third with our rule in the middle.