Recently I was in the process of replacing a fair number of Windows domain controllers for a customer when an interesting issue was raised. How do we migrate from our existing Windows 2003 IAS based RADIUS install to a new Windows 2008 R2 based NPS? The problem was they had about 2 dozen different devices authenticating against this particular RADIUS server and couldn’t remember the secrets they had used for the devices, and they didn’t want to reconfigure all of the clients.
Enter the solution… iasmigreader.exe (Bulit into Windows 2008 R2 and Later) it’s a command-line tool that exports the configuration settings of IAS on a computer running Windows Server 2003 to an Ias.txt file. This Ias.txt file is in a format that can be imported on an NPS server running Windows Server 2008 with the command netsh nps import path\ias.txt Cool huh?! Here’s a step by step!
- Copy the iasmigreader.exe file from the following folder:
- Paste the file in a computer that is running Windows Server 2003 together with IAS (the IAS server).
- On the IAS server, run the iasmigreader.exe file (NOTE: if you’ve recently made a change to the configuration of the IAS server, please wait 5 minutes before running the iasmigreader.exe file). This creates an Ias.txt file in the%windir%\system32\ias folder. If you are running a 64-bit version of Windows Server 2003, the Ias.txt file is created in the %windir%\syswow64\ias folder.
Note The exported Ias.txt file contains all shared secret information from the configuration. Therefore, make sure that the file is stored in a secure location.
- Copy the Ias.txt file to the location on your Windows 2008 NPS server.
- At the netsh prompt on the NPS server, run the netsh nps import command, and specify the ias.txt file you copied from the IAS server as the parameter. For example, at a command prompt, type the following command: netsh nps import <path>\ias.txt
Now when you open up the NPS MMC snap-in you should see all of your configurations migrated! The great thing is all that’s required is to point your RADIUS clients to their new location and everything should just work because the secrets and individual device settings were all contained in that IAS.txt file. Once you’ve confirmed the conversion is correct remember to delete the IAS.txt file.
Hope this helps someone out!