Event ID 46 — NPS License Compliance
Applies To: Windows Server 2008
The Network Policy Server (NPS) configuration must comply with the Windows operating system license restrictions for the component.
Event Details
Product: | Windows Operating System |
ID: | 46 |
Source: | NPS |
Version: | 6.0 |
Symbolic Name: | IAS_E_SERVICE_LICENSE_VIOLATION |
Message: | This edition of Windows Server cannot support any of the following NPS configurations: - More than 50 RADIUS clients - More than two RADIUS server groups - Client identification by subnet mask To set up your server to support any of these configurations, install a Windows Server edition without these limitations. |
Resolve
Change your NPS configuration to meet the requirements of the operating system edition
This condition occurs when you use the netsh nps import command to import a server configuration that is not valid because it violates the licensing restrictions of the operating system on the target server. For example, if you attempt to import a server configuration that has more than fifty RADIUS clients and the target computer is running an operating system version that allows fifty or fewer RADIUS clients, the condition occurs.
Note: If you attempt to import a server configuration that is not valid while the Network Policy Server service is running, the service continues to run with the last known good configuration.
To perform this procedure, you must be a member of Domain Admins.
To change your NPS configuration to meet the requirements of the operating system edition:
- Take one or more of the following actions, depending on your source computer configuration:
- On the source computer, reduce the number of configured RADIUS clients to fifty or fewer before exporting the configuration to a file. To remove a RADIUS client, click Start, Administrative Tools, Network Policy Server. The Network Policy Server Microsoft Management Console (MMC) opens. In the NPS console, double-click RADIUS Clients and Servers, click RADIUS Clients, and in the details pane, right-click the RADIUS client that you want to delete. Click Delete.
- On the source computer, reduce the number of configured remote RADIUS server groups to two or fewer before exporting the configuration to a file. To remove a remote RADIUS server group, in the NPS console, double-click RADIUS Clients and Servers, click Remote RADIUS Server Groups, and in the details pane, right-click the remote RADIUS server group that you want to delete. Click Delete.
- On the source computer, configure all RADIUS clients using an IP address, not an IP address range, before exporting the configuration to a file. To change the IP address of a RADIUS client, in the NPS console, double-click RADIUS Clients and Servers, click RADIUS Clients, and in the details pane, double-click the RADIUS client whose IP address you want to change. In Address, remove the IP address range, and type the IP address of one RADIUS client.
- On the source computer, export the NPS configuration to a file using the netsh nps export command, with the following syntax: netsh nps export filename=filename.xml exportPSK=YES, where filename.xml is the folder path and file name of the exported configuration file.
- Copy the XML file from the source computer to the target computer.
- On the target computer, import the NPS server configuration from the XML file using the netsh nps import command, with the following syntax: netsh nps import filename=filename.xml, where filename.xml is the folder path and file name of the configuration file that you want to import.
Alternatively, you can upgrade the target computer to an edition of Windows Server 2008 whose features match the NPS server configuration, and then import the original XML file and source computer configuration.
Verify
To perform this procedure, you must be a member of Domain Admins.
To verify that the server configuration complies with the terms of the license:
- Click Start, Administrative Tools, Network Policy Server. The Network Policy Server MMC opens.
- Double-click RADIUS Clients and Servers.
- Click RADIUS Clients, and in the details pane, verify that the server configuration was imported successfully. There should be fifty or fewer RADIUS clients, and each RADIUS client should be configured with an IP address rather than an IP address range.
- Click Remote RADIUS Server Groups to ensure that no more than two remote RADIUS server groups are configured.