Installing a replica Mi-Token authentication server allows you to provide scalability and reliability for your Mi-Token 2-factor authentication deployment. A replica server contains a synchronized copy of the Mi-Token AD LDS database and can handle authentication requests the same way as the primary server. Here are the key steps to install a replica:


  1. Ensure you are logged in with an AD LDS administrator account that also has Domain Administrator rights.
  2. Run the Mi-Token RADIUS plugin installer executable on the server you want to designate as the replica. Follow the standard RADIUS plugin installation steps.
  3. When prompted to create a new AD LDS instance or use an existing one, select the option to "Create a replica of an existing Mi-Token instance on this server".
  4. Enter the details for the new replica AD LDS instance - instance name, LDAP port, SSL port, and database folder. It's recommended to keep the default ports unless you have a specific need to change them.
  5. Provide the server name and port of the existing primary AD LDS instance that this replica will synchronize with.
  6. Configure the replica's NPS server the same way you did for the primary, by adding RADIUS clients and configuring connection request policies.
  7. If you have Mi-Token Reporting set up, run the remote PowerShell commands provided in the Reporting Setup tool to grant the Event Collector Service permission to read event logs from the replica server.
  8. Verify replication is working by checking that the replica's AD LDS is being populated with data from the primary. You can also monitor the event logs on both servers.


With those steps, your replica Mi-Token authentication server will be installed and ready to handle authentication requests, providing both scalability and data redundancy for your Mi-Token deployment. Refer to the Mi-Token documentation for full details on the replica installation process and requirements.