Re: Windows Advanced Server 2000 PKI
From: DarrenC [MS] (darrenc@online.microsoft.com)
Date: 03/12/03
- Next message: jianying_tian: "Windows2000 professional 数据恢复问题"
- Previous message: ATK: "SSL HTTPS Certificate authority"
- In reply to: life: "Windows Advanced Server 2000 PKI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "DarrenC [MS]" <darrenc@online.microsoft.com> Date: Tue, 11 Mar 2003 23:39:32 -0800
Without getting into the specifics of your network topology, use the
following as a rough guideline for installing a Windows 2000 Enterprise or
Stand Alone Certificate Authority (CA) in the Active Directory (AD):
1) Install first Domain Controller (DC)
- If installing DNS during DC promotion, be sure that the server has a
statically assigned IP address before invoking dcpromo.exe.
- install or reconfigure your DHCP server accordingly
2) Join Windows 2000 member server to new domain and install Enterprise or
Stand Alone CA
Windows 2000 CA in the AD has two different distinct modes of operation:
(you can obtain more detailed information about these differences in the
online OS help):
A) Stand Alone Root or Subordinate - supports html form based web
enrollment via Internet Information Services (IIS).
B) Enterprise Root or Subordinate -- supports certificate template based
enrollment via: web enrollment, machine auto enrollment, Microsoft
Management Console (mmc.exe) user and machine enrollment. Also
supports Smart card user authentication / logon.
BTW: Use Active Directory Sites and Services mmc console for administration
of the Windows 2000 Certificate Templates -- (Click: View --> Show Services
Node)
-- Regards, This posting is provided "AS IS" with no warranties, and confers no rights. "life" <vvv_edc@yahoo.com> wrote in message news:004b01c2e84f$d72dd240$a001280a@phx.gbl... > I'm trying to setup PKI/Certificate Services on Windows > Advanced Server 2000. Once set-up, I'd like to know how I > can test it to be running. > > The scenario: > We would like to setup PKI having server2 as the > certificate authority. This server runs Windows 2000 > Advanced Server. > > I have another Windows Advanced Server 2000 (let's calll > it server1) where I have installed DOmino 6...both > servers are on the same network in a peer-to-peer set-up > (using a work group). > > Another client PC is running XP. All PCs are located on > the same internal network sharing a common internet > connection shared through a router. > > The router issues dynamic IPs (DHCP). > > Since I wanted to setup Certificate Services, I was asked > to setup Active Directory Services first which in turn > wanted me to set-up DNS first. I tried installing DNS > through the wizard. While our company has a publicly > known domain which is hosted by a third party, outside of > the site where I'm configuring the new Primary Domain > Controller, I chose a different domain name for the > internal network,say internaldomainname. Unfortunately, > the DNS installation have taken so long and we had to > cancel. Active Directory seem to have been installed, > though. But the installation's task bar never got to > finish causing the server to hang. I've been reviewing > the event viewer and the latest problem. > > I'm trying to bring back server2 to the original state > but am encountering DCOM problems which was supposed to > have been disabled (ran dcomconfg; checkbox for default > settings has been unchecked). > > Note that RAM of the server is 512KB and running Windows > 2000 Advanced Server. > > Can you please advise how to go about starting in a more > stable slate and configuring PKI? How can I test if the > Certificate Services have been setup properly? > > I'd appreciate any help you can extend. > > THanks, > > life
- Next message: jianying_tian: "Windows2000 professional 数据恢复问题"
- Previous message: ATK: "SSL HTTPS Certificate authority"
- In reply to: life: "Windows Advanced Server 2000 PKI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
