Re: Enterprise CA for us? hardware migration of enterprise Root CA
From: Bob Williamson (BobWilliamson_at_discussions.microsoft.com)
Date: 07/19/05
- Next message: Steven L Umbach: "Re: Administrators Account cannot install updates and programs (Administrator can)"
- Previous message: Patty Calcaterra: "Re: Non-Administrator Operator loging under Terminal services Admi"
- In reply to: Steven L Umbach: "Re: Enterprise CA for us? hardware migration of enterprise Root CA"
- Next in thread: Steven L Umbach: "Re: Enterprise CA for us? hardware migartion of enterprise Root CA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Jul 2005 11:41:20 -0700
Fortunately I have numerous DCs already whch I can trasnfer FSMOs to!
Thanks again,
Bob
"Steven L Umbach" wrote:
> The link below explains what you need to do for transferring a CA to another
> computer including how to backup current CA certificate/private key and
> certificates.
>
> http://support.microsoft.com/?id=298138
>
> Your plan is going to have a degree of complexity because the new CA server
> must have the same name as the old CA server and it is a domain controller.
> What might work is do add/use another domain controller to your network,
> transfer all the FSMO roles and global catalog to it and adjust tcp/ip for
> domain computers so that they have the IP address of the new dc for dns.
> After you are satisfied that the new dc is working correctly by using
> support tools such as netdiag, dcdiag, and looking at the logs in Event
> Viewer for problems then remove certificate services from the old dc [after
> backing up the CA and certificates as described in KB298138] and dcpromo it.
> Then build your new server with the same name as the old server, dcpromo it,
> and then transfer CA to it per KB298138. Before attempting this be sure to
> have a fresh System State backup of your domain controllers for a rollback
> plan in case things do not work as expected. --- Steve
>
> "Bob Williamson" <BobWilliamson@discussions.microsoft.com> wrote in message
> news:AF8DA945-6C4F-4B08-A290-1675D362AE80@microsoft.com...
> > The second part of my question is whether is:
> >
> > 2. On of my biggest concerns is upgrading/replacing the hardware of the
> > CA.
> > I am planning on swapping out the server in the next couple of months by
> > transfering FSMO, DCPromo the server down, rebuild (with the same
> > netbiosname), dcpromo backup etc. How will this affect the CA part of the
> > server? Can I simply export/import the Certs?
> >
> > Thanks,
> > Bob
>
>
>
- Next message: Steven L Umbach: "Re: Administrators Account cannot install updates and programs (Administrator can)"
- Previous message: Patty Calcaterra: "Re: Non-Administrator Operator loging under Terminal services Admi"
- In reply to: Steven L Umbach: "Re: Enterprise CA for us? hardware migration of enterprise Root CA"
- Next in thread: Steven L Umbach: "Re: Enterprise CA for us? hardware migartion of enterprise Root CA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
