Re: Move CA problem
- From: fadoul <fadhelbb@xxxxxxx>
- Date: Fri, 17 Feb 2006 00:04:58 +0100
I solved everything with :
I've ensured that the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys directory has full access to Administrators
fadoul a écrit :
HEllo.
We were using the microsoft pki on windows 2000. I have a CA installed on W2K standard domain controller of my forest the pki is used for l2tp vpn conx and eap/tls wifi. This server is CD1.
I upgraded the forest to W2K3 and now i have 2 new domaine controllers GC1 & GC2 with W2K3 sp1 standard edition, and the old DC upgraded from W2K sp4 to W2K3 sp1 standard edition.
Since i upgraded to W2K3 sp1 our CA DC1 server, the autoenrollement do not work anymore. I saw on the web, that sp1 could be the reason of my problem. On the post they propose to uninstall an reinstall.
I have a lot of vpn users wich are always at home, so i preffer to add a new CA on our W2K and add manually the different certificates, since i did that, it is the mess, and i have a lot of problems/errors.
autoenrollement ditribute computers certificates to some computers not to all the computers of the same OU.
from the certificate mmc of any computer with any user of the domain (even with the administrator of the domain) i cannot ask an ipsec certificate from.
Domain controllers did'nt reeive automatically DC certificates...
Is there a a documentation somewhere whic can help me solve this mess ?
Thks
F
- References:
- Move CA problem
- From: fadoul
- Move CA problem
- Prev by Date: weird windows 2000 logon problem
- Next by Date: Re: restoring ntfs partition win2000
- Previous by thread: Move CA problem
- Next by thread: Re: WSUS Replica Servers
- Index(es):
Relevant Pages
|
|
