Windows 2003 Certificate Server in Windows 2000 domain with Schema upgraded
Date: 28 Jan 2005 10:46:37 -0800
Windows 2000 forest with 2 Windows 2000 domains. PKI Infrastructure is
built using Windows 2000 advanced servers.
I had added a Windows 2003 Enterprise server as a member server in the
domain and configured Certificate server service on it.
Windows 2003 certsrv was working fine. Issued machine certs and user
Now the change introduced:
In preparation to upgrade the Windows 2000 domain to Windows 2003, I
ran "ADPREP /FORESTPREP" on root domain and "ADPREP /DOMAINPREP" on
both root and child domain. Also, since I have Exchange 2000 in the
Windows 2000 forest, I followed KB314649 to avoid the mangled
At this point schema is updated so that I can install the first Windows
2003 domain controller. However, we have not yet installed the Windows
2003 domain controller.
My certificate issuing servers (Windows 2000) is still working fine.
However, Windows 2003 certificate issuing server is having a problem.
It return error indicating that revocation function failed and
revocation server is offline. However, the revocation server is
Do I have to have a Windows 2003 domain controllers in both root and
child domain for this to work?
Thanks in advance.