Windows 2003 Certificate Server in Windows 2000 domain with Schema upgraded

scottklee_at_msn.com
Date: 01/28/05


Date: 28 Jan 2005 10:46:37 -0800


Windows 2000 forest with 2 Windows 2000 domains. PKI Infrastructure is
built using Windows 2000 advanced servers.

I had added a Windows 2003 Enterprise server as a member server in the
domain and configured Certificate server service on it.

Windows 2003 certsrv was working fine. Issued machine certs and user
certs.

Now the change introduced:
In preparation to upgrade the Windows 2000 domain to Windows 2003, I
ran "ADPREP /FORESTPREP" on root domain and "ADPREP /DOMAINPREP" on
both root and child domain. Also, since I have Exchange 2000 in the
Windows 2000 forest, I followed KB314649 to avoid the mangled
attributes.
At this point schema is updated so that I can install the first Windows
2003 domain controller. However, we have not yet installed the Windows
2003 domain controller.

Problem:
My certificate issuing servers (Windows 2000) is still working fine.
However, Windows 2003 certificate issuing server is having a problem.
It return error indicating that revocation function failed and
revocation server is offline. However, the revocation server is
online.

Do I have to have a Windows 2003 domain controllers in both root and
child domain for this to work?

Thanks in advance.

Scott.