Re: Move CertServices to a new DC
From: Tim (Tim_at_NoSpam)
Date: 06/20/05
- Previous message: James Butler: "Re: is ssl secure enough ?"
- In reply to: Mark Gamache: "Re: Move CertServices to a new DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 20 Jun 2005 20:03:43 +1200
Thanks. Makes some sense.
I recreated the CA manually.
The path to the CA root was definitely different although the drive letter
was the same.
- Tim
"Mark Gamache" <mark.gamache@css-security.com.nospam> wrote in message
news:upIa3vdcFHA.720@TK2MSFTNGP15.phx.gbl...
> I've seen this when you recreate the new sever and have different drive
> letters and folders. Specifically, the certutil -restoredb only will
> restore the db to its original path. If it was on the D: drive on the old
> server it must be on the d: drive on the new server. You can hex edit one
> of the backup files, I can't recall which, and see the path it is looking
> to place the db into.
>
> Hope it helps,
>
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Tim" <Tim@NoSpam> wrote in message
> news:eNV03OYZFHA.4008@tk2msftngp13.phx.gbl...
>> Hi,
>> I have 2 x Windows 2003 Server DC's and am trying to retrench one. To
>> this end I am trying to move the cert services database and following
>> instructions at :
>> http://support.microsoft.com/?kbid=298138
>>
>> (The steps in the above seem a little drastic: certservices is not the
>> only service on the old DC and I would like to keep it around for a small
>> while - off line is fine... any comments? I am happy to keep cert
>> services disabled on it.)
>>
>> After loading the registry with the backup of the keys from the old DC
>> then attempting the restore I am getting an error "Restore of an
>> Incremental image cannot be performed before performing restore from a
>> full image. The directory name is invalid 0x8007010b".
>>
>> I did not tick the Incremental option during either the Backup or Restore
>> steps...
>>
>> The directory name is correct. The backup was taken exactly as per the
>> instructions above. The only thing I have not done in following these
>> instructions is to remove the cert server from the original DC as that
>> would leave me with no regression step.
>>
>> I have tried certutil to the same nett affect - it does not moan about
>> incremental backup but returns the same error number:
>>
>> C:\> certutil -restoredb c:\certbackups
>> restoring database for mydc.mydomain\myCAName/
>> restoring database files: 0%CertUtil: -restoreDB command FAILED:
>> 0x8007010b (WIN32/HTTP: 267).
>>
>> I even tried doing an incremental on the off chance that the tick box was
>> 'upside down' - that fails also, but with a different error.
>>
>> Any help anyone?
>> TIA,
>>
>> - Tim
>>
>>
>
>
- Previous message: James Butler: "Re: is ssl secure enough ?"
- In reply to: Mark Gamache: "Re: Move CertServices to a new DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
