Re: CA from DC to Member Server
- From: "Brian Komar \(MVP\)" <brian.komar@xxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Jan 2009 10:30:29 -0600
The new server must have:
1) The same NetBIOS name as the original CA
2) The same domain membership as the original CA
In addition, it should have taken over the original computer account when you joined the new machine to the domain.
By deleting the old SID, you have lost the permissions to write to the AD CRL object.
You must restore these permissions. Wherever you deleted the previous SID, you must add the CA computer object with the same permissions
Brian
"Futurist" <futurist@xxxxxxxxx> wrote in message news:O030klUgJHA.4052@xxxxxxxxxxxxxxxxxxxxxxx
I just demote a DC with CA installed. (W2K3 environment).
I followed the steps to Backup and Restore the CA Server on a member server
with the same Active Directory working. The problem is that when I just send
an email I just can't open it when it's encrypted. I'm getting Event ID: 75
and 74 on Event Viewer. I already changed the permissions on Active
Directory "Services Node" deleting the SID from the old Server to the new
server, Which is the exactly account I must add, the computer object on AD?
Hope to hear from you soon.
Thanks...
Futurist
- Follow-Ups:
- Re: CA from DC to Member Server
- From: Futurist
- Re: CA from DC to Member Server
- References:
- CA from DC to Member Server
- From: Futurist
- CA from DC to Member Server
- Prev by Date: Re: Automatic CRL pulication immediately after certificate revocation
- Next by Date: EFS folder for department.
- Previous by thread: CA from DC to Member Server
- Next by thread: Re: CA from DC to Member Server
- Index(es):
Relevant Pages
|
