Re: ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- From: Gordon Young <Gordon Young@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 22 Sep 2009 16:06:03 -0700
Sorry Martin, I haven't been able to get to this in a few days.
I have few questions:I need to enable remote event viewer, I'll do this and review the event log
1. Are there any problems logged to event log?
2. Is there a possibility you have a firewall misconfigured?No firewall, since this is a test environment I Have disabled the default
firewall
3. Is there a possibility you don't have access rights properly assigned?Since this is a test environment I an testing with the EA/DA account.
4. What registry key have you exported / imported (try to import onlyI did import the entire registry key:
HKLM\System\CurrentControlSet\Services\CertSvc.
I will do a new build with just:
HKLM\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>)?
"Martin Rublik" wrote:
Hi,.
I have few questions:
1. Are there any problems logged to event log?
2. Is there a possibility you have a firewall misconfigured?
3. Is there a possibility you don't have access rights properly assigned?
4. What registry key have you exported / imported (try to import only
HKLM\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>)?
I suggest to install the CA directly on server core and configure it there. You
can use automated scripts in order to install CA on Windows Server 2008 R2. See
http://blogs.technet.com/pki/archive/2009/09/18/automated-ca-installs-using-vb-script-on-windows-server-2008-and-2008r2.aspx
for more details.
HTH
Martin
Gordon.Young wrote:
Hi Everyone!
I am seeking documentation, experiece, etc regarding building an
enterprise SubCA on an server 2008 enterprise R2 Core installation.
Our goal is to build a POC of our enterprise PKI as a grid of r2 core
CA's on clustered HyperV.
we are getting stuck with the R2 Core SubCA piece.
I have one core SubCA up and running, I did the following
1. built the CA first as a full server 2008 enterprise install with
GUI
2. exported the certsrv DataBase + keypair PFX file.
3. built a Core box with same DNS name
4. delete old CA's computer account from AD.
5. joined new CA with same name to AD.
6. installed ADCS core role
7. imported certsrv registry node from the Full server install into
the Core server install.
8 restored DB + PFX backup with certutil (after creating dir
structure)
9. started up the ADCS service, there where no issues.
At this point, I can't enroll for certs from a remote computer on the
same domain as a user with the appropriate access. Also I can't manage
the CA remotely, can't issue a CRL, manage properties, etc.
I am missing something. The CA did write a new CRL, issued a new CA
Exchange key, etc..
Any documentation, suggestions, guidance is much appreciated.
Thanks,
Gordon Young~
--
--
Replace nospam with google's mail for e-mail communication
- References:
- ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- From: Gordon.Young
- Re: ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- From: Martin Rublik
- ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- Prev by Date: how to limit users in group administrators to modify administor's password and groups in windows 2003 server
- Next by Date: Re: ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- Previous by thread: Re: ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- Next by thread: Re: ADCS Ent SubCA on Server 2008 R2 Core - any documentation?
- Index(es):
Relevant Pages
|
