Re: Installing a Enterprise Root CA in a mixed mode environment

aIrv, thanks again for the response.
The account I am using is both a member of the Enterprise Admins group and
the root Domain Admins group.

I have inherited this network, and it is possible at one time there was a
Enterprise Root CA. If so, how do I clear out the "metadata". Or how can I
be certain that no Enterprise Root CA was ever installed in the domain?

Thanks again.

"Irv" wrote:

What account are you using to do the install? It needs to be a member of the
Enterprise Admins group for the forest and local admin on the server you are
installing onto.

If not that then you may need to do a domainprep. I'm thought you didn't
need to do this for an Enterprise CA but I may be wrong.

Finally, if any components of Certificate services are installed remove them
and reboot the server (last hurrah!)

Good Luck

Irv

"Kurt1231" wrote:

our Schema version is at 31.
Any other reason why I cannot install a Enterprise Root CA on any of my 2003
servers?

"Kurt1231" wrote:

Thank you both for the replies.
If I understand correctly. I need to extend the schema FIRST before
installing a Enterprise Root CA on a Windows 2003 server?
How do I find out what version of Schema I am currently running?
Thanks again.



"Irv" wrote:

To clear things up a bit you can -:

1) Install a Windows 2003 PKI on a W2000 AD
2) Domain and forest functional level is irrelevant
3) You need to extend the schema (version 13 to version 30 I think) to take
advantage of some of the new features of W2003 PKI e.g. version2 templates,
delta CRL's etc.
4) If you have Exchange 2000 installed you will also have to do some work
before the schema update to prevent attribute mangling

HTH

Irv

"twnich+activedirectory@xxxxxxxxx" wrote:

Correct me if I'm wrong, but don't you have to extend your AD Schema to
support Windows Server 2003 before you can introduce W2K3 Enterprise
CA's into your environment?

Have you tried this? Maybe someone else out there can tell me if I'm
right about this or not.

-Tim N.


Disclaimer: The advice in this posting is provided AS IS with no
guarantees or warranty. Use this information at your own risk.


Kurt1231 wrote:
Hello, we are running a mix of W2K and W2K3 servers. I am trying to install
a Enterprise Root CA on one of my W2K3 servers. When I do, I can only
install a Stand alone Root CA. If I go to one of my W2K servers, I CAN
install a Enterprise Root CA.
Is this normal behavior?
How can I install a Enterprise Root CA on a W2K3 server in a mixed mode
environment?
Anyone?


.

Relevant Pages

  • Re: Setup Failure with w2k3 Ent. on IBM Netfinity 7000 M10
    ... The issue is only with Enterprise not with Standard ... server, more files so the layout is slightly different. ... >> I originally tried the install from a backup copy I ... >> the install with the original factory pressed media. ...
    (microsoft.public.windows.server.setup)
  • Re: Enterprise Root Cas x 2?
    ... I seem to think that I now would not want to install Root ... >an enterprise subordinate CA in each domain. ... >> Stand Alond Sub CA ...
    (microsoft.public.win2000.security)
  • Re: Enterprise Root CA Install
    ... It can be any web server location that is publicly accessible. ... offline root should be off the network and the CRL should be periodically ... copied from the offline root to a an online location specified in the CDP ... > an "Enterprise subordinate CA" installation. ...
    (microsoft.public.win2000.security)
  • Re: Novell vs Linux
    ... > have are a joke) on RH Enterprise but haven't made it run on Suse yet - ... way too many parameters on install for which there is no answer and ... > network of that size server by server. ... > Linux servers that hangs onto the side of our Netware stuff. ...
    (comp.os.linux.misc)
  • Re: Enterprise Manager 2000?
    ... MS Web Data administrator acts similar to Enterprise ... Install this on the Database Server. ... Windows 2000 Server which has IIS. ... I am afraid you cannot use Enterprise manager until you ...
    (microsoft.public.sqlserver.server)