Re: Replace current Certificate server

Tech-Archive recommends: Speed Up your PC by fixing your registry

My primary concern is "What am I going to break if I bring up another CA,
while the other CA is still operational?" Will the Domain controllers/Active
Directory still work properly, etc......
Are you using Certs on DCs? What Certs did you issued and what they're used for?

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"thawkz" <thawkz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:2CF5356A-EE9C-435A-8BEC-80EC1FF933EA@xxxxxxxxxxxxxxxx
Thanks for the link, however this does not completely answer my question
above.

Let me rephrase:

I do not think that we need to perform a migration, as we only have 1 or two
certs issued. I am thinking that I can just reissue these couple of
certificates once the new server is installed.

My primary concern is "What am I going to break if I bring up another CA,
while the other CA is still operational?" Will the Domain controllers/Active
Directory still work properly, etc......


"Jorge Silva" wrote:

Hi
check
support.microsoft.com/kb/298138

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"thawkz" <thawkz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:3AA9DEA3-2081-4248-A42D-FBB2B88AD255@xxxxxxxxxxxxxxxx
> Hi,
>
> I have seen several posts on this topic, but none of which relate to my
> specific situation:
>
> 1) Windows 2000 AD
> 2) One CA server - installed on a member server.
> 3) We want to install a new CA server on new hardware.
> 4) I need to know can I simply Install certificate services on the new
> hardware without doing any of the migration steps referenced in other
> posts.
> To my knowledge we do not need the old CA database for anything.
>
> 5) After installing certificate services on the new hardware and making
> sure
> it is working properly, I would then perform the decommissioning steps
> mentioned in the appropriate KB article.
>
> My only concern in doing this is that I do not know the impact on the
> domain
> controllers....How do the DCs use the CA? Would I have to reconfigure
> anything on the domain controllers? Would this approach break anything?
>
> Your help is appreciated.
>
>
>
>


.

Relevant Pages

  • Re: Replace current Certificate server
    ... I checked the "issued certificates" through the CA MMC on the cert server, ... and some of the domain controllers are listed as having certificates....I ... appears the DCs have registered with the CA automatically..... ... I need to know can I simply Install certificate services on the new ...
    (microsoft.public.windows.server.active_directory)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... You should check the dirctory services event log and the system event logs for errors and warning in addition to running the dcdiag /c /v command. ... This event can occur if the domain controllers ... Directory Server Diagnosis ... Verifying that the local machine ALPHA, ...
    (microsoft.public.windows.server.sbs)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... You should check the dirctory services event log and the system event logs for errors and warning in addition to running the dcdiag /c /v command. ... This event can occur if the domain controllers ... Directory Server Diagnosis ... Verifying that the local machine ALPHA, ...
    (microsoft.public.windows.server.sbs)
  • Re: What are the best general things to do after a dirty shutdown (Server SBS)
    ... test network connectivity to local domain controllers. ... Directory Server Diagnosis ... Verifying that the local machine ALPHA, ... The File Replication Service Event log test ...
    (microsoft.public.windows.server.sbs)
  • Re: GP to force Daily Restart
    ... The Security System could not establish a secured connection with the server ldap/DC01.corp.com/corp.com@xxxxxxxxx No authentication protocol was available. ... The network path was not found. ... domain controllers log these events every five minutes. ... every computer on the network must use DNS servers that can resolve SRV ...
    (microsoft.public.windows.server.sbs)