Re: Certificate Services help
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 05 Apr 2007 14:42:38 -0700
=?Utf-8?B?TmV0IEFkbWlu?= <NetAdmin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:10AAEAD6-44AF-4CE3-B970-7EAC070ACF99@xxxxxxxxxxxxx:
I have a server (a DC) in my 2003 forest that has certificate services
installed. I would like to move the whole service over to another
server with a different name. Is that possible? All articles I've read
state that the new server must use the same name as the old one but I
want to keep the old server online. I don't even know what we need
this service for because we don't use certificates in our forest. Do
DCs need certificates to talk to each other?
Our web server uses a 3rd party CA.
The only certificates listed under "Issued Certificates" are Domain
Controllers, and not all DCs are listed.
Thanks in advance for any help with this.
This is a pretty complex issue, because the first thing you need to know is
why someone installed the CA in the first place. If you are not using
certificates for any reason, there is no reason to have a CA; so IF you
aren't using certs, you should revoke all certificates and then uninstall
Certificate Services without installing it on a different server. (When you
install Cert Svcs it automatically issues certs to DCs and installs its
cert in the Trusted Root Certification Authorities store on all domain
member computers.)
But the first step is to find out for sure what you are using the CA for
(email certs, remote access with EAP or PEAP, code signing...???), if
anything.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- Prev by Date: Re: Folder Redirection
- Next by Date: Re: Windows Time Service
- Previous by thread: Folder Redirection
- Next by thread: Win 2K server not accessing shares after restore from tape.
- Index(es):
Relevant Pages
|
