Moving a Windows Certificate Authority

Jeffrey used Ask the Experts™
For the purpose of Disaster Recover I need to be able to move a Microsoft Windows 2003 Certificate Server from site A to site B. Is there any site/subnet specific dependencies that I need to be aware of? Or, can I just migrate it over to a new site or subnet (just in case a new site or subnet is required) and Active Directory will automatically update?

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Cryptographic Engineer
The biggest hitch is that you need to have the same machine name.  

Virtualized environments make this easier (e.g. VMWare ESX, or at least securely copying the image to the backup site, e.g. in an encrypted ZIP file for additional protection), otherwise you will need to do a local restore from tape.  Another option might be to use 2008 to set up clustering for failover, however most folks don't like the complexity of this option - if you are interested I can post a few links for setting that up and such.

The network IP address/mask isn't an issue beyond getting it assigned and updating DNS like anything else.



Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial