upgrading Server 2003 to Server 2008 R2

We are switching our servers to 2008 R2 and I need to move the certificates from a 2003 32-bit server to a 2008 R2 64-bit server.  I am actually building a new 2008 R2 DC and I was planning on moving the certs to that and decommissioning the 2003 DC.  What is the best way to go about doing this?

Thanks,
Jon
LVL 1
Tim LewisNetwork ManagerAsked:
Who is Participating?
 
Tim LewisConnect With a Mentor Network ManagerAuthor Commented:
found solution:


Paranormastic:
Confirm that the domain controllers group for this domain is a member of the CERTSRV_DCOM_ACCESS group - this is a local group on the CA server unless the CA is on a DC, then is an AD group.

Run these, in order:
certutil -dcinfo deletebad
certutil -pulse
gpupdate /force

Reboot the DC.

If still giving you problems look into DNS and firewall issues.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
0
 
kgreeneitCommented:
Hi there the best way to do this would be as follows:

build your 2008 R2 dc

update the AD schema as required

install Certificate Services on the 2008 R2 DC

export all of the relevant certificates from the Windows 2003 server ensuring you export the 'Private Key' with them

Import these certificates into the new Windows 2008 R2 DC's CA store

Uninstall the CA from the Windows 2003 DC

Backup any important files on the Windows 2003 DC

DCPROMO the Windows 2003 DC to remove it from the domain as a DC

Remove the old Windows 2003 DC from the domain

Power down the old Windows 2003 DC

This should do the job for you then!
0
 
Tim LewisNetwork ManagerAuthor Commented:
We moved the CA but now it is not handing out certificates.  Please help.

Thanks,
Jon
0
 
Tim LewisNetwork ManagerAuthor Commented:
found answer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.