Solved

upgrading Server 2003 to Server 2008 R2

Posted on 2011-02-15
5
320 Views
Last Modified: 2012-05-11
We are switching our servers to 2008 R2 and I need to move the certificates from a 2003 32-bit server to a 2008 R2 64-bit server.  I am actually building a new 2008 R2 DC and I was planning on moving the certs to that and decommissioning the 2003 DC.  What is the best way to go about doing this?

Thanks,
Jon
0
Comment
Question by:Tim Lewis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34898806
0
 
LVL 10

Expert Comment

by:kgreeneit
ID: 34898844
Hi there the best way to do this would be as follows:

build your 2008 R2 dc

update the AD schema as required

install Certificate Services on the 2008 R2 DC

export all of the relevant certificates from the Windows 2003 server ensuring you export the 'Private Key' with them

Import these certificates into the new Windows 2008 R2 DC's CA store

Uninstall the CA from the Windows 2003 DC

Backup any important files on the Windows 2003 DC

DCPROMO the Windows 2003 DC to remove it from the domain as a DC

Remove the old Windows 2003 DC from the domain

Power down the old Windows 2003 DC

This should do the job for you then!
0
 

Author Comment

by:Tim Lewis
ID: 34910209
We moved the CA but now it is not handing out certificates.  Please help.

Thanks,
Jon
0
 

Accepted Solution

by:
Tim Lewis earned 0 total points
ID: 34917235
found solution:


Paranormastic:
Confirm that the domain controllers group for this domain is a member of the CERTSRV_DCOM_ACCESS group - this is a local group on the CA server unless the CA is on a DC, then is an AD group.

Run these, in order:
certutil -dcinfo deletebad
certutil -pulse
gpupdate /force

Reboot the DC.

If still giving you problems look into DNS and firewall issues.
0
 

Author Closing Comment

by:Tim Lewis
ID: 34949695
found answer
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question