jasondimaio
asked on
Decommission a 2003 Server - Certificate Services
I've got a Server 2003 DC that I want to demote and decommission. I've had the Certificate Services Service disabled for months, so I'm positive that demoting this should not be an issue to my environment. However, when I follow this guide, http://support.microsoft.com/kb/889250 I don't see anything like what they show when I'm even in the certutil -key step. Can you help me decommission this server, please?
ASKER
Oddly, your link takes me to a page where I can edit my TechNet profile.
I don't recall using Cert Svcs for anything other than maybe a self-signed cert or two awhile back. Exchange 2003 used to be on this machine. I actually didn't build it out. I inherited it.
When I type certutil -key, I get
Microsoft Strong Cryptographic Provider:
2dbdc423-b316-47aa-a10d-84 79b6f26f36
AT_KEYEXCHANGE
ex01
AT_SIGNATURE
39eeeb5c-db12-46cf-b190-49 39b539b91f
AT_KEYEXCHANGE
ex01-Xchg(36)
AT_KEYEXCHANGE
EXPWMGMT-9f2ee89acc07425fb a591dfbd8f b31fb
AT_KEYEXCHANGE
a1e96cee-87d6-407b-b2ff-7e a406a8ca59
AT_KEYEXCHANGE
MS IIS DCOM Server
AT_SIGNATURE, AT_KEYEXCHANGE
49db4752-e0c6-4358-9cdd-94 f41656e7a1
AT_KEYEXCHANGE
09ba51f7-74ff-48d3-82d2-28 2fdf5b7d10
AT_KEYEXCHANGE
4640d838-4dda-419a-9ea7-36 e355dbf02d
AT_KEYEXCHANGE
ex01(1)
AT_SIGNATURE
7fe46022-db42-4acf-95b8-e9 0230725eb1
AT_KEYEXCHANGE
33298f50-35cc-446a-941c-7f ab615351ae
AT_KEYEXCHANGE
47c7fe5c-0be6-4e4c-bb1b-cf 3326c437b0
AT_KEYEXCHANGE
790f3e5d-75ea-4001-a7ae-bd a6aad7b0bd
AT_KEYEXCHANGE
5e8e752e-45ed-4001-9521-89 c419f99c63
AT_KEYEXCHANGE
Microsoft Internet Information Server
AT_SIGNATURE, AT_KEYEXCHANGE
And a few more along those lines.
I don't recall using Cert Svcs for anything other than maybe a self-signed cert or two awhile back. Exchange 2003 used to be on this machine. I actually didn't build it out. I inherited it.
When I type certutil -key, I get
Microsoft Strong Cryptographic Provider:
2dbdc423-b316-47aa-a10d-84
AT_KEYEXCHANGE
ex01
AT_SIGNATURE
39eeeb5c-db12-46cf-b190-49
AT_KEYEXCHANGE
ex01-Xchg(36)
AT_KEYEXCHANGE
EXPWMGMT-9f2ee89acc07425fb
AT_KEYEXCHANGE
a1e96cee-87d6-407b-b2ff-7e
AT_KEYEXCHANGE
MS IIS DCOM Server
AT_SIGNATURE, AT_KEYEXCHANGE
49db4752-e0c6-4358-9cdd-94
AT_KEYEXCHANGE
09ba51f7-74ff-48d3-82d2-28
AT_KEYEXCHANGE
4640d838-4dda-419a-9ea7-36
AT_KEYEXCHANGE
ex01(1)
AT_SIGNATURE
7fe46022-db42-4acf-95b8-e9
AT_KEYEXCHANGE
33298f50-35cc-446a-941c-7f
AT_KEYEXCHANGE
47c7fe5c-0be6-4e4c-bb1b-cf
AT_KEYEXCHANGE
790f3e5d-75ea-4001-a7ae-bd
AT_KEYEXCHANGE
5e8e752e-45ed-4001-9521-89
AT_KEYEXCHANGE
Microsoft Internet Information Server
AT_SIGNATURE, AT_KEYEXCHANGE
And a few more along those lines.
is this a AD intergrated Certificate? Also check if you have enabled auto enrollement via gpo?
ASKER
As I said, I didn't deploy this machine, but it was the first DC in this domain. Certificate Services Client - Auto-Enrollment in my Default Domain Policy is not configured.
if it is a first DC, leave it. Try to find, why it was used. Removing cert server without knowing the reason might break application to work.
ASKER
This server will be decommissioned. I can't leave it up forever. I don't have the cooling or the power to leave it up. Cert Services have been disabled for over 3 months on this box.
What about FSMO roles, i assume you moved it over to other server. If so, i don't think any issue with decom this server.
ASKER
FSMO roles were moved, yes.
The problem is that I can't demote the DC without removing Cert Svcs from the server. I can't remove Cert Services, because according to the original link I posted, I should be seeing different output than what I'm seeing, and I can't find anything else that tells me how to properly remove Cert Svcs.
The problem is that I can't demote the DC without removing Cert Svcs from the server. I can't remove Cert Services, because according to the original link I posted, I should be seeing different output than what I'm seeing, and I can't find anything else that tells me how to properly remove Cert Svcs.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It wasn't really the best solution, but it worked for me.
Just wondering if there were any services on there before.
Another good thread that I've referenced before http://social.technet.microsoft.com/Forums/en-US/winserversetup/thread/d922860b-c8cd-4ed5-9b0b-05391c18afc0
Thanks
Mike