Solved

Certification Authority and NPS

Posted on 2013-12-23
3
581 Views
Last Modified: 2013-12-23
Installed Certification Authority and NPS on Windows 2008 R2 domain controller but did not configure NPS Certificate Template and Autoentrollment (never used the installation for RAS/IAS/RADIUS).

Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate.

Should I reinstall the Certfication Authority role, select existing certificate and then revoke the certificate before demoting the server to a member server?
0
Comment
Question by:McGruber
  • 2
3 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39736585
Not sure the meaning of "Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate"

If you are not using certificate authority, its no need to reinstall CA role again.
You can just delete the certificate.
If you want to move domain controller role from server and retain certificate authority, now just demote DC role to member server as you already have uninstalled CA role and then reinstall CA role.
Its supported. Do not change server hostname, other wise already issued certificates will fail to check CRL (Certificate revocation list)
Also you cannot change CA common name which is stored in active directory

Let me know if any confusion

Mahesh
0
 

Author Comment

by:McGruber
ID: 39736656
The domain controller is being demoted to a member server and then reloaded.  It had CA and NPS installed.  I removed both roles but did not revoke the certificate before I removed the CA role.  The certificate was never used.  How do I cleanly remove the certificate before demoting the DC?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39736676
If certificate is not required, just delete it from certificate personnel store on server.

Just launch MMC console on server and add local computer certificates console and from there just delete certificate

Mahesh
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question