Solved

Certification Authority and NPS

Posted on 2013-12-23
3
582 Views
Last Modified: 2013-12-23
Installed Certification Authority and NPS on Windows 2008 R2 domain controller but did not configure NPS Certificate Template and Autoentrollment (never used the installation for RAS/IAS/RADIUS).

Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate.

Should I reinstall the Certfication Authority role, select existing certificate and then revoke the certificate before demoting the server to a member server?
0
Comment
Question by:McGruber
  • 2
3 Comments
 
LVL 36

Expert Comment

by:Mahesh
ID: 39736585
Not sure the meaning of "Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate"

If you are not using certificate authority, its no need to reinstall CA role again.
You can just delete the certificate.
If you want to move domain controller role from server and retain certificate authority, now just demote DC role to member server as you already have uninstalled CA role and then reinstall CA role.
Its supported. Do not change server hostname, other wise already issued certificates will fail to check CRL (Certificate revocation list)
Also you cannot change CA common name which is stored in active directory

Let me know if any confusion

Mahesh
0
 

Author Comment

by:McGruber
ID: 39736656
The domain controller is being demoted to a member server and then reloaded.  It had CA and NPS installed.  I removed both roles but did not revoke the certificate before I removed the CA role.  The certificate was never used.  How do I cleanly remove the certificate before demoting the DC?
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39736676
If certificate is not required, just delete it from certificate personnel store on server.

Just launch MMC console on server and add local computer certificates console and from there just delete certificate

Mahesh
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Domain trust created by PDC name 6 37
Modify Permissions in Windows Folders. 15 33
Remote Desktop Session Host Configuration 2 30
windows 2008 installation hangs 10 11
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question