Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.
In-place upgrade of 2012 R2 Certification Authority to 2016 R2
We have an Enterprise CA, with the Sub CA running on Windows server 2012 R2 VM, configured with Web Enrollment, Web Enrollment Services, Policy Web Service etc all on the same server. The Root CA is also a Windows server 2012 R2 VM and is offline.
We have both Kerberos Authentication certificates deployed for LDAPS and a number of Domain Admins utilizing Smart Card certificates for domain logons.
Since we're planning to do an in-place upgrade, what do you recommend that first gets upgraded, the Root CA or the Sub CA? Also, any things I should take care of pre upgrade and post upgrade, taking into consideration the criticality of both LDAPS and Smartcard services? Apart from taking a snapshot backup in case something goes wrong and I would need to restore the snapshot accordingly.
Thanks in advance :)
We have both Kerberos Authentication certificates deployed for LDAPS and a number of Domain Admins utilizing Smart Card certificates for domain logons.
Since we're planning to do an in-place upgrade, what do you recommend that first gets upgraded, the Root CA or the Sub CA? Also, any things I should take care of pre upgrade and post upgrade, taking into consideration the criticality of both LDAPS and Smartcard services? Apart from taking a snapshot backup in case something goes wrong and I would need to restore the snapshot accordingly.
Thanks in advance :)
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
1st Backup subordinate CA database along with private key
Uninstall CA role from server and shutdown the server - computer account remains in AD
Then backup root CA along with private key
Uninstall root CA
Create new 2016 server in workgroup with same hostname as earlier and restore Root CA from backup
Then install new 2016 member server with same name as earlier and restore subordinate CA from backup
You can get steps from TechNet articles - check both articles carefully
https://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dn486797(v=ws.11).aspx
The both article didn't mention about 2016 server, but I believe the procedure would remains same.
Else you could wait until Microsoft publish official documentation for 2016 server
Mahesh.
Uninstall CA role from server and shutdown the server - computer account remains in AD
Then backup root CA along with private key
Uninstall root CA
Create new 2016 server in workgroup with same hostname as earlier and restore Root CA from backup
Then install new 2016 member server with same name as earlier and restore subordinate CA from backup
You can get steps from TechNet articles - check both articles carefully
https://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/dn486797(v=ws.11).aspx
The both article didn't mention about 2016 server, but I believe the procedure would remains same.
Else you could wait until Microsoft publish official documentation for 2016 server
Mahesh.
Hi Mahesh,
Thanks for the feedback provided. In our case it was decided that an in-place upgrade is to take place. I believe the above steps, excluding the backup part, are more intended for a migration scenario.
Thanks and regards
Thanks for the feedback provided. In our case it was decided that an in-place upgrade is to take place. I believe the above steps, excluding the backup part, are more intended for a migration scenario.
Thanks and regards
Sorry I did not see, the question is asking for in place upgrade
No MS official documentation is available for CA server in place upgrade
But most of the time it seamless and as of now I have not seen / heard any issues
U just need to ensure that you would take CA backup before you go for upgrade, so by chance if upgrade fails, you still can follow approach as suggested in my 1st comment
Also in that case there is no order of sequence you need to follow
U can do root 1st and subordinate 2nd OR vice versa
Mahesh.
No MS official documentation is available for CA server in place upgrade
But most of the time it seamless and as of now I have not seen / heard any issues
U just need to ensure that you would take CA backup before you go for upgrade, so by chance if upgrade fails, you still can follow approach as suggested in my 1st comment
Also in that case there is no order of sequence you need to follow
U can do root 1st and subordinate 2nd OR vice versa
Mahesh.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial