asked on
In-place upgrade of 2012 R2 Certification Authority to 2016 R2
We have an Enterprise CA, with the Sub CA running on Windows server 2012 R2 VM, configured with Web Enrollment, Web Enrollment Services, Policy Web Service etc all on the same server. The Root CA is also a Windows server 2012 R2 VM and is offline.
We have both Kerberos Authentication certificates deployed for LDAPS and a number of Domain Admins utilizing Smart Card certificates for domain logons.
Since we're planning to do an in-place upgrade, what do you recommend that first gets upgraded, the Root CA or the Sub CA? Also, any things I should take care of pre upgrade and post upgrade, taking into consideration the criticality of both LDAPS and Smartcard services? Apart from taking a snapshot backup in case something goes wrong and I would need to restore the snapshot accordingly.
Thanks in advance :)
We have both Kerberos Authentication certificates deployed for LDAPS and a number of Domain Admins utilizing Smart Card certificates for domain logons.
Since we're planning to do an in-place upgrade, what do you recommend that first gets upgraded, the Root CA or the Sub CA? Also, any things I should take care of pre upgrade and post upgrade, taking into consideration the criticality of both LDAPS and Smartcard services? Apart from taking a snapshot backup in case something goes wrong and I would need to restore the snapshot accordingly.
Thanks in advance :)
Windows Server 2012* policyWindows Server 2016
Last Comment
Robert Muscat
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Answers are given appropriate, Author didn't respond
Hence trying to close
Hence trying to close
ASKER
Thanks Mahesh
ASKER
U just need to ensure that you would take CA backup before you go for upgrade, so by chance if upgrade fails, you still can follow approach as suggested in my 1st comment
Since the OS is a VM, can't I take a snapshot before and restore it if issues are encountered?
Thanks for the feedback provided. In our case it was decided that an in-place upgrade is to take place. I believe the above steps, excluding the backup part, are more intended for a migration scenario.
Thanks and regards