Link to home
Start Free TrialLog in
Avatar of Robert Muscat
Robert Muscat

asked on

In-place upgrade of 2012 R2 Certification Authority to 2016 R2

We have an Enterprise CA, with the Sub CA running on Windows server 2012 R2 VM, configured with Web Enrollment, Web Enrollment Services, Policy Web Service etc all on the same server. The Root CA is also a Windows server 2012 R2 VM and is offline.

We have both Kerberos Authentication certificates deployed for LDAPS and a number of Domain Admins utilizing Smart Card certificates for domain logons.

Since we're planning to do an in-place upgrade, what do you recommend that first gets upgraded, the Root CA or the Sub CA? Also, any things I should take care of pre upgrade and post upgrade, taking into consideration the criticality of both LDAPS and Smartcard services? Apart from taking a snapshot backup in case something goes wrong and I would need to restore the snapshot accordingly.

Thanks in advance :)
SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Robert Muscat
Robert Muscat

ASKER

Hi Mahesh,

Thanks for the feedback provided. In our case it was decided that an in-place upgrade is to take place. I believe the above steps, excluding the backup part, are more intended for a migration scenario.

Thanks and regards
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Answers are given appropriate, Author didn't respond
Hence trying to close
Thanks Mahesh
U just need to ensure that you would take CA backup before you go for upgrade, so by chance if upgrade fails, you still can follow approach as suggested in my 1st comment

Since the OS is a VM, can't I take a snapshot before and restore it if issues are encountered?