InSearchOf
asked on
Replace a certificate server
I have a win 2008 R2 certificate server that I need to replace. I want to replace it with a win 2016 server virtual server. How to I go about doing that? What to do about the certificates already issued? The Certificate server is also a DC
ASKER
Thanks for the info. Option 1 seems to be the easiest but what am I backing up? I have a windows 2008 R2 server but I am going to a windows 2016 server.
Yes, but it will still work, however, the recommended option is No. 3.
What to backup in Root CA :
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc742388(v=ws.10)
How to Migrate to Win 2016: http://msexchangeguru.com/2016/01/24/root-ca-2008-r2-to-2012-r2/
What to backup in Root CA :
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc742388(v=ws.10)
How to Migrate to Win 2016: http://msexchangeguru.com/2016/01/24/root-ca-2008-r2-to-2012-r2/
ASKER
OK. Let me look into the recommended option instead then. Thanks for the help.
ASKER
You provided a few links. is this the only one I need to follow?
How to Migrate to Win 2016: http://msexchangeguru.com/2016/01/24/root-ca-2008-r2-to-2012-r2/
How to Migrate to Win 2016: http://msexchangeguru.com/2016/01/24/root-ca-2008-r2-to-2012-r2/
ASKER
Also I will be using the same computer name and IP for the new server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK. After removing the physical server will I have any issues re-adding AD DC role with the same name and IP to the virtual server
No, if you properly remove AD DC from it.
You do have more than one DC?
ASKER
Yes I do.
ASKER
One last question. Being that I am doing an in-place upgrade of 2008 R2 to 2012 R2 which is a DC as well are there any other considerations I should be aware of? The Forest and Domain functional levels are already at 2008 R2 and I already have a win 2016 AD server in my environment as well.
and I already have a win 2016 AD server in my environment as well.
are there any other considerations I should be aware of?Then no
1) Replace the existing Certificate server with new server (replacement)
2) Move the certificate server from old to new server
3) Migration to Windows 2016
1) An option is just backup and restore on the new server with the same hostname and IP which means all the clients will still be able to communicate and renew its certificate
2) This option is to backup and restore on a new server with a different hostname and IP address, you will have to request the certificate request from services which you need to add it manually.
3) Best method to migrate, it involves four - 5 steps and it is straight forward.
Backup Root CA
Uninstall Root CA and Domain controller
Install New Root CA server
Restore the Root CA backup
There is an article which explains well about the Microsoft: https://social.technet.microsoft.com/wiki/contents/articles/37373.migrating-ad-certificate-services-from-windows-server-2008-to-windows-server-2016.aspx