Configuring Windows 2008 as Enterprise CA
-
Thursday, March 27, 2008 6:45 PM
When I try to add the Enterprise Certificate Services role to a Windows 2008 Enterprise server on our domain, Enterprise is grayed out. THe current CA is hosted on a Windows 2003 Enterprise server and I want to move it permanently to the Windows 2008 server. Searches turn up nothing. What am I missing?
Answers
-
Thursday, March 27, 2008 9:49 PM
If you are trying to transfer the 2003 CA to the 2008 CA you will have to upgrade the 2003 server to Windows 2008. You had to do the same thing with Windows 2000 and 2003...
I have some other questions...
Is the 2008 server in your domain?
Are you trying to make it an Enterprise subordinate or Root?
Let me know what's shakin,
All Replies
-
Thursday, March 27, 2008 9:49 PM
If you are trying to transfer the 2003 CA to the 2008 CA you will have to upgrade the 2003 server to Windows 2008. You had to do the same thing with Windows 2000 and 2003...
I have some other questions...
Is the 2008 server in your domain?
Are you trying to make it an Enterprise subordinate or Root?
Let me know what's shakin,
-
Friday, March 28, 2008 7:19 AMModeratorHow to move a CA: http://support.microsoft.com/kb/298138
Does not contain information for Windows Server 2008, but the 2003 instructions will probably suffice. I'd try this in a test environment before doing it in production...
-
Friday, March 28, 2008 1:18 PM
Ok, that is what I needed to know. I am not happy about the hoops, but at least I know. The only enterprise server in our domain at the time I set up the CA to support System Center was my Exchange 2003 server - not ideal, but it was what I had. I added a subordinate 2008 server that I was licensed for, but with the RC1 release to support Vista clients, since I wasn't able to get the full Windows 2008 release yet (I bought a Windows 2003 license with Software Assurance knowing I needed a Windows 2008 Enterprise CA).
One question: Can I add this Windows 2008 server as a subordinate, then after the current CA is upgraded temporarily for the transfer (see below for the plan), can I still move the CA to the subordinate and make it the Enterprise CA?
So, the path I will have to take, with the upgrade plans I have in mind, will be:
1) Wait for EMC to officially support Windows 2008 on our SAN
2) Configure the new Exchange 2007 SP1 HT/CA and Maibox servers with Windows 2008
(Side note: I had Exchange 2007 completely configured, but took it all down when I found out that there was no
migration path to Windows 2008/Exchange 2007 SP1! A whole lot of work for nothing more than the learning experience.)
3) Migrate all email users to the new Exchange 2007/Windows 2008 servers.
4) Remove Exchange 2003 from the old Enterprise server.
5) Upgrade to it from Windows 2003 to Windows 2008, then immediately move the CA to the new server for that purpose
6) Kill the old Windows servers that were supporting Exchange 2003
Have I missed anything?
.png){kind=spacer}
