Urgent help -CA migration
-
Friday, May 25, 2012 4:59 PM
Hi all,
I am migrating windows 2003 CA to Windows 2008 R2 CA by following http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
now I am verifying migration and check extension as the link:
Questions:
1)what should I change <ServerShortName> with olw win03 CA bios name or new target windows 2008 CA name?
Verify extensions
-
If the destination server name is different from the source server name, add an LDAP URL specifying a location that references the destination server's NetBIOS name with the substitution variable <ServerShortName>; for example
ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>.
2) when I import 03 CA key to Windows 08 server,
in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server?3) will the key CAname under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration] be updated to new win08 CA server manaully?
Thank you.
- Edited by SGryzbowski Friday, May 25, 2012 5:01 PM
- Edited by SGryzbowski Friday, May 25, 2012 5:02 PM
- Edited by SGryzbowski Friday, May 25, 2012 5:50 PM
-
All Replies
-
Tuesday, May 29, 2012 2:19 AMModerator
Hi,
1. What should I change <ServerShortName> with old win03 CA BIOS name or new target windows 2008 CA name?
A: You do not need to change with <ServerShortName>. If the old server has different physical name with the target server, you need to modify the values of the CAServerName registry settings to point to the new target server name.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\<CA Name>\CAServerName
2. When I import 03 CA key to Windows 08 server, in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server?
A: If the old CA database and log files are located in different path, you need to modify the following register to indicate the location on the target server.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration
DBDirectory
DBLogDirectory
DBSystemDirectory
DBTempDirectory
3. Will the key CAname under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration] be updated to new win08 CA server manually?
A: Yes, after you install new CA role on the target server and import the existing CA certificate.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support
- Proposed As Answer by Aiden_CaoMicrosoft Contingent Staff, Moderator Tuesday, May 29, 2012 2:19 AM
-
Tuesday, May 29, 2012 1:58 PM
Hi Aiden,
Thanks for your help.
>1. What should I change <ServerShortName> with old win03 CA BIOS name or new target windows 2008 CA name?
>A: You do not need to change with <ServerShortName>. If the old server has different physical name with the target server, you need to modify the values of the CAServerName registry settings to point to the new target server name.
>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\<CA Name>\CAServerName
I did change CA serverName. There is conflicting info with MS website to mention to change
ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>. also, this link mentions that too http://smtpport25.wordpress.com/2010/01/16/migrating-windows-certificate-authority-server-from-windows-2003-standard-to-windows-2008-enterprise-server/ in post migration>2. When I import 03 CA key to Windows 08 server, in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server?
In windows 2008 R2 CA, there is no ConfigurationDirectory key, right?
>3. When I open CA, the servername under Certificate Authority MMC is still the old Windows 2003 CA server, is this right?
Thank you.
- Edited by SGryzbowski Tuesday, May 29, 2012 3:12 PM
.png)
