Monday, February 20, 2012 1:26 PM
Monday, February 20, 2012 1:22 PM
We are looking to use SCEP to obtain certificates from AD to issue to mobile devices. I do know we need a 2008 R2 server to be able to use SCEP.
The problem we may run into is our Root CA is still running on Server 2000. Does this create any challenges, especially when adding a 2008 R2 as a new Subordinate into our existing certificate server environment?
Monday, February 20, 2012 1:24 PM
Windows 2000 Server OS is past its supportability stage - so this would be the primary issue to be concerned about.
For CA specific questions, refer to the security forum:
Monday, February 20, 2012 1:35 PM
NDES (windows implementation of SCEP protocol) is avaialbe in Windows Server 2003 (as add-on) and newer systems (as a built-in role Network Device Enrollment Service).
Windows Server 2008 CA is compatible with Windows 2000 root.
- Marked As Answer by Bruce-LiuModerator Tuesday, February 28, 2012 10:25 AM
Monday, February 20, 2012 3:34 PM
I agree with Marcin about posting this to the CA forum and Windows 2000 legacy's status.
In addition, and FYI, you'll need a v.2 certificate template for the purpose you posted, which wasn't supported until you install Certificate Services on Windows 2003 Enterprise Edition, or newer, but you need the Enterprise Editions, which the Standard Edition does not provide this template version, except 2008 R2 Standard, but 2008 R2 Std doesn't provide the web enrollment features. The CA forum will give you more specifics about this.
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
- Proposed As Answer by Meinolf WeberMVP Tuesday, February 21, 2012 5:48 AM