05 Haziran 2012 Salı 01:51
I would like to set up web enrollment for couple of certificate authorities. The certificate authorities are being set up using ADCS 2008 R2 enterprise edition, in a clustered model to counter fail over scenario. the requirement is to minimize the access to CA servers for all provisioning purposes.
Currently, I am looking at two options:
1 - Set up one web enrollment for the clustered CA, so that during the fail over scenario the web enrollment points to the fail over CA.
2 - Set up web enrollment for each of the CAs in the cluster with different URL and access the fail over web enrollment during the event of fail over.
Can anyone please advise me which of these options are feasible and their instructions or reference materials?
Also, is there any better way to achieve the requirements.
Thanks in advance.Sanurajan
06 Haziran 2012 Çarşamba 06:31Moderatör
In order to use web enrollment feature against clustered CA you need to setup a separate server and install web enrollment.
Quote from the following Microsoft Article:
When CAs are clustered, it is recommended that you do not install the Certification Authority Web Enrollment service on the clustered CAs. If you want to configure Certification Authority Web Enrollment, you should install it computers that are not part of the cluster.
Active Directory Certificate Services (AD CS) Clustering (en-US)
In addition, you may also check the following blog to determine that it’s much useful to deploy cluster CAs in your organization.
To Cluster or Not to Cluster CAs
TechNet Community Support