+ Post New Thread
Results 1 to 8 of 8
Windows Server 2000/2003 Thread, I want to move my CA and decomision a server in Technical; Has anyone decommissioned a DC that is currently the CA authority? I was hoping to bring a new member server ...
  1. #1
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23

    I want to move my CA and decomision a server

    Has anyone decommissioned a DC that is currently the CA authority?

    I was hoping to bring a new member server up with the same name but running 2008 as our SQL Server, since the current box performs the same role.

    And create a New Member server (probably a virtual one) to host the CA (as it looks like your not supposed to put a CA on a DC oops..)


    It looks horribly complicated to move a CA off a DC, i get the impression that i have either rename the new CA as the same or ails it.

    Has anyone been through this process?

    i was also considering destroying and re-creating the CA but i guess this will have implications on any one who has EFS Certs?

    Any advice would be gratefully received.

  2. #2
    mb2k01's Avatar
    Join Date
    Jan 2007
    Posts
    1,133
    Thank Post
    189
    Thanked 228 Times in 194 Posts
    Rep Power
    92
    I'm not sure I'd want to virtualise the CA, but i'm not too experienced on virtualisation (unfortunately), so maybe others will say there is nothing wrong with it.

    As long as the FSMO roles are assigned to active servers you shouldn't have a problem.
    Having the CA on the DC shouldn't cause an issue - it's just one of those pieces of advice that sometimes (often) get ignored in the real world.

  3. #3

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,168
    Thank Post
    98
    Thanked 319 Times in 261 Posts
    Blog Entries
    4
    Rep Power
    112
    Is this the sort of thing you're looking for: How to move a certification authority to another server ?

  4. #4
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    that's one of the Docs I read...

    but does state that the Server must have the same name as the previous CA Server.

    which kinda may not be possible, as I wanted to keep the previous server name for the SQL to save a lot of re config on Sharepoint etc...

    The Other issue is that according to the Docs to go 2003 -> 2008 you need to do an inplace upgrade either before you move the CA on original server or after you move the CA on the new Server. to complicate it some more the 2k3 is 32-bit and the new DB server will be 2K8x64

    i was hoping to move the CA to a virtual 32 bit 2k3 server with a new Name and leave the DB Server with the original name and just being a DB server...

    Just wondering if any has ever moved there CA before ?

  5. #5

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    The server needs to be the same name as any certificates are signed using that server name, so all the certificates would be invalid if you changed it's name.
    Depending on the number of certificates and devices using the certificates, it may actually be easier to use a different name for the SQL server.

  6. #6
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    I'm begining to think this too..

    I might bite the bullet and rebuild my MOSS farm.. can't believe you can't just point it to another DB server lol!!!!

    So the Next question is... if I keep the CA as SERVERX is it ok for it just to be a member server in the future as it is currently a DC?

    Gordon.

  7. #7

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,174
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    Yes it's fine. Our certificate server was a DC that has been demoted and now virtualised without problems.

  8. Thanks to teejay from:

    k-strider (18th March 2009)

  9. #8
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    357
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    23
    TeeJay did you do this bascially?

    Backup Cert as per ms guidelines
    REmove CA Services
    Demote the DC
    ?Destroy original SErver
    ?Make new Virtual Server
    or
    ?Virtualizes the existing demoted server
    Reinstall Certificate Services.

    Thanks Gordon.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 16
    Last Post: 15th October 2008, 03:15 PM
  2. move mysql to new server
    By RabbieBurns in forum *nix
    Replies: 6
    Last Post: 20th June 2008, 05:48 PM
  3. Replies: 2
    Last Post: 8th March 2008, 02:18 PM
  4. exchange server 2003 move mailboxes
    By Uraken in forum Wireless Networks
    Replies: 2
    Last Post: 21st January 2008, 11:33 AM
  5. sims server move
    By Oops_my_bad in forum MIS Systems
    Replies: 8
    Last Post: 4th June 2007, 12:49 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •