Dear all, In our DC, we are planning for a HSM with AD certificate service. The the prerequisites for the HSM are, 1) DC: Windows Server 2008 R2 Enterprise Edition Domain Controller machine. 2)CA: Windows Server 2008 R2 Enterprise Edition Certificate Authority and OCSP Server machine. 3)OCSPClient: Windows Server 2008 R2 Enterprise Edition client machine. I have some query with the above prerequisites. why domain controller with Enterprise edition? . Is it possible to integrate Domain controller and CA server with a single 2008 R2 Enterprise server?. For the OCSP client , its required any dedicated system for testing. please help me .

Hello, installing CA role on a DC is not recommended, this should be done on a domain member server. Details about CA better ask in the security forum, there are the experts. http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Please ask this in Security forum. Additionally please follow http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/66cd9712-b44a-406b-b77f-07ee945bf80f which might help you. Regards, _Prashant_MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Hello, why domain controller with Enterprise edition? . Please see System and Hardware requirements in this link: http://technet.microsoft.com/en-us/library/cc731564%28v=ws.10%29.aspx There is no need that your DC will be with Enterprise Edition. It can be a Standard one. Is it possible to integrate Domain controller and CA server with a single 2008 R2 Enterprise server?. Yes of course. More if you ask them here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads Also note that installing a CA is not recommended for security reasons and because, if one day you to remote the DC, you have to move the CA to another server. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator Microsoft Certified Trainer

Please ask this in Security forum. Additionally please follow http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/66cd9712-b44a-406b-b77f-07ee945bf80f which might help you. Regards, _Prashant_MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Kevin TechNet Community Support

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as Answered as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Kevin TechNet Community Support