Restoring Certificate Services database and enabling NDES
I’d like to know what to do if our Certificate Server, which has the Network Device Enrolment Service (NDES) role enabled, needs to be migrated or restored to new hardware. Specifically, I’m wondering about the following two certificates that are issued to the server during the install of NDES: · Exchange Enrollment Agent (Offline request) (EnrollmentAgentOffline) · CEP Encryption (CEPEncryption) If we install Certificate Services (using the backup of the CA key), Web Enrollment, NDES, and then restore the certificate database & registry key, wont the newly issued certificates for NDES (mentioned above) get overwritten as part of the database restore? Will this cause a problem when trying to use NDES? Would it make more sense to install Certificate Services (using a backup of the CA key), Web Enrollment, restore the certificate database & registry key, and then install NDES? If going this route, should the original certificates (generated during the install of NDES) be revoked or deleted first? Background: We’re a 2003 Native Mode Domain (single Forest, single Domain) and we’re installing Certificate Services on two 2008 R2 Enterprise (domain member) servers. We have a Root and Subordinate (Issuing) server. We’re enabling Credential Roaming for our users, who will be largely using XP. Any comments or suggestions will be most welcome...
February 16th, 2010 3:59pm

The second option does make more sense. The client keys are created on the client - they just authorize to NDES http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs-en-us.aspx When you setup the new NDES server, you don't need to old NDES keys, but you should register your devices with the new NDES server. You realize that credential roaming can seriously increase the size of your Active Directory database, right? Be sure to review the following blog article http://blogs.technet.com/b/askds/archive/2009/12/18/troubleshooting-credential-roaming.aspx
Free Windows Admin Tool Kit Click here and download it now
April 16th, 2012 11:29pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics