Hi all, I am migrating windows 2003 CA to Windows 2008 R2 CA by following http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx now I am verifying migration and check extension as the link: Questions: 1)what should I change <ServerShortName> with olw win03 CA bios name or new target windows 2008 CA name? Verify extensions If the destination server name is different from the source server name, add an LDAP URL specifying a location that references the destination server's NetBIOS name with the substitution variable <ServerShortName>; for example ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>. 2) when I import 03 CA key to Windows 08 server, in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server? 3) will the key CAname under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration] be updated to new win08 CA server manaully? Thank you.

Hi, 1. What should I change <ServerShortName> with old win03 CA BIOS name or new target windows 2008 CA name? A: You do not need to change with <ServerShortName>. If the old server has different physical name with the target server, you need to modify the values of the CAServerName registry settings to point to the new target server name. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\<CA Name>\CAServerName 2. When I import 03 CA key to Windows 08 server, in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server? A: If the old CA database and log files are located in different path, you need to modify the following register to indicate the location on the target server. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration DBDirectory DBLogDirectory DBSystemDirectory DBTempDirectory 3. Will the key CAname under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration] be updated to new win08 CA server manually? A: Yes, after you install new CA role on the target server and import the existing CA certificate. Best Regards, AidenAiden Cao TechNet Community Support

Hi Aiden, Thanks for your help. >1. What should I change <ServerShortName> with old win03 CA BIOS name or new target windows 2008 CA name? >A: You do not need to change with <ServerShortName>. If the old server has different physical name with the target server, you need to modify the values of the CAServerName registry settings to point to the new target server name. >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\<CA Name>\CAServerName I did change CA serverName. There is conflicting info with MS website to mention to change ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>. also, this link mentions that too http://smtpport25.wordpress.com/2010/01/16/migrating-windows-certificate-authority-server-from-windows-2003-standard-to-windows-2008-enterprise-server/ in post migration >2. When I import 03 CA key to Windows 08 server, in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration], there is ConfigurationDirectory key poins to \\oldCA\certconfig, should I delete it since I could not find certconfig folder in 08 server? In windows 2008 R2 CA, there is no ConfigurationDirectory key, right? >3. When I open CA, the servername under Certificate Authority MMC is still the old Windows 2003 CA server, is this right? Thank you.