Windows 2008 R2 ADCS clustering configuration (Network Steve Forum)

Windows 2008 R2 ADCS clustering configuration

Hi I have some questions regarding the ADCS clustering configuration. I did read through the Microsoft documentation of how to set up the CA cluster. Please find my questions for the below scenario: CA1 - Site A - for SSL certificates CA2 - Site A - for device certificates (auto enrollment) CA3 - Site B - for SSL certificates CA4 - Site B - for device certificates (auto enrollment) I would like to set up CA1 & CA3 as first cluster AND CA2 & CA4 as second cluster. Questions: Can the common name for CA1 & CA3 be the same? I guess after the fail over cluster settings, the service name will be used for enrollment service object within AD. Since both CA1 & CA3 will have similar configurations, which one will issue the CRLs. Will clustering work for auto enrollment configurations? Thanks Sanurajan

May 21st, 2012 10:40pm

> Can the common name for CA1 & CA3 be the same? it depends on how you wish to pair them. If CA1 and CA3 nodes are members of the same cluster, then they MUST share the same CA certificate(s) (and CA common name), CA database and configuration settings (configuration settings are replicated by using cluster service means). > Since both CA1 & CA3 will have similar configurations, which one will issue the CRLs. since ADCS supports only 2-node active/passive clustering configurations, then only active node will publish CRLs. > Will clustering work for auto enrollment configurations? yes. all these answers can be found here: http://www.microsoft.com/en-us/download/details.aspx?id=331My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Free Windows Admin Tool Kit Click here and download it now

May 22nd, 2012 2:04am

May 22nd, 2012 2:13am

This topic is archived. No further replies will be accepted.