Windows Server 2003 Certificate Authority (CA) and Windows 2008 DC's
We are in the process of replacing our 2003 DC's with 2008 R2 DC's. We started with some of the smaller sites and things seemed to be going fine. We do notice one problem, however. Our Certificate Authority is still running Windows 2003 Server. In addition to being the CA, this server is also running DHCP, IAS, etc. so we were going to replace it near the end of the upgrade cycle. We examined the Certification Authority on this Windows 2003 Server and noticed that not all of the new DC's have been issues "Domain Controller" certificates. We are looking in the "Issued Certificates" folder and we do a column sort on Certificate Template and scroll thru the hosts with the Domain Controller Certificate Template assigned to iit. About half of our new 2008 DC's show up with a Certificate assigned to them, but the others do not. Trying to figure out why this happened and how to resolve it (that is, getting a Domain Controller Certificate assigned to each new 2008 DC.) I believe one possible fix would be to install hotfix per this: http://support.microsoft.com/kb/922706 It looks like we could install the hotfix on our Windows 2003 DC that is the Certificate Authority and that might allow us to resolve the issue for the DC's that weren't issued the DC Cert. Anyone else run into this problem before? TIA Martin P.
September 22nd, 2010 11:32am

Figured out how to resolve this, though I still don't know why the DC wasn't given a Domain Controller Cert in the first place by the 2003 Cert. Authority. Found fix here: http://techblog.mirabito.net.au/?p=87
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2010 12:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics