T
Tim Ryter
Greetings:
I recently went through the process of moving a Certificate Authority
from one physical server to another. The basic process (since it was
running on a Domain Controller) was to backup the registry and CA on
server1(the old server). Demote and remove from service server1. I
then renamed a domain controller server2 to server1 and performed a
restore of the CA and imported the registry keys.
The major problem I encountered (which was not covered in the articles)
was on the original server1 the system_root was c:\winnt as it was an
upgrade machine. Server2 (which was renamed to server1) was an original
2003 install and thus its system_root was c:\windows. This caused many
problems but I was able to overcome it by installing the CA to C:\winnt
when I ran through the custom install.
The CA is up and running and issuing certificates to the enterprise,
however, I get the following Event ID 10 times:
Source: CertSvc
Category: None
Event ID: 66
Description:
Certificate Services could not publish a Delta CRL for key 0 to the
following location: c:\WINNT\system32\CertSrv\CertEnroll
\blahCAname+.crl. The directory name is invalid. 0x8007010b
(WIN32/HTTP:267).
After 10 of these I get this event:
Source: CertSvc
Category: None
Event ID: 67
Description:
Certificate Services made 10 attempts to publish a CRL and will stop
publishing attempts until the next CRL is generated.
I have followed the process of moving the CA back into the windows
directory by modifying the registry key HKLM\SYSTEM\CurrentControlSet
\Services\CertSvc\Configuration and changing all paths to C:\Windows,
however I cannot find where to change the CRL publish path from C:
\WINNT. This has to be something from the import of the old CA from the
original server1.
Any help would be much appreciated and TIA.
Tim
Articles used during my migration: 555012 and 298138
I recently went through the process of moving a Certificate Authority
from one physical server to another. The basic process (since it was
running on a Domain Controller) was to backup the registry and CA on
server1(the old server). Demote and remove from service server1. I
then renamed a domain controller server2 to server1 and performed a
restore of the CA and imported the registry keys.
The major problem I encountered (which was not covered in the articles)
was on the original server1 the system_root was c:\winnt as it was an
upgrade machine. Server2 (which was renamed to server1) was an original
2003 install and thus its system_root was c:\windows. This caused many
problems but I was able to overcome it by installing the CA to C:\winnt
when I ran through the custom install.
The CA is up and running and issuing certificates to the enterprise,
however, I get the following Event ID 10 times:
Source: CertSvc
Category: None
Event ID: 66
Description:
Certificate Services could not publish a Delta CRL for key 0 to the
following location: c:\WINNT\system32\CertSrv\CertEnroll
\blahCAname+.crl. The directory name is invalid. 0x8007010b
(WIN32/HTTP:267).
After 10 of these I get this event:
Source: CertSvc
Category: None
Event ID: 67
Description:
Certificate Services made 10 attempts to publish a CRL and will stop
publishing attempts until the next CRL is generated.
I have followed the process of moving the CA back into the windows
directory by modifying the registry key HKLM\SYSTEM\CurrentControlSet
\Services\CertSvc\Configuration and changing all paths to C:\Windows,
however I cannot find where to change the CRL publish path from C:
\WINNT. This has to be something from the import of the old CA from the
original server1.
Any help would be much appreciated and TIA.
Tim
Articles used during my migration: 555012 and 298138