Moving root CA to new machine

[Guest]

We have a root CA on a windows 2000 box that can not be upgraded to 2003. So the instructions in <http://support.microsoft.com/?id=298138> do not apply.

We have about 10 servers on 2 sites with 4 DC's including 2 subordinate CA's. The rest of the network is now upgraded to 2003 but this last server is holding us back.

How can we get a new root CA installed on the network?

James

 

[David Cross [MS]]

do you want to move the root or just decommission the old and install a new?
I assume the former. why does that KB article now apply? why cannot you
move to a new machine that can run 2003? I think I have a procedure on how
to move a CA in this whitepaper:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

We have a root CA on a windows 2000 box that can not be upgraded to 2003.

We have about 10 servers on 2 sites with 4 DC's including 2 subordinate

CA's. The rest of the network is now upgraded to 2003 but this last server
is holding us back.

 

[Guest]

"Note To move a CA from a server that is running Windows 2000 Server to a server that is running Windows Server 2003, you must first upgrade the CA server that is running Windows 2000 Server to Windows Server 2003, and then you must follow the steps that are outlined in this article."

The old machine (Proliant 800) is not windows 2003 compatible so it can not be upgraded. The machine also had Exchange and a few other services on it which have already been moved to a clean install on a new machine.

I prefer to move but either option is OK as long as I can kill of the Proliant.

James

do you want to move the root or just decommission the old and install a new?
I assume the former. why does that KB article now apply? why cannot you
move to a new machine that can run 2003? I think I have a procedure on how
to move a CA in this whitepaper:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

We have a root CA on a windows 2000 box that can not be upgraded to 2003.

We have about 10 servers on 2 sites with 4 DC's including 2 subordinate

CA's. The rest of the network is now upgraded to 2003 but this last server
is holding us back.

How can we get a new root CA installed on the network?

James

 

[David Cross [MS]]

just apply the same steps and move to a new 2000 machine, then upgrade

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

"Note To move a CA from a server that is running Windows 2000 Server to a

server that is running Windows Server 2003, you must first upgrade the CA
server that is running Windows 2000 Server to Windows Server 2003, and then
you must follow the steps that are outlined in this article."

The old machine (Proliant 800) is not windows 2003 compatible so it can

not be upgraded. The machine also had Exchange and a few other services on
it which have already been moved to a clean install on a new machine.

I prefer to move but either option is OK as long as I can kill of the Proliant.

James

do you want to move the root or just decommission the old and install a new?
I assume the former. why does that KB article now apply? why cannot you
move to a new machine that can run 2003? I think I have a procedure on how
to move a CA in this whitepaper:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

We have a root CA on a windows 2000 box that can not be upgraded to

2003.

We have about 10 servers on 2 sites with 4 DC's including 2

subordinate
CA's. The rest of the network is now upgraded to 2003 but this last server
is holding us back.

How can we get a new root CA installed on the network?

James