Hey Pete - amazing video, very thorough and understandable. Can this be done in an environment with a single CA? Since you're first removing the CA role, before migrating to a new server, will this process cause any issues if you only have one CA server? And the CRL part, is that optional? is that a role/feature that you need to add during the setup? Thanks,
Yeah, good question. I would prefer not to remove the original CA server if possible, until i verify that the new one is operational. Will that cause issues?
We dont have the intrenet in our organization for the CA server and we need to migrate 2008 server to 2012. so we need to install the IIS on the CA server. please help at earliest.
I followed your instructions step by step, and everything went through just like your video except for one thing. In the CA when I right click on Revoked Certificates >all tasks>publish> new CRL, I get the following error every time. Access is denied. 0x80070005 (Win32: 5 Error_ACCESS_DENIED) Do you know what could cause this, and where I should go from here?
Will this process be exactly the same for 2008 to 2016? I thought I read that you have to first restore to 2012 R2 because of the differences in JET database.
@@PeteNetLive I did get an error trying to restore my 2008 SP2 (Not R2) CA backup to a 2016 Core. It said something about the JET Database version was not supported. I had to first restore to a Server 2012 R2 and then backup that CA. Then I was able to successfully restore to the 2016 Core. Other than that, I followed your video. Thanks for the video!
Is it necessary to remove the ADCS role from the old server before setting up the new on or can I just shut off the old and configure the new one. Asking because I want the ability to put back the old one in case something goes wrong setting up the new one
yea u can. but remember when the migration is completed to never power back on the old server or remove the roles from it. if reusing the same hostname i think it's best not to delete the computer account and just right click and reset it in ad. This way the object is still there in AD but can be used by the new server to join with the same name. The reason is if you delete the object a new computer object gets created and the dns record and adsiedit objects for aia and crl with have still have an unknown (deleted sid computer account) in the owner or security tab.
Just performed this migration but received the following error. Any ideas? I have tried a lot of answers on google but no success yet The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND
Excellent work Pete! To the point and easy to understand.
Excellent video - Feel much more confident migrating our server now
Wow, what a great video. Now if you have a ROOT and SUBORDINATE configuration, would you do the ROOT or the SUBORDINATE CA first?
Excellent video Pete! Very detailed and easy to understand you. I look forward to more goodies.
Hey thanks for the excellent video ! Was this an offline ROOT CA ?
We have a 2 tier pki which one should i upgrade first to root or the sub
Hi, did you find the answer? I have the exact same question and wondering about the steps.
Excellent and easy to follow. Thanks so much.
Hey Pete - amazing video, very thorough and understandable. Can this be done in an environment with a single CA? Since you're first removing the CA role, before migrating to a new server, will this process cause any issues if you only have one CA server?
And the CRL part, is that optional? is that a role/feature that you need to add during the setup?
Thanks,
Yeah, good question. I would prefer not to remove the original CA server if possible, until i verify that the new one is operational. Will that cause issues?
Hi I know it's a long time since you uploaded this video. Question I want to ask does this allow you to create a new cert with SHA2 encryption thanks
Thank you Pete!
We dont have the intrenet in our organization for the CA server and we need to migrate 2008 server to 2012. so we need to install the IIS on the CA server. please help at earliest.
I followed your instructions step by step, and everything went through just like your video except for one thing. In the CA when I right click on Revoked Certificates >all tasks>publish> new CRL, I get the following error every time. Access is denied. 0x80070005 (Win32: 5 Error_ACCESS_DENIED) Do you know what could cause this, and where I should go from here?
Great tutorial! very nicely done!
👏
Great one, thanks a lot
will this work for a standalone ca
Will this process be exactly the same for 2008 to 2016? I thought I read that you have to first restore to 2012 R2 because of the differences in JET database.
Yes- I've never had that problem (from 2008)
@@PeteNetLive I did get an error trying to restore my 2008 SP2 (Not R2) CA backup to a 2016 Core. It said something about the JET Database version was not supported. I had to first restore to a Server 2012 R2 and then backup that CA. Then I was able to successfully restore to the 2016 Core. Other than that, I followed your video. Thanks for the video!
Is it necessary to remove the ADCS role from the old server before setting up the new on or can I just shut off the old and configure the new one. Asking because I want the ability to put back the old one in case something goes wrong setting up the new one
yea u can. but remember when the migration is completed to never power back on the old server or remove the roles from it. if reusing the same hostname i think it's best not to delete the computer account and just right click and reset it in ad. This way the object is still there in AD but can be used by the new server to join with the same name. The reason is if you delete the object a new computer object gets created and the dns record and adsiedit objects for aia and crl with have still have an unknown (deleted sid computer account) in the owner or security tab.
HI Pete big fan of your work. Any videos about upgrading server 2008R2 to Server 2012R2?
many thanks in advance
In place upgrade? I've never done an 'in place' server upgrade in 20 years buddy :)
Just performed this migration but received the following error. Any ideas? I have tried a lot of answers on google but no success yet
The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND