MarkJonesMemberJan 17, 2018 at 7:14 am #167385
I’m hoping someone can assist with this. Have been upgrading to Server 2016 and Exchange 2016 from SBS2011. My progress so far is… Added an additional DC running Server2016 This DC also has an SQL instance running on it and I enabled “Windows Essentials Experience. I have installed another Server 2016 server running Exchange 2016, All email services, mailboxes etc are running from Exchange 2016. (Outlook Anywhere using go daddy cert).
I want to decommission the SBS2011 domain controller, but as with any SBS box it blocks the DCPROMO until Certificate Authority Services role is uninstalled……This is my problem!!!!
When enabling Windows Essential Experience on the new 2016 DC, it automatically enabled/installed the new 2016 DC to be a Certificate Authority, so now I have 2 CA in my domain…argh. The original SBS2011 box has a few certs issued, E.G Domain Controller/Client Authentication and a couple of EFS ones (I don’t believe the users would have used ERS on their documents) On the new 2016 DC the Certificate Authority has issued 2 certificates, 1 which is CA Exchange(CAExchange) which expired on 19/10/2017 and another certificate which is “Windows Server Solution Computer Certificate Template” this one has an expiry date of 10/10/2022
Normally I would backup the existing setup and move it over to the new DC using this guide… http://www.itprotoday.com/management…-ca-another-dc
But my situation is now rather different as the new 2016 server already has CA running. I very concerned I may break something if I backup and restore over the top of this new 2016 CA seeing as its already issued cert for “Windows Server Solution Computer Certificate Template”.
Not sure the best option to take….
Decommission old CA and start using new CA only?
Merge the two leaving the new 2016 CA in place?
Revoke the issued cert on 2016 CA and the run the migration process as shown in the link above?
Or something else if you guys have a better/correct solution.
Please can someone advise. Please Please Please
You must be logged in to reply to this topic.