SBS 2003 and beyond

Mar 16 2009   2:33AM GMT

2003 Server and Enterprise CA Restore



Posted by: Roger Crawford
Tags:
Enterprise CA
Windows Server 2003

Well as stated in the previous post we had a 2003 DC that was the FSMO Master and also the Enterprise CA for the domain die on us. When we had the Virtual DC running I did a back of the CA to another folder on another server. You also need to backup the registry key but more on that later. We got the bad DC demoted and once I had the DC’s back to talking we brought the Physical Server that had the FSMO Roles on it that we had demoted down to a member server back up and rejoined the domain with the server and once we was back to the desktop we installed the Enterprise CA and then restored the server using the CA backup I had run earlier.

When we tried starting the CA it had the error “Certificate Services did not start: Could not load or verify the current CA Certificate.  MyDomain Root CA Bad Key” error. Ok now what well I dug some more and found we should have also exported the “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\”mydomain Root CA” registry key. We went back to the Virtual DC and made sure it was not connected to the domain and exported this key and then got it moved over to the server we had this on. Did a import of the reg key and the service then started and away we went life was good and happy dance time.

 

Til later just Roger

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: