This is the last and final part with back-out procedure of step by step instruction for subordinate CA migration from windows server 2003 to windows server 2008 R2
1. Back-Out Procedure
In case of migration failure i.e. if the Certificate authority service fails to stop, auto enrollment failure or error/issue in any of the verifying migration steps. Then the back-out procedure has to be executed to restore the CA service on the source server.
Log on to the destination server, and start Server Manager.
In the console tree, click Roles.
On the Roles pane click, Remove Roles
If the Before you begin page appears click Next
On the Remove Server Roles, Uncheck ACTIVE Directory Certificate Services and click Next
Click Remove on the Confirm Removal Selection and restart the server once completes
Remove Destination server from domain
Rename the Destination server
Rename the source server to the initial name
Add the source server to domain
Launch Add or Remove programs and select add/remove windows components and select Certificate Service and click, Next
Select Enterprise Subordinate CA as CA Type and select “Use custom settings to generate the key pair and CA Certificate”
On the Public and Private Key Pair click Import and select the backed up file .p12 and enter the password and click next
Click Next to proceed with the CA configuration and close
Launch Certificate Authority snap in
Select CA node and click on Actions, All Task and Restore CA
On the Items to Restore select Private key and CA Certificate and Certificate Database and Certificate Database Log
Browse the CA DB Location and Click Next
Enter the password set while backing up the CA
Open a command prompt window.
Type certutil -setcatemplates +<templatelist1>,<templatelist2>.. and press ENTER.
Hope this article was informative and helpful to you . This is based on test with real time scenario.
Below are the links of other part of the article
Please comment if you like this article 🙂