[Aeropars]

Hi guys!

I have a problem with trying to install a root CA on our network.

When i go through the wizard to install the CA i only have the option for a standalone CA and the enterprise options are greyed out.

I think this might be because I am not an enterprise admin.

We have a top level domain and a child domain. The top levle domain is used for nams sake only in anticipation of other networks being migrated to the one forest. The domain is running in 2003 mode while the forest is in 2000 mode.

With this in mind I logged onto the top level DC and tried to add myself to the enterprise admins group (via a group). I modified the enterprise admins group and clicked to chenge the location it was looking for items and selected the sub domain. I then clicked the objects button to to check that users and groups were selected and all that was showing was contacts and other objects. Why is this?!

Finally, I installed a standalone root CA on a test box. When i did this it installed all the templates yet when i didi this in a live environment the templates are missing.

Can anyone help?

Cheers

Lee

[alien_ri]

To install Enterprise CA your server needs to be member server.
Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA

[Dumber]

For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
Windows 2003 standard only supports standalone ca's.

[jasonboche]

Quote:

Originally Posted by Dumber

For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
Windows 2003 standard only supports standalone ca's.

Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

Enterprise CAs require an AD domain controller. That what the OP is missing.

Jas

[alien_ri]

Enterprise CA requires to be member server, but AFAIK you install it on member server NOT DC

[jasonboche]

My Enterprise root CA is installed on a DC running Win2k3 Standard Edition R2 SP2.
I have another subordinate Enterprise CA installed on another DC in the same domain running Win2k3 Standard Edition R2 SP2.
The CA was actually installed before R2 - the DCs used to be just Win2k3 Standard w/ SP1.

Admittedly since I don't deal with CAs a whole lot, I am foggy on some of the CA requirements and I tried looking up in my pocket admin guide which makes no reference to CAs.

I'll do some more research later today.

[Dumber]

Quote:

Originally Posted by jasonboche

Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

Enterprise CAs require an AD domain controller. That what the OP is missing.

Jas

Well I assumed that he would like to have an autoenrollment which requires a Enterprise server.
I actually needed to rephrase my post.
Enterprise CA does is not required to install on a DC yet it must be a member of the domain.

Here you can find some documentation about CA's
http://technet.microsoft.com/en-us/l.../cc700804.aspx
http://www.microsoft.com/windowsserv...i/default.mspx
http://technet2.microsoft.com/window....mspx?mfr=true

Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
Gives a lot of benfits including auto-enrollment and certificate templates.

[alien_ri]

Quote:

Originally Posted by Dumber

Enterprise CA does is not required to install on a DC yet it must be a member of the domain.

I post it earlier... that your server needs to be member server not DC

Quote:

Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
Gives a lot of benfits including auto-enrollment and certificate templates.

I agree. First you set standalone CA. After you finish configuring it, you take your server offline, that is best admin practics
My advice is to plan your implementation of CA very carefully, as I read about it, there are many tricks in which you can fall

[jasonboche]

Quote:

Originally Posted by alien_ri

To install Enterprise CA your server needs to be member server.
Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA

Enterprise Certificate Authorities install on Windows 2003 Active Directory Domain Controllers, Standard or Enterprise edition (or Datacenter edition I imagine as well).