That is what I would really like to avoid if at all possible. From every TechNet article I can find it appears that you have to have the same name for both servers (although I have found a couple of articles that do say that you can edit the backed up registry entries for match a new server name) and that you must have the same %windows% directory on both machines. Since neither of those rules apply to my situation I'm leaning towards going with this approach, http://support.microsoft.com/kb/889250 after which I looks like a new CA should be able to be installed on a 2008 server to start distributing new certs. I was really hoping that I wasn't the first person to try this foolishness, but maybe I am. Guess it'll be something fun to blog about assuming it all comes out the other end intact. TVK
From: Kennedy, Jim [mailto:[email protected]] Sent: Friday, December 19, 2008 1:25 PM To: NT System Admin Issues Subject: RE: Certificate Authority move during Windows 2008 upgrade. I completely blew up our CA system during the move from 2003 to 2008. Thankfully it is only a handful of laptop users that occasionally authenticate with certs to our wireless routers. No idea what I did wrong. Wish I could be more help. From: Rob Bonfiglio [mailto:[email protected]] Sent: Friday, December 19, 2008 1:01 PM To: NT System Admin Issues Subject: Re: Certificate Authority move during Windows 2008 upgrade. My question is if anyone has moved their CA from 2003 to 2008 yet, and if so, have there been any issues ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
