It shouldn't be an issue, and yes I actually prefer using the snap-in. The
URL was just to check and ensure the service is up.
So there are a couple of possibilities.
First, I should mention that it would've been better to migrate the CA.
That would not have required re-issuing certificates and MS does have CA
migration documents available. Depending on how for down this road you've
gone, that may still be worth looking at.
Secondly, make sure the template is installed. In the CA snapin, go to
certificate templates and make sure version 110 for Windows Server 2003 in
installed for domain controllers. If not, add it.
Finally, did you deploy the new root CA cert? That is how other machines
know where to request certificates from. With two CAs co-existing, it is
possible...in fact likely, that your old CA is taking precedence. and
rewriting the registry keys associated with domain CAs. Again, MS provides
documentation on deploying new root CA certs via group policy.
"niewoo" <niewoo@newsgroup> wrote in message
> Hi Cliff - yes, http://<server>/certsrv is online and accessible from
> machines across the domain. However ... it does not list "Domain
> in the drop down when selecting what kind of cert to enroll. Hence I
> the Certificates snap-in was still the correct way.
> The backup DCs I am trying to request new certificates for are Server
> I don't know if that's an issue or not.
> "Cliff Galiher" wrote:
>> The CA service relies on IIS, so if you've made changes to IIS, this
>> cause the problem you are seeing.
>> First things first, lets see if you can *see* the CA's web interface.
>> to http://<your server>/certserv and see if that works...
>> "niewoo" <niewoo@newsgroup> wrote in message
>> > The CA role is installed and functioning on the local SBS2008 server.
>> > However, it does not show up when trying to access a CA from another
>> > machine.
>> > I am trying to perform the last step of decommissioning the old SBS2003
>> > server from the domain as part of migrating from SBS2003 to 2008, but
>> > dcpromo
>> > does not run because the old SBS2003 source server is still a CA. I'm
>> > trying
>> > to gracefully renew certificates by issuing them from the new CA before
>> > removing this role from the old server, however the new CA doesn't
>> > appear
>> > as
>> > a selectable CA. For example, on an existing backup DC on the domain, I
>> > launch the Certificates snap-in (for Computer Account) and try to
>> > request
>> > a
>> > new Domain Controller certificate. Only the old SBS2003 server shows up
>> > as
>> > a
>> > CA.
>> > Any ideas?
>> > Thanks,
>> > Nick.