Move CA problem

[fadoul]

HEllo

We were using the microsoft pki on windows 2000. I have a CA installed
on W2K standard domain controller of my forest the pki is used for l2tp
vpn conx and eap/tls wifi. This server is CD1.
I upgraded the forest to W2K3 and now i have 2 new domaine controllers
GC1 & GC2 with W2K3 sp1 standard edition, and the old DC upgraded from
W2K sp4 to W2K3 sp1 standard edition.
Since i upgraded to W2K3 sp1 our CA DC1 server, the autoenrollement do
not work anymore. I saw on the web, that sp1 could be the reason of my
problem. On the post they propose to uninstall an reinstall.
I have a lot of vpn users wich are always at home, so i preffer to add a
new CA on our W2K and add manually the different certificates, since i
did that, it is the mess, and i have a lot of problems/errors.
autoenrollement ditribute computers certificates to some computers not
to all the computers of the same OU.
from the certificate mmc of any computer with any user of the domain
(even with the administrator of the domain) i cannot ask an ipsec
certificate from.
Domain controllers did'nt reeive automatically DC certificates...

Is there a a documentation somewhere whic can help me solve this mess ?

Thks
F

 

[fadoul]

I solved everything with :

I've ensured that the C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys directory has full access to
Administrators


fadoul a écrit :