We've recently finiallized both an Enterprice 2008 R2 CA and NDES service installtion configuration. All services are running, to include web enrollment for both. CA sits on a DC, as required, and the NDES roll sits on a standalone machine. All service generated certificates / templates are in place and or issued including SSL certificates for service web front ends.
I'm trying to take the next step in hardening both of the web front ends by requiring SSL web validation and client SSL authentication.
Problem: When examining the site structures, CA and NDES, within the IIS7 configuration manager the following inconsistancies are present:
- Enterprise CA:
o No virtual directory is configured or listed under the Certsrv or Enrollment sub-sites, however as previously stated all servies are up and operational.
2. NDES:
o IIS7 configuration manager doesn't list any Certsrv sub-site, but once again all services are up and runniing. I can process SCEP requests via the web.
The following 2 items are listed under the default site on the NDES service machine: Rpc and RpcWithCert
In past experience I would expect those items to be associated with Exchange, but since NDES is new to me they may be standard.
Not to state the obvious but all Sys32 files and folders are correct as both services are running properly. Can anyone tell me if I've missed some critical article on AD CS or IIS7 that tells me why these 2 conditions are present. Since the Certsrv sub-site exists on the CA I would assume a normal SSL bind will work, but with critical items missing from within IIS7 (at least from my view) i don't want to compound the problem.. Since there is no Certsrv structure on the NDES machines I'm not sure what the best way to proceed is. Any help would be greatly appreicated.
V/R BE