Hi,
I've done a lot of reading here already but I'm on a dead end. Here's my scenario:
I have 1 Stand-alone root CA plus 2 Enterprise issuing CA's, all running Windows Server 2003. I'm trying to move all servers to a new OS platform: Server 2008 R2. The way I'm seeing this is I have to migrate the Root CA first, then all issuing CA's, so my first question is:
1. Is this correct?
I followed this procedure: http://technet.microsoft.com/en-us/library/cc742388(v=ws.10).aspx. At "To set up a CA on a computer running Windows Server 2008" I specified the backup I made earlier and specified the private key from the 2003 stand-alone root CA. After the wizard finishes, I am able to succesfully start the CA on the 2008 server. Next chapter is "Restoring the database and configuration on the target computer". It prompts to shut down the CA service, which I allow, it restores the DB (which I point to as part of the wizard), when it finishes restoring, it prompts to start the CA service again. This is where the headache starts; it throws an ADCS error "0xc8000220 (ESE: -544)" and it fails to start.
The application log on the target server throws the following errors (in chronological order) :
[source: ESENT - EventID: 916] certsrv.exe attempted to attach database 'C:\windows\system32\certlog\<CANAME> but it is a database restored from a backup set on which hard recovery was not started or did not complete successfully'
[source: CertificationAuthority - EventID: 17] "Active Directory Certificate Services did not start: Unable to initialize the database connection for <CANAME>. Error: 0xc8000220 (ESE: -544).
I have no idea as to what this means so my next Obvious question would be:
2. Please advice in my next step?
Cheers!
Check out my blog you-n-it.net