Tech Support Guy banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
251 Posts
Discussion Starter · #1 ·
Hi! I'm setting up a vpn lab, and one of the computers is supposed to be the enterprise root ca. It's a member server. When I try to set up the ca, the enterprise part is greyed out. I did a google search, and an answer was to run adsiedit.msc with 19 steps to setup the public keys service. My question is, do I run this on the domain controller or on the member server I'm going to put the ca on? I tried the member server and received messages that the domain connection couldn't be found, another saying that the connection configuration couldn't be loaded, and one that says the schema coulsn't be loaded. I know I'm connected to the domain since I just joined the member server to the domain, and I pinged it. Any and all responses will be greatly appreciated. Thanks.
 

·
Registered
Joined
·
1,967 Posts
I have always set up my CA on a domain controller. In fact, I'd set up the root, issue a certificate, then take the root offline.

I would not use adsiedit. In my opinion, it is the most dangerous tool ever invented for Windows Server 2003.

Courtney
 

·
Registered
Joined
·
251 Posts
Discussion Starter · #3 ·
Thanks for the response. I'm just following the lab manual. It says to configure the enterprise root ca on the member server. Then I did a google search to find out why the enterprise choice was greyed out, and that's the solution a few sites came up with, including microsoft. I don't know anything about this, and that's why I'm doing it. I can always format and reinstall if something goes wrong. So, should I run adsiedit on the domain controller insteadm of the member server? Thanks.
 

·
Registered
Joined
·
251 Posts
Discussion Starter · #4 ·
Ok, I figured out how use the adsiedit.msc to connect to the DC, and this shows that the Public Key Services is there. Microsoft says that the reason the enterprise ca is greyed out is:This issue can occur if the Public Key Services container does not exist in the Active Directory directory service. For example, this issue can occur if the ADSIEdit tool (Adsiedit.msc) was used to delete the Public Key Services container. I never used the adsiedit tool before this, and it shows that the Public Key Services container does exist. So, why doesn't the install of the certificate authority show the enterprise ca? I should be able to install an enterprise ca on any server, right? It doesn't have to be DC does it?
 

·
Registered
Joined
·
251 Posts
Discussion Starter · #5 ·
A google search finally gave me the answer. You have to log-in with an account that is a member of the enterprise admins and the administrator account of the local computer.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top