Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Microsoft Networking Services > Active Directory
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

when installing a root CA the Enterprise root CA is greyed out

when installing a root CA the Enterprise root CA is greyed out

this thread has 18 replies and has been viewed 15089 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 1st August 2008, 18:08
Aeropars Aeropars is offline
Casual
Casual
 
 Join Date: Aug 2008
  6 month star 12 month star
 Location: Leicester, UK
 Posts: 41
 Reputation: Aeropars is on a distinguished road (10)
Default when installing a root CA the Enterprise root CA is greyed out

Hi guys!

I have a problem with trying to install a root CA on our network.

When i go through the wizard to install the CA i only have the option for a standalone CA and the enterprise options are greyed out.

I think this might be because I am not an enterprise admin.

We have a top level domain and a child domain. The top levle domain is used for nams sake only in anticipation of other networks being migrated to the one forest. The domain is running in 2003 mode while the forest is in 2000 mode.

With this in mind I logged onto the top level DC and tried to add myself to the enterprise admins group (via a group). I modified the enterprise admins group and clicked to chenge the location it was looking for items and selected the sub domain. I then clicked the objects button to to check that users and groups were selected and all that was showing was contacts and other objects. Why is this?!

Finally, I installed a standalone root CA on a test box. When i did this it installed all the templates yet when i didi this in a live environment the templates are missing.

Can anyone help?

Cheers

Lee
  #2  
Old 1st August 2008, 21:29
alien_ri alien_ri is offline
Casual
It's not a coincidence
 
 Join Date: Jul 2008
  6 month star 12 month star
 Posts: 90
 Reputation: alien_ri is on a distinguished road (20)
Default Re: when installing a root CA the Enterprise root CA is greyed out

To install Enterprise CA your server needs to be member server.
Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA
  #3  
Old 2nd August 2008, 00:17
Dumber's Avatar
Dumber Dumber is offline
Moderator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,173
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (844)
Default Re: when installing a root CA the Enterprise root CA is greyed out

For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
Windows 2003 standard only supports standalone ca's.
__________________
Marcel
Technical Consultant
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
"No matter how secure, there is always the human factor."

"Enjoy life today, tomorrow may never come."
"If you're going through hell, keep going. ~Winston Churchill"

  #4  
Old 2nd August 2008, 04:09
jasonboche's Avatar
jasonboche jasonboche is offline
Moderator
 
 Join Date: Apr 2006
  6 month star 12 month star
 Location: Minnesota
 Posts: 1,539
 Send a message via ICQ to jasonboche
 Reputation: jasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nice (409)
Default Re: when installing a root CA the Enterprise root CA is greyed out

Quote:
Originally Posted by Dumber View Post
For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
Windows 2003 standard only supports standalone ca's.
Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

Enterprise CAs require an AD domain controller. That what the OP is missing.

Jas
__________________
VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
boche.net - VMware Virtualization Evangelist
My advice has no warranties. Follow at your own risk.
  #5  
Old 2nd August 2008, 14:49
alien_ri alien_ri is offline
Casual
It's not a coincidence
 
 Join Date: Jul 2008
  6 month star 12 month star
 Posts: 90
 Reputation: alien_ri is on a distinguished road (20)
Default Re: when installing a root CA the Enterprise root CA is greyed out

Enterprise CA requires to be member server, but AFAIK you install it on member server NOT DC
  #6  
Old 2nd August 2008, 17:26
jasonboche's Avatar
jasonboche jasonboche is offline
Moderator
 
 Join Date: Apr 2006
  6 month star 12 month star
 Location: Minnesota
 Posts: 1,539
 Send a message via ICQ to jasonboche
 Reputation: jasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nice (409)
Default Re: when installing a root CA the Enterprise root CA is greyed out

My Enterprise root CA is installed on a DC running Win2k3 Standard Edition R2 SP2.
I have another subordinate Enterprise CA installed on another DC in the same domain running Win2k3 Standard Edition R2 SP2.
The CA was actually installed before R2 - the DCs used to be just Win2k3 Standard w/ SP1.

Admittedly since I don't deal with CAs a whole lot, I am foggy on some of the CA requirements and I tried looking up in my pocket admin guide which makes no reference to CAs.

I'll do some more research later today.
__________________
VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
boche.net - VMware Virtualization Evangelist
My advice has no warranties. Follow at your own risk.
  #7  
Old 2nd August 2008, 22:06
Dumber's Avatar
Dumber Dumber is offline
Moderator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,173
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (844)
Default Re: when installing a root CA the Enterprise root CA is greyed out

Quote:
Originally Posted by jasonboche View Post
Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

Enterprise CAs require an AD domain controller. That what the OP is missing.

Jas
Well I assumed that he would like to have an autoenrollment which requires a Enterprise server.
I actually needed to rephrase my post.
Enterprise CA does is not required to install on a DC yet it must be a member of the domain.

Here you can find some documentation about CA's
http://technet.microsoft.com/en-us/l.../cc700804.aspx
http://www.microsoft.com/windowsserv...i/default.mspx
http://technet2.microsoft.com/window....mspx?mfr=true

Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
Gives a lot of benfits including auto-enrollment and certificate templates.
__________________
Marcel
Technical Consultant
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
"No matter how secure, there is always the human factor."

"Enjoy life today, tomorrow may never come."
"If you're going through hell, keep going. ~Winston Churchill"

  #8  
Old 3rd August 2008, 02:53
alien_ri alien_ri is offline
Casual
It's not a coincidence
 
 Join Date: Jul 2008
  6 month star 12 month star
 Posts: 90
 Reputation: alien_ri is on a distinguished road (20)
Default Re: when installing a root CA the Enterprise root CA is greyed out

Quote:
Originally Posted by Dumber View Post
Enterprise CA does is not required to install on a DC yet it must be a member of the domain.
I post it earlier... that your server needs to be member server not DC

Quote:
Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
Gives a lot of benfits including auto-enrollment and certificate templates.
I agree. First you set standalone CA. After you finish configuring it, you take your server offline, that is best admin practics
My advice is to plan your implementation of CA very carefully, as I read about it, there are many tricks in which you can fall
  #9  
Old 2nd August 2008, 04:07
jasonboche's Avatar
jasonboche jasonboche is offline
Moderator
 
 Join Date: Apr 2006
  6 month star 12 month star
 Location: Minnesota
 Posts: 1,539
 Send a message via ICQ to jasonboche
 Reputation: jasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nicejasonboche is just really nice (409)
Default Re: when installing a root CA the Enterprise root CA is greyed out

Quote:
Originally Posted by alien_ri View Post
To install Enterprise CA your server needs to be member server.
Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA
Enterprise Certificate Authorities install on Windows 2003 Active Directory Domain Controllers, Standard or Enterprise edition (or Datacenter edition I imagine as well).
__________________
VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
boche.net - VMware Virtualization Evangelist
My advice has no warranties. Follow at your own risk.
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
W2k Root CA + W2k3 Sub - Need to upgrade Root tehhobbitz Windows Server 2000 / 2003 / 2003 R2 0 3rd April 2008 21:36
Convert Enterprise Root CA to Standalone Root CA and create new Subordinate CAs g18c Active Directory 2 21st March 2008 11:21
Moving AD root to new server user7 Active Directory 1 30th November 2007 14:45
How to demote existing primary root domain to secondary root domain yulhendri Active Directory 2 22nd June 2006 14:26
Moving to a new root Enterprise Certificate Authority heyhogan Windows Server 2000 / 2003 / 2003 R2 0 3rd June 2004 19:13


All times are GMT +3. The time now is 09:58.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri