Dealing with Microsoft Certificate Authority

[Gary Heston]

I'm working on a network built by someone else; always fun.

It incorporates MS Certificate Authority, running on a WS2008 server
(added well after the network was built). This server thinks it's joined
to the Active Directory domain, yet isn't connecting nor can anything
else authenticate to it for certificate access.

WS2008 will not allow me to disjoin/rejoin the server because it has the
CA installed--it appears that I can do anything to further break the
connection, but nothing (even via command line) to fix it.

Is it possible to remove the CA module, rejoin, and reinstall CA without
losing existing certificates or configuration data? Microsofts' website
has been of no help on this.

Any other suggestions would be appreciated; I have no prior experience
with CAs and am therefore proceeding cautiously.

Thanks,

Gary

[Gary Heston]

In article <KISdnR6hrNRtV97T...@posted.hiwaay2>,
Gary Heston <ghe...@hiwaay.net> wrote:
[ ... ]

>Is it possible to remove the CA module, rejoin, and reinstall CA without
>losing existing certificates or configuration data? Microsofts' website
>has been of no help on this.

[ ... ]

Yes, it's possible. Back it up first with the well-hidden integral
backup/restore functions:

Open the Certificate Authority utility, right-click on the server name,
click on "All Tasks", then on "Backup CA".

It needs an empty directory to back up into--which must be manually
created.

Gary