Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question(s) on installing Certificate Services

Status
Not open for further replies.
teknophyle

teknophyle

Technical User
Jan 30, 2002
5
US
I have a Windows 2000 server and I'm about to install the component Microsoft Certificate Services to prevent a benign DCOM error from reoccurring.

Before installing, Windows gave me the warning message "After installing Certificate Services, the computer cannot be renamed and the computer cannot join or be removed from a domain."

This message has me a bit concerned. For instance, if my current server (which IS part of a domain) needs to be replaced for some reason and I restore from a backup the entire drive onto the new server's drive, will this new server be recognized as the old one even if the same name and hard drive contents are on it? That is, as far as Certificate Services are concerned?

When it says "the computer cannot join a domain" does it mean it cannot join any "other" domains than its current one or cannot join any domains period.

Also, if I do install the Certificate Services component, can it be uninstalled at any time without detrimental effects?

My take on the message is that if I install the component, the server will be removed from any and all domains and must be used as a "stand-alone" server with a permanent name. I hope this isn't the case.

I'd really appreciate anyone who would have basic knowledge of this component, or if someone could probably point me to a previous post or MS Knowledge base article.
 
Sort by date Sort by votes
You must understand what a Certificat Server is and all those question will be answered. A certificate server will need generates certificate... although I don't see how this will solve your DCOM problem (they have nothing in common), the certificate contains information about your domain and the certificate server itself. This is why you can't rename it or change the domain or the key will no longer work for all the certificates that been handed out to clients. If you need to change the machine's name or change the domain, you will need to recreate a new key and regenerate new certificates to all clients. That's basically what they mean by "can't change name or domain". You CAN, but all the certificate, including your primary key, will be invalid and will need to be redone with a new key.



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
Thanks for the info Redd. That definitely helps a lot!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
137
DrB0b
DrB0b
edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
102
DrB0b
DrB0b
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
99
mikehook
mikehook
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
218
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
266
Aquiles Vidal
Aquiles Vidal

Part and Inventory Search

Sponsor

Back
Top