ÇözümPark'a hoş geldiniz. Oturum Aç | Üye Ol
 
Ana Sayfa Makale Video Forum Resimler Dosyalar Ajanda Eğitim Hizmetlerimiz Biz Kimiz

sertifika sunucu hatası

Son Mesajınız 02-07-2011, 21:02 Hakan UZUNER tarafından gönderildi. 3 yanıt.
Mesajları Sırala: Önceki Sonraki
  •  02-04-2011, 9:42 232182

    sertifika sunucu hatası

    Merhaba,

    2008R2 ent. sunucumda AD kurulumu yaptım. DC olarak bir sorun yaşamadan işlemleri gerçekleştirebiliyorum. fakat loglara 91 kod numarasıyla "could not connect to the active directory. AD certificate services will retry when processing requires AD access" hatası alıyorum.

    en son 2003 te kurmuştum Cert.Serveri :) unutmuşum tavsiyelerinizi bekliyorum, şimdiden teşekkürler...

  •  02-05-2011, 23:20 232527 Cevap 232182

    Cevap : sertifika sunucu hatası

    Merhaba

    Size tavsiyem ca' i yedekleyip yeniden yüklemeniz olacaktır

    http://support.microsoft.com/kb/555012

     




    ÇözümPark Facebook Sayfası - BEĞENİN :)




    Dünyada tutku olmaksızın başarılmış hiçbir büyük şey yoktur ve bizim tutkumuz ÇözümPark Ailesi’dir!

    ÇözümPark' ı desteklemek için sizde bloğunuza ÇözümPark bannerı koyun.


    HakanUzuner.com

    ÇözümPark Bilişim Ailesi


    http://www.cozumpark.com
    http://www.cozumbank.com
    http://www.cozumpark.net
    http://community.cozumpark.com
    http://sozluk.cozumpark.com
  •  02-07-2011, 12:45 232731 Cevap 232527

    Cevap : sertifika sunucu hatası

    ilginiz için teşekkür ederim Hakan bey,

    şu anda test aşamasındayım dolayısıyla yeniden kurma imkanım var. bu hatayı almamak için kurulumda veya sonrasında yapmam gereken özel bir şey var mı acaba?

    teşekkürler...

  •  02-07-2011, 21:02 232844 Cevap 232731

    Cevap : sertifika sunucu hatası

    Bunun için geçiş öncesi CA' in yedeklenmesi ve sonrasında yedekten geri dönülmesi gerekmektedir.

    Bu konuda aşağıdaki dökümanı incelemenizi öneririm

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=C70BD7CD-9F03-484B-8C4B-279BC29A3413&displaylang=en

    özetle;

     

    Moving Certificate Server in Simple Steps

    1. Perform System State backup on Source CA Server
    2. Backup CA from CA Console
    3. Backup CA registry Configuration
    4. Uninstall CA from the Source Server using Add remove programs
    5. Install the CA as Role on the target Windows 2008 computer using existing certificate key
    6. Restore the CA database on the target CA
    7. Import the CA Registry configuration on the target CA
    8. Complete post-migration tasks

    Perform  System State backup on Source CA

    1. Log in to Source server and Take System State backup using Ntbackup to C:\CertBackup

    Backup CA from CA Console

    1. Open the Certification Authority snap-in
    2. Right-click the node with the CA name, point to All Tasks, and then click Back Up CA.
    3. On the Welcome page of the CA Backup wizard, click Next. On the Items to Back Up page, select the Private key and CA certificate and Certificate database and certificate database log check boxes, enter the backup location, and then click Next

    4. On the Select a Password page, enter a password to protect the CA private key and click Next.

    5. On Completing the Backup Wizard page, click Finish.

    6. This will create Files in C:\Certbackup

    • cozumpark.com.p12
    • Database

    Backup CA registery Configuration

    1.   Click Start, point to Run, and type regedit to open the Registry Editor.

    2.   In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc, right-click Configuration, and then click Export.

    3.   Enter a location and file name, and then click Save. This creates a .reg file with the registry configuration information for your CA.

    UnInstall CA from the Server using Add remove programs

    1. Go To Add remove programs -> Add remove Windows components -> click on Certificate Services and uncheck on Certificate Services CA and Certificate Services Web Enrollment Support

     

    Install the CA as Role on the target computer using exisintg certificate key

    1. Install New Widows 2008 Enterprise Edition Sever
    2. Open Server Manager and Add New Role
    3. Select Active Directory Certificate Services
    4. Select Certificate Authority and Next
    5. Select Enterprise CA  and Next
    6. Use Existing Private Key as show below and select selct a certificate and user its associated private key and Next

     

    7. Click on Browse buttong to Search folder containing certificate and private key which you exported from Source computer

    8. Enter the password which was used to export

    9. Next , Next and click on Install

    Restore the CA database on the target CA

    1. Open the Certification Authority snap-in.
    2. Right-click the node with the CA name, point to All Tasks, and then click Restore CA. Click OK to confirm stopping the CA service.
    3. In the CA Restore wizard, on the Welcome page, click Next.
    4. On the Items to Restore page, select Certificate database and certificate database log. Click Browse, and navigate to the location of the Database folder that contains the CA database export files created when you previously exported the CA database.
    5. Enter the password you used to export the CA database from the source CA, if a password is requested.
    6. Click Finish, and then click Yes to confirm restarting the CA.

    Import the CA Registery configuration on the target CA.

    1. Double click on registery file which you exported from the source server to import the same into the server and Yes to confirm the same

    Complete post-migration tasks

    Updating CRL Distribution Point and Authority Information Access Extensions

    1. Loging to Windows 2008 New CA Server
    2. Open Certificate MMC
    3. Right click on the CA and click on Extenstion and click on ADD and add the below line by changing SourceServername.

    ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=SourceServername,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>

     

    4. Check Publish CRLs to this location

    5. Publish Delta CRLs to this location

    6. Apply and OK

    7. Verify the CA can publish CRLs to the new location.

    8. Open the Certification Authority snap-in.

    9. Right-click Revoked Certificates, point to All Tasks, and click Publish.

    10. Click either New CRL or Delta CRL only, and click OK.

    To verify ACLs on the AIA and CDP containers

    1. Loging to DC and open Active Direcotry Sites in Services
    2. On the Console click on Top Node
    3. Click View and Show Services node
    4. you will find Services folder on the Left and expand to reach Public key Services as shown below

    5. Expand Public Key Services

    6. click AIA folder and In the details pane, select the name of the source CA.

    7.  On the Action menu, click Properties.

    8.  Click the Security tab, and then click Add.

    9.  Click Object Types, click Computers, and then click OK.

    10. Type the host name of the target CA, and click OK.

    11. In the Allow column, select Full Control, and click OK.

    12. In the left pane, select CDP and the host name of the source CA.

    13. In the details pane, select the first CRL object.

    14. On the Action menu, click Properties, and then click the Security tab.

    15. In the list of permitted group or user names, select the name of the source CA, click Remove, and then click Add.

    16. Click Object Types, select Computers, and then click OK.

    17. Type the host name of the target CA, and click OK.

    18. In the Allow column, select Full Control, and then click OK.

    19.     In the details pane, select the next CRL object, and repeat steps 14 through 18 until you have reached the last object.

    Verifying ReGistery

    1. Verify that CAServerName is a registry string value located under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\CAName\ registry key. It should be updated to represent the DNS or the host of the new CA host.

    2. Verify that CACertPublicationURLs and CRLPublicationURLs are both registry multi-string values located under the same key as CAServerName.

    3.  Check the remaining registry values under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc registry key, with emphasis on any values that have been customized to ensure that they are free of data containing the old CA host name or other invalid CA settings. For example:

    • Configuration\ConfigurationDirectory
    • Configuration\CAName\CACertFilename



    ÇözümPark Facebook Sayfası - BEĞENİN :)




    Dünyada tutku olmaksızın başarılmış hiçbir büyük şey yoktur ve bizim tutkumuz ÇözümPark Ailesi’dir!

    ÇözümPark' ı desteklemek için sizde bloğunuza ÇözümPark bannerı koyun.


    HakanUzuner.com

    ÇözümPark Bilişim Ailesi


    http://www.cozumpark.com
    http://www.cozumbank.com
    http://www.cozumpark.net
    http://community.cozumpark.com
    http://sozluk.cozumpark.com
RSS haberlerini XML olarak görüntüle