| Author |
Message |
jjhols
Guest
|
 Posted:
Thu Jan 06, 2005 10:39 pm Post subject:
Enterpise CA Move |
|
|
I am in the process of testing a 2000 Active Directory to a Server 2003
Active Directory structure. One of my 2000 DC's is the enterpsie root ca for
my domain. I am running into a problem when I got to restore the database
following MS KBA 298138. I receive the following message
"Error - Restore of incremental image cannot be performed before performing
restore from a full image. The directory name is invalid. 0x8007010b
(win32/HTTP:267)"
Here is what my enviroment looks like along with the steps I performed in my
test enviroment.
DC01 - FSMO, DNS, Enterprise CA
DC02 - GC, DNS
1. Inplace upgrade of DC01 to Server 2003
2. Demoted DC02
3. Rebuilt DC02 with Server 2003 (kept same name and IP address)
4. DCPROMO DC02 to DC
5. Transfered FSMO roles to DC02
6. Backed up CA information on DC01 using MS KBA298138
7. Demoted DC01 from DC
8. Rebuilt DC01 with Server 2003 (kept same name and IP address)
9. DCPROMO DC01 to DC
10. Transfered FSMO roles back to DC01
11. Loaded CA follwing MS KBA298138
12. Attempted restore of database and log file from MS KBA298138
This is where I am receiving the error message above. The domain and server
names have not changed so I'm not sure what is causing this issue.
Thanks in advance |
|
| Back to top |
|
 |
Frances [MSFT]
Guest
|
| Posted:
Fri Jan 07, 2005 4:08 pm Post subject:
RE: Enterpise CA Move |
|
|
Hello Jjhols,
Thank you for your posting.
According to your post, I understand that you are experiencing a problem
when restore the CA database. If I am off-base on that, please let me know.
Based on my research, this is a problem in Windows Server 2003 and it is
scheduled to be fixed in Windows Server 2003 SP1 which will be released at
around Mar 2005.
Currently, there are two possible workarounds for you to have a try:
Work Around 1: Publish a new Base and Delta from the newly restored CA.
Clients will have to wait until the cached CRL expires.
Work Around 2: When reinstalling the CA manually pick the Dbase up and
place it in the default dbase location.
In addition, when restoring the Dbase the SystemDrive must be the same path
as the original backup.
For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog;
then the restore location must also be D:\winnt\system32\certsrv\certlog.
It cannot be: D:\windows\system32\certsrv\certlog
If the steps above can not help, you have to wait to install the Windows
Server 2003 SP1. Sorry for the inconvenience and thank you for your
understanding.
Hope it helps!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
jjhols
Guest
|
| Posted:
Fri Jan 07, 2005 7:35 pm Post subject:
RE: Enterpise CA Move |
|
|
Frances,
Thanks for the reply
I will try all the items you mentioned below. Would the RC for SP1 work or
do I need to wait for the March release?
Thanks again
"Frances [MSFT]" wrote:
| Quote: |
Hello Jjhols,
Thank you for your posting.
According to your post, I understand that you are experiencing a problem
when restore the CA database. If I am off-base on that, please let me know.
Based on my research, this is a problem in Windows Server 2003 and it is
scheduled to be fixed in Windows Server 2003 SP1 which will be released at
around Mar 2005.
Currently, there are two possible workarounds for you to have a try:
Work Around 1: Publish a new Base and Delta from the newly restored CA.
Clients will have to wait until the cached CRL expires.
Work Around 2: When reinstalling the CA manually pick the Dbase up and
place it in the default dbase location.
In addition, when restoring the Dbase the SystemDrive must be the same path
as the original backup.
For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog;
then the restore location must also be D:\winnt\system32\certsrv\certlog.
It cannot be: D:\windows\system32\certsrv\certlog
If the steps above can not help, you have to wait to install the Windows
Server 2003 SP1. Sorry for the inconvenience and thank you for your
understanding.
Hope it helps!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| Back to top |
|
|
Frances [MSFT]
Guest
|
| Posted:
Mon Jan 10, 2005 4:52 pm Post subject:
RE: Enterpise CA Move |
|
|
Hi,
I suggest you wait for the March release and then install SP1. :)
Any update, let us get in touch!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
Frances [MSFT]
Guest
|
| Posted:
Tue Jan 11, 2005 2:36 pm Post subject:
RE: Enterpise CA Move |
|
|
Hello Jjhols,
After discussing with my colleagues, I would like to confirm some details
for your CA move test.
What is the location when you back up CA? What is the location when you
restore CA? Are they the same?
Since in KB298138, Step 6 states that the directory paths for the Log and
DB have to be the same. This means on the same drive letter and the same
directory path. For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog; then the restore location must also be
D:\winnt\system32\certsrv\certlog. It cannot be:
D:\windows\system32\certsrv\certlog. Please have a check.
Also, please avoid using %systemroot% in case the default systemroot refers
to different locations on the outdated server and new server.
I suggest you re-test to see whether the issue persists. If the problem
re-occur, please let me know.
Any updates, let us get in touch!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
jjhols
Guest
|
| Posted:
Tue Jan 11, 2005 7:19 pm Post subject:
RE: Enterpise CA Move |
|
|
Frances, I took the default locations for the install in Windows 2000 and in
Server 2003 after the rebuild. I will rebuild my test enviroment and run
through this process again and let you know what I come up with.
Thanks again for all your help.
"Frances [MSFT]" wrote:
| Quote: | Hello Jjhols,
After discussing with my colleagues, I would like to confirm some details
for your CA move test.
What is the location when you back up CA? What is the location when you
restore CA? Are they the same?
Since in KB298138, Step 6 states that the directory paths for the Log and
DB have to be the same. This means on the same drive letter and the same
directory path. For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog; then the restore location must also be
D:\winnt\system32\certsrv\certlog. It cannot be:
D:\windows\system32\certsrv\certlog. Please have a check.
Also, please avoid using %systemroot% in case the default systemroot refers
to different locations on the outdated server and new server.
I suggest you re-test to see whether the issue persists. If the problem
re-occur, please let me know.
Any updates, let us get in touch!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| Back to top |
|
|
jjhols
Guest
|
| Posted:
Wed Jan 12, 2005 4:03 am Post subject:
RE: Enterpise CA Move |
|
|
Just noticed what you were talking about of course when you upgrade to Server
2003 its no longer WINNT its WINDOWS. I am still rebuilding my test
enviroment and I will definetly make sure I redirect the database and logs
during the install.
Thanks
"Frances [MSFT]" wrote:
| Quote: | Hello Jjhols,
After discussing with my colleagues, I would like to confirm some details
for your CA move test.
What is the location when you back up CA? What is the location when you
restore CA? Are they the same?
Since in KB298138, Step 6 states that the directory paths for the Log and
DB have to be the same. This means on the same drive letter and the same
directory path. For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog; then the restore location must also be
D:\winnt\system32\certsrv\certlog. It cannot be:
D:\windows\system32\certsrv\certlog. Please have a check.
Also, please avoid using %systemroot% in case the default systemroot refers
to different locations on the outdated server and new server.
I suggest you re-test to see whether the issue persists. If the problem
re-occur, please let me know.
Any updates, let us get in touch!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| Back to top |
|
|
jjhols
Guest
|
| Posted:
Thu Jan 13, 2005 1:25 am Post subject:
RE: Enterpise CA Move |
|
|
that was it I wasn't paying attentin to the database and log paths when I
redirected them to C:\WINNT on the server 2003 box the restore worked
successfully.
thanks for the help.
"jjhols" wrote:
| Quote: | Just noticed what you were talking about of course when you upgrade to Server
2003 its no longer WINNT its WINDOWS. I am still rebuilding my test
enviroment and I will definetly make sure I redirect the database and logs
during the install.
Thanks
"Frances [MSFT]" wrote:
Hello Jjhols,
After discussing with my colleagues, I would like to confirm some details
for your CA move test.
What is the location when you back up CA? What is the location when you
restore CA? Are they the same?
Since in KB298138, Step 6 states that the directory paths for the Log and
DB have to be the same. This means on the same drive letter and the same
directory path. For example, if you backed up from a location of:
D:\winnt\system32\certsrv\certlog; then the restore location must also be
D:\winnt\system32\certsrv\certlog. It cannot be:
D:\windows\system32\certsrv\certlog. Please have a check.
Also, please avoid using %systemroot% in case the default systemroot refers
to different locations on the outdated server and new server.
I suggest you re-test to see whether the issue persists. If the problem
re-occur, please let me know.
Any updates, let us get in touch!
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| Back to top |
|
|
Frances [MSFT]
Guest
|
| Posted:
Thu Jan 13, 2005 7:11 am Post subject:
RE: Enterpise CA Move |
|
|
Hello Jjhols,
I am happy to hear that it is resolved!
If you have other problems, I am here to help you! :)
Best regards,
Frances He
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in