Announcement

Collapse
No announcement yet.

when installing a root CA the Enterprise root CA is greyed out

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • when installing a root CA the Enterprise root CA is greyed out

    Hi guys!

    I have a problem with trying to install a root CA on our network.

    When i go through the wizard to install the CA i only have the option for a standalone CA and the enterprise options are greyed out.

    I think this might be because I am not an enterprise admin.

    We have a top level domain and a child domain. The top levle domain is used for nams sake only in anticipation of other networks being migrated to the one forest. The domain is running in 2003 mode while the forest is in 2000 mode.

    With this in mind I logged onto the top level DC and tried to add myself to the enterprise admins group (via a group). I modified the enterprise admins group and clicked to chenge the location it was looking for items and selected the sub domain. I then clicked the objects button to to check that users and groups were selected and all that was showing was contacts and other objects. Why is this?!

    Finally, I installed a standalone root CA on a test box. When i did this it installed all the templates yet when i didi this in a live environment the templates are missing.

    Can anyone help?

    Cheers

    Lee

  • #2
    Re: when installing a root CA the Enterprise root CA is greyed out

    To install Enterprise CA your server needs to be member server.
    Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
    For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA

    Comment


    • #3
      Re: when installing a root CA the Enterprise root CA is greyed out

      For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
      Windows 2003 standard only supports standalone ca's.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: when installing a root CA the Enterprise root CA is greyed out

        Originally posted by alien_ri View Post
        To install Enterprise CA your server needs to be member server.
        Also what OS is on your CA? If we are talking about W2k8 and you want to use enterprise CA you need to have Windows server 2008 Enterprise or Datacenter edition.
        For Windows server 2003 enviroment I'm not sure what are requirements for Enterprise CA
        Enterprise Certificate Authorities install on Windows 2003 Active Directory Domain Controllers, Standard or Enterprise edition (or Datacenter edition I imagine as well).
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: when installing a root CA the Enterprise root CA is greyed out

          Originally posted by Dumber View Post
          For a Enterprise CA (also for windows 2003) you need to have an Enterprise server.
          Windows 2003 standard only supports standalone ca's.
          Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

          Enterprise CAs require an AD domain controller. That what the OP is missing.

          Jas
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: when installing a root CA the Enterprise root CA is greyed out

            Enterprise CA requires to be member server, but AFAIK you install it on member server NOT DC

            Comment


            • #7
              Re: when installing a root CA the Enterprise root CA is greyed out

              My Enterprise root CA is installed on a DC running Win2k3 Standard Edition R2 SP2.
              I have another subordinate Enterprise CA installed on another DC in the same domain running Win2k3 Standard Edition R2 SP2.
              The CA was actually installed before R2 - the DCs used to be just Win2k3 Standard w/ SP1.

              Admittedly since I don't deal with CAs a whole lot, I am foggy on some of the CA requirements and I tried looking up in my pocket admin guide which makes no reference to CAs.

              I'll do some more research later today.
              VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
              boche.net - VMware Virtualization Evangelist
              My advice has no warranties. Follow at your own risk.

              Comment


              • #8
                Re: when installing a root CA the Enterprise root CA is greyed out

                Originally posted by jasonboche View Post
                Enterprise CAs install on Sever 2003 Standard or Enterprise edition.

                Enterprise CAs require an AD domain controller. That what the OP is missing.

                Jas
                Well I assumed that he would like to have an autoenrollment which requires a Enterprise server.
                I actually needed to rephrase my post.
                Enterprise CA does is not required to install on a DC yet it must be a member of the domain.

                Here you can find some documentation about CA's
                http://technet.microsoft.com/en-us/l.../cc700804.aspx
                http://www.microsoft.com/windowsserv...i/default.mspx
                http://technet2.microsoft.com/window....mspx?mfr=true

                Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
                Gives a lot of benfits including auto-enrollment and certificate templates.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: when installing a root CA the Enterprise root CA is greyed out

                  Originally posted by Dumber View Post
                  Enterprise CA does is not required to install on a DC yet it must be a member of the domain.
                  I post it earlier... that your server needs to be member server not DC

                  Personally I would go for an offline standalone root CA and using Enterprise Subordinate Enterprise CA running on a 2003 Enterprise.
                  Gives a lot of benfits including auto-enrollment and certificate templates.
                  I agree. First you set standalone CA. After you finish configuring it, you take your server offline, that is best admin practics
                  My advice is to plan your implementation of CA very carefully, as I read about it, there are many tricks in which you can fall

                  Comment


                  • #10
                    Re: when installing a root CA the Enterprise root CA is greyed out

                    Hi Guys,

                    I can confirm that this is a member server and is joined to the domain. I do beleive that there was a previous root CA in this enterprise although it has been removed and from what I can see, everything has been removed as per the Microsoft instructions.

                    We are trying to set this up for a third party wireless acces point and we are simply setting up a server as per their requirements so i'm afraid we have no room to move on whether we could put a standalone CA in instead.

                    I have a test lab on my laptop in a VMware environment and this has installed an enterprise CA fine so i'm not sure what coudl be causing the issue.

                    Any ideas?

                    Comment


                    • #11
                      Re: when installing a root CA the Enterprise root CA is greyed out

                      If you open Sites and Services, show the Services Node and then open Public Key Services and Certification Authorities do you have anything there?
                      cheers
                      Andy

                      Please read this before you post:


                      Quis custodiet ipsos custodes?

                      Comment


                      • #12
                        Re: when installing a root CA the Enterprise root CA is greyed out

                        HI,

                        No theres nothing in there. I checked all the folders here and there are no items shown.

                        Cheers

                        Lee

                        Comment


                        • #13
                          Re: when installing a root CA the Enterprise root CA is greyed out

                          are you an enterprise admin?
                          This is required to install an enterprise root CA.

                          Edit:
                          Here you can find a link of what you have to do:
                          http://technet2.microsoft.com/window....mspx?mfr=true
                          Marcel
                          Technical Consultant
                          Netherlands
                          http://www.phetios.com
                          http://blog.nessus.nl

                          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                          "No matter how secure, there is always the human factor."

                          "Enjoy life today, tomorrow may never come."
                          "If you're going through hell, keep going. ~Winston Churchill"

                          Comment


                          • #14
                            Re: when installing a root CA the Enterprise root CA is greyed out

                            I'm not an enterprise admin but i beleive i have found the issue.

                            Our domain is a 2000 domain althogh we run some 2003 member servers. I beleive this to be the problem as a 2003 server requires AD to be a 2003 schema.

                            Could this be the case?

                            regardign the enterprise admin: I dont appear to be able to add myself to this group as when i log on to the root domain i cannot add an acount to the group from the child domain.

                            Comment


                            • #15
                              Re: when installing a root CA the Enterprise root CA is greyed out

                              Actually, scrap that. It IS a 2003 domain running at Windows Server 2003

                              Forest functional level is Windows Server 2000

                              Comment

                              Working...
                              X