Share via

Migrate NDES service to a new Server

Simon Auty 41 Reputation points
2020-08-05T06:06:23.537+00:00

Hi,

I'm in the process of migrating certificate services from 2008R2 to 2016, one of the CA servers is also running the NDES service but I can't find any guide on how to move this to a new server (I'm planning on re-using the old server IP and name).

Has anyone done this before and can provide some help?

The NDES is being used for our MDM so I don't want to re-install it from scratch if at all possible.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,276 Reputation points
    2020-08-06T02:42:31.067+00:00

    Hi,

    Thank you so much for posting here.

    According to this similar discussion, it would make more sense to install Certificate Services (using a backup of the CA key), Web Enrollment, restore the certificate database & registry key, and then install NDES.

    Reference: https://social.technet.microsoft.com/Forums/windowsserver/en-US/981f7a8e-77a5-417c-b0bb-941008b942ed/restoring-certificate-services-database-and-enabling-ndes?forum=winserversecurity

    As for migrating certificate service, we could refer to:

    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674

    Hope the information is helpful. Thanks.

    Best regards,
    Hannah Xiong

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.