This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 15%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Hi,
Our current CA is rather old on a windows server 2008 machine. We want to upgrade the OS to windows 2016 server via in-place upgrade so we cloned the machine and worked on the clone in upgrading the OS succesfully.
Now the old and the new CA Server has the same name. We where thinking in giving it a new name but unable to do so. It says that we cannot rename it because it is a CA server.
How do we rename the new CA server?
What would it's implications domain wide?
Hello @Janus Bariñan
Unfortunately renaming a CA is simply not possible, precisely for the multiple relations to services, machines and applications running over the domain. Even if it was possible, it would not be a good idea.
I can recommend the 2008 guide for Upgrade-Migration process and checklist from Microsoft, but basically the new server should replace the previous.
Best regards,
it says page not found.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Add the ) at the end... it didn't copy well i thing
You cannot "Rename" a server that has the ADCS role installed.
If you want a different name for your CA Server, it's only possible with a migration (backup/restore)
hth
If you successfully cloned and upgraded CA VM/image, then you should just turn off old VM and use upgraded VM instead. In this case, you don't need to go through complicated migration process.
Yeah but the new VM should have a new hostname, different from the old.
Why? Once you cloned the VM, turn off old VM and you can re-use this name in cloned and upgraded VM. You are overcomplicating things where it is unnecessary.
So here is my process:
Question:
Will a simple disconnect from network do or there is a process to remove it totally?
From the step above when should I remove the CA from the network?
Can the old and new run at the same time even just for a brief moment until the old is totally remove? Won't it affect the clients using the certificate?
Theorically, on your old CA Server, If you have uninstalled the ADCS role AND the server has been renamed, i don't see ay issue... but why taking chances ?
If you don't want to uninstall ADCS role from the old CA Server, you can just turn it off and disconnect the Network Card (just to be sure that it will never connect to the network again)
Oh so disconnecting it from the network is okay? No need for proper removal from domain? Even if my new CA has different hostname?
What would happen by the way to the current certificate especially the one on the trusted root folder if i my CA is new with a new hostname?
The old CA Server can stay in the domain with a new name but the ADCS Role must have been removed before configuring the new CA Server
The host name of the server s not the name of the CA Server. The Certificate should keep the name of the CA Server.
hth
