Question on renaming CA server

Janus Bariñan 1,126 Reputation points
2021-09-02T03:46:05.287+00:00

Hi,

Our current CA is rather old on a windows server 2008 machine. We want to upgrade the OS to windows 2016 server via in-place upgrade so we cloned the machine and worked on the clone in upgrading the OS succesfully.
Now the old and the new CA Server has the same name. We where thinking in giving it a new name but unable to do so. It says that we cannot rename it because it is a CA server.

How do we rename the new CA server?
What would it's implications domain wide?

Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Limitless Technology 39,926 Reputation points
    2021-09-02T11:55:57.54+00:00

    Hello @Janus Bariñan

    Unfortunately renaming a CA is simply not possible, precisely for the multiple relations to services, machines and applications running over the domain. Even if it was possible, it would not be a good idea.

    I can recommend the 2008 guide for Upgrade-Migration process and checklist from Microsoft, but basically the new server should replace the previous.

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc742388(v=ws.10)

    Best regards,


  2. Charles Thivierge 4,171 Reputation points
    2021-09-02T12:35:14.717+00:00

    You cannot "Rename" a server that has the ADCS role installed.

    If you want a different name for your CA Server, it's only possible with a migration (backup/restore)

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn486805(v%3Dws.11)

    hth

    0 comments No comments

  3. Vadims Podāns 9,186 Reputation points MVP
    2021-09-02T13:47:44.48+00:00

    If you successfully cloned and upgraded CA VM/image, then you should just turn off old VM and use upgraded VM instead. In this case, you don't need to go through complicated migration process.


  4. Janus Bariñan 1,126 Reputation points
    2021-09-02T13:57:41.54+00:00

    So here is my process:

    1. Backup the old (CA, registry, etc.)
    2. Clone the old CA (why not build a new one? It's quite complicated issue so lets stick with the clone)
    3. Uninstall the CA on the newly cloned machine
    4. Rename the newly cloned machine
    5. Reinstall the CA role
    6. Restore the CA config from backup.

    Question:

    Will a simple disconnect from network do or there is a process to remove it totally?
    From the step above when should I remove the CA from the network?
    Can the old and new run at the same time even just for a brief moment until the old is totally remove? Won't it affect the clients using the certificate?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.