So interesting point to be made here - I just migrated the AD CA from Windows Server 2012 R2 to 2019. The issue came up when I restored the CA database and it was giving me a "The Expected Data does not exist in this directory. Please choose a different directory. The system cannot find the file specified. 0x80070002 (Win32:2 Error_File_Not_Found)". The fix... after much banging head on wall is to go to the directory right above the "Database" folder and select that then it will let you proceed.
Dude, you saved me a lot of time as I was very concerned since we uninstalled as a prior step to all of this. And yes, I had a backup and snapshot to reversion was an option.
Am I correct in understanding the backup of the CA does not backup manually created certificate templates? Planning on upgrading from 2012 to 2022 server and want to make sure I don't lose the templates we have, thanks for the guide!
great video! I have a question. Can I use this procedure to change my private key from 1024 to 2048? do i have to restore ca? what is the risk for the operation during the change? Thank you very much
Thank you for your appreciation This is save to use, this works the only thing old keys continue to work. This is same thing which will help to update the key from 1024 to 2048, new keys will use 2048 based on your templates and settings.
Can i back up CA and reg one day before to prepare the migration ? also can i instal roles on the new server one day before to be easy next day when i ll do it assited by my teamates ? Thank you
i have the issue twhen restoring from previous CA "the expected data does not exist in this directory. Please choose a different directory. The system cannot find the file specified. 0x70070002 (win32: 2 Error_File_Not_Found) any ideas please???
Make sure that the host name of Windows Server 2019 is same as the old CA name. In my case Old CA name is WS2K8R2.mylab.local and New CA name is WS2K19-CA01.mylab.local. If you keep both CA name same then you do not need to perform the steps starting from 13:11 to 13:47. ruclips.net/video/4qClyrv7bx8/видео.html
@Habib There could be two ways, one run change administration server task from old server or deploy new agent from new server, but that would also depend if you have password protected the uninstallation of old agent or not
is it possible to Migrate Certification Authority to Another Server without uninstalling the old CA server services. or is it possible to create new CA server because the old CA server is no longer possible to retrieve. Thanks
Hi Ezman, You can do create new one but then certificates needs to be replaced on all your applications/servers. Migration would not be possible if you do not have access to old server.
I have followed your steps and server has been migrated successfully. Thank you.
Hi Rene,
Thanks a lot for the comment. Don't forget to subscribe to the channel.
I'm excited about this! Hopefully, it will work out on my end.
@user-qr9,
Let me know, how did it go..
Great Walkthrough!
@GregTheIT
Thanks a lot, keep supporting
Great knowledge video. Migration was successful. Thank you.
Hi Jpereda,
Thank you for your valuable comment
Thanks for such detailed explanation)) Much appreciated!
@zvioveku4522, thank you for your comment. Keep supporting
So interesting point to be made here - I just migrated the AD CA from Windows Server 2012 R2 to 2019. The issue came up when I restored the CA database and it was giving me a "The Expected Data does not exist in this directory. Please choose a different directory. The system cannot find the file specified. 0x80070002 (Win32:2 Error_File_Not_Found)". The fix... after much banging head on wall is to go to the directory right above the "Database" folder and select that then it will let you proceed.
Dude, you saved me a lot of time as I was very concerned since we uninstalled as a prior step to all of this. And yes, I had a backup and snapshot to reversion was an option.
Great, keep supporting
Many thanks for this guide. Worked for me.
Am I correct in understanding the backup of the CA does not backup manually created certificate templates? Planning on upgrading from 2012 to 2022 server and want to make sure I don't lose the templates we have, thanks for the guide!
If there is a two-tier architecture, what is the sequence of uninstall and install the CA servers
You missed a step to modify the BCAServerName in the Configuration key settings from dc.lab.local to dc1.lab.local
there is no need to rename the keys if the scope is to decomission the old server and new server will be renamed as the old one
Thanks good video
@Michael-tg7ev
Thank for the comment, keep supporting
Very helpful, thank you! 😀😀😀
Most welcome
EXCELLENT
@Jean
Thanks for appreciation
Does this tutorial also work for AC and sub-AC?
thank you so much
Most welcome!!
great video!
I have a question. Can I use this procedure to change my private key from 1024 to 2048? do i have to restore ca? what is the risk for the operation during the change?
Thank you very much
Thank you for your appreciation
This is save to use, this works the only thing old keys continue to work. This is same thing which will help to update the key from 1024 to 2048, new keys will use 2048 based on your templates and settings.
Can i back up CA and reg one day before to prepare the migration ? also can i instal roles on the new server one day before to be easy next day when i ll do it assited by my teamates ? Thank you
@The Tech Guy,
Backing up one day might miss items which are done during that phase.
i have the issue twhen restoring from previous CA "the expected data does not exist in this directory. Please choose a different directory. The system cannot find the file specified. 0x70070002 (win32: 2 Error_File_Not_Found) any ideas please???
Please send the steps and screenshots to mail, you can get it in description of my channel where to send
When migrating the CA, does the FQDN of the new server have to be the same name of the old CA server?
Make sure that the host name of Windows Server 2019 is same as the old CA name. In my case Old CA name is WS2K8R2.mylab.local and New CA name is WS2K19-CA01.mylab.local. If you keep both CA name same then you do not need to perform the steps starting from 13:11 to 13:47.
ruclips.net/video/4qClyrv7bx8/видео.html
What if the new server is having different name from the old one?
@Habib
There could be two ways, one run change administration server task from old server or deploy new agent from new server, but that would also depend if you have password protected the uninstallation of old agent or not
is it possible to Migrate Certification Authority to Another Server without uninstalling the old CA server services. or is it possible to create new CA server because the old CA server is no longer possible to retrieve. Thanks
Hi Ezman,
You can do create new one but then certificates needs to be replaced on all your applications/servers. Migration would not be possible if you do not have access to old server.
global news