ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Migrate and/or replace old cert server?

    Scheduled Pinned Locked Moved IT Discussion
    121 Posts 13 Posters 19.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mike DavisM
      Mike Davis @scottalanmiller
      last edited by

      @scottalanmiller said in Migrate and/or replace old cert server?:

      And uses certs for that?

      yes. I've done it that way.

      1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Dashrender said in Migrate and/or replace old cert server?:

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

        Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

        I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

        Right.... so assuming one bad decision leading to another.

        I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

        I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

        scottalanmillerS S 5 Replies Last reply Reply Quote 0
        • DashrenderD
          Dashrender @scottalanmiller
          last edited by

          @scottalanmiller said in Migrate and/or replace old cert server?:

          @Dashrender said in Migrate and/or replace old cert server?:

          @Mike-Davis said in Migrate and/or replace old cert server?:

          @scottalanmiller said in Migrate and/or replace old cert server?:

          @Shuey said in Migrate and/or replace old cert server?:

          Is it common for every business/company that has a domain network to have a cert server for issuing/updating all of the AD account certificates?

          Maybe I've lost my mind but... what is an "AD Account Certificate"?

          You can integrate AD with certificate services so that the workstations use the certs for communication. I've never seen it done.

          The only time I have used certificate services is to generate certificates for securing communication between Wireless APs and company owned devices.

          While I haven't seen it, I've read about it in NPS (Network Policy Server setups). The machine comes on the network, checks in with the NPS, and the NPS determines what VLAN it should be on, etc, etc.

          And uses certs for that?

          Yep, at least that's my understanding. It uses certs to assert who the machines are. Anyone without a cert is automatically assumed a guest and put on the appropriate network.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in Migrate and/or replace old cert server?:

            I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding),

            Yeah, Ive been using it since the 1980s.

            1 Reply Last reply Reply Quote 0
            • S
              Shuey @Dashrender
              last edited by

              @Dashrender said in Migrate and/or replace old cert server?:

              Now you need to see what certs you're using for SharePoint. If you're using a public cert, then it sounds like you're right.

              what did you replace your Wireless RADIUS setup with?

              We use local logins on all the of the equipment that used to authenticate via radius (switches mostly), and as far as wireless goes, we don't allow any workstations to connect to our domain via wireless; they are only allowed to connect to a public SSID/subnet.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in Migrate and/or replace old cert server?:

                but I don't feel that the SMB really started using virtualization until 2010 or later.

                That's mostly true. But pointing out that the SMB pool often does things poorly doesn't change anything. It remains as bad of a decision whether it is a one off or a commonality. The idea that "the SMB pool isn't doing a good job in general so we can excuse a specific one doing a bad job" is a bad one. It's not good logic. The average SMB will fail and go out of business in the first two years... that standard of what "most" do means we should automatically know to avoid that thinking.

                1 Reply Last reply Reply Quote 0
                • momurdaM
                  momurda @scottalanmiller
                  last edited by

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  From what I understand (which is not much, lol), this server is what every workstation and user account on the domain gets its certificate from.

                  Which certificates would those be?

                  When I look at the Certification Authority console on the server, and I look at "issued certificates", I see line items like this:
                  "Request ID", "Requester Name", "Certificate Template", "Certificate Effective Date", "Certificate Expiration Date", etc, and I see a bunch of workstations listed.

                  I wonder if you just shut it off if anything bad happens.

                  We had a cert server running here when I started. Couldn't figure out what is was issuing certs for. I shut it down and... nothing happened.
                  OP might want to check event logs on cert server and workstations as they boot up and log in to the network. Could be radius authentication for the workstations.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said in Migrate and/or replace old cert server?:

                    It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                    That's my point. Someone either unfamiliar with what was necessary to do the job that they were doing or intentionally doing a bad job. No good excuse there. You are just pointing out how bad it is.

                    1 Reply Last reply Reply Quote 0
                    • S
                      Shuey @Dashrender
                      last edited by

                      @Dashrender said in Migrate and/or replace old cert server?:

                      @scottalanmiller said in Migrate and/or replace old cert server?:

                      @Dashrender said in Migrate and/or replace old cert server?:

                      @scottalanmiller said in Migrate and/or replace old cert server?:

                      @Shuey said in Migrate and/or replace old cert server?:

                      First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                      Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                      I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                      Right.... so assuming one bad decision leading to another.

                      I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                      I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                      The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                      I deployed the VMware infrastructure about a year or so after I started working here.

                      scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said in Migrate and/or replace old cert server?:

                        I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                        That's one possibility. Or that they simply weren't auditing to see if they knew what they were doing. Or they weren't auditing to see if they cared to do a good job. Or they had politics pushing someone good to do bad things (see the You Never Got Fired article). Or they did have an MSP, but a bad one that they were not auditing.

                        Lots of possibilities. We only know that something was wrong. We can't guess what.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Shuey
                          last edited by

                          @Shuey said in Migrate and/or replace old cert server?:

                          @Dashrender said in Migrate and/or replace old cert server?:

                          @scottalanmiller said in Migrate and/or replace old cert server?:

                          @Dashrender said in Migrate and/or replace old cert server?:

                          @scottalanmiller said in Migrate and/or replace old cert server?:

                          @Shuey said in Migrate and/or replace old cert server?:

                          First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                          Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                          I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                          Right.... so assuming one bad decision leading to another.

                          I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                          I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                          The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                          I deployed the VMware infrastructure about a year or so after I started working here.

                          Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                          S 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @Shuey
                            last edited by

                            @Shuey said in Migrate and/or replace old cert server?:

                            @Dashrender said in Migrate and/or replace old cert server?:

                            Now you need to see what certs you're using for SharePoint. If you're using a public cert, then it sounds like you're right.

                            what did you replace your Wireless RADIUS setup with?

                            We use local logins on all the of the equipment that used to authenticate via radius (switches mostly), and as far as wireless goes, we don't allow any workstations to connect to our domain via wireless; they are only allowed to connect to a public SSID/subnet.

                            So you don't have wireless access to your production wireless network? Seems odd unless you have super strict requirements you have to follow.

                            1 Reply Last reply Reply Quote 0
                            • S
                              Shuey @scottalanmiller
                              last edited by

                              @scottalanmiller said in Migrate and/or replace old cert server?:

                              @Shuey said in Migrate and/or replace old cert server?:

                              @Dashrender said in Migrate and/or replace old cert server?:

                              @scottalanmiller said in Migrate and/or replace old cert server?:

                              @Dashrender said in Migrate and/or replace old cert server?:

                              @scottalanmiller said in Migrate and/or replace old cert server?:

                              @Shuey said in Migrate and/or replace old cert server?:

                              First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                              Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                              I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                              Right.... so assuming one bad decision leading to another.

                              I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                              I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                              The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                              I deployed the VMware infrastructure about a year or so after I started working here.

                              Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                              It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @Shuey
                                last edited by

                                @Shuey said in Migrate and/or replace old cert server?:

                                The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                So the Hyper-V console was there, but no VMs?

                                S 1 Reply Last reply Reply Quote 0
                                • S
                                  Shuey @Dashrender
                                  last edited by

                                  @Dashrender said in Migrate and/or replace old cert server?:

                                  @Shuey said in Migrate and/or replace old cert server?:

                                  The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                  So the Hyper-V console was there, but no VMs?

                                  Nope, they had three guest VMs running on it (one was a print server, one was their accounting app server, and the third was their TV media server).

                                  DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @Shuey
                                    last edited by

                                    @Shuey said in Migrate and/or replace old cert server?:

                                    @scottalanmiller said in Migrate and/or replace old cert server?:

                                    @Shuey said in Migrate and/or replace old cert server?:

                                    @Dashrender said in Migrate and/or replace old cert server?:

                                    @scottalanmiller said in Migrate and/or replace old cert server?:

                                    @Dashrender said in Migrate and/or replace old cert server?:

                                    @scottalanmiller said in Migrate and/or replace old cert server?:

                                    @Shuey said in Migrate and/or replace old cert server?:

                                    First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                                    Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                                    I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                                    Right.... so assuming one bad decision leading to another.

                                    I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                                    I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                                    The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                    I deployed the VMware infrastructure about a year or so after I started working here.

                                    Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                                    It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

                                    That's not what he means - he means, why was the console for Hyper-V installed and VMs not created - OR - ARE there VMs and Sharepoint is running in a VM? etc...

                                    S 1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @Shuey
                                      last edited by Dashrender

                                      @Shuey said in Migrate and/or replace old cert server?:

                                      @Dashrender said in Migrate and/or replace old cert server?:

                                      @Shuey said in Migrate and/or replace old cert server?:

                                      The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                      So the Hyper-V console was there, but no VMs?

                                      Nope, they had three guest VMs running on it (one was a print server, one was their accounting app server, and the third was their TV media server).

                                      This changes everything.

                                      @scottalanmiller looks like they were doing there job! at least partly.

                                      DashrenderD 1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @Shuey
                                        last edited by

                                        @Shuey said in Migrate and/or replace old cert server?:

                                        @Dashrender said in Migrate and/or replace old cert server?:

                                        @Shuey said in Migrate and/or replace old cert server?:

                                        The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                        So the Hyper-V console was there, but no VMs?

                                        Nope, they had three guest VMs running on it (one was a print server, one was their accounting app server, and the third was their TV media server).

                                        Oh, so there was Hyper-V installed, not just the console.

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          Shuey @Dashrender
                                          last edited by

                                          @Dashrender said in Migrate and/or replace old cert server?:

                                          @Shuey said in Migrate and/or replace old cert server?:

                                          @scottalanmiller said in Migrate and/or replace old cert server?:

                                          @Shuey said in Migrate and/or replace old cert server?:

                                          @Dashrender said in Migrate and/or replace old cert server?:

                                          @scottalanmiller said in Migrate and/or replace old cert server?:

                                          @Dashrender said in Migrate and/or replace old cert server?:

                                          @scottalanmiller said in Migrate and/or replace old cert server?:

                                          @Shuey said in Migrate and/or replace old cert server?:

                                          First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                                          Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                                          I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                                          Right.... so assuming one bad decision leading to another.

                                          I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                                          I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                                          The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                          I deployed the VMware infrastructure about a year or so after I started working here.

                                          Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                                          It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

                                          That's not what he means - he means, why was the console for Hyper-V installed and VMs not created - OR - ARE there VMs and Sharepoint is running in a VM? etc...

                                          Nope, SharePoint is running natively in the host OS (not in a VM inside the Hyper-V host which was also installed/running on this server in the past)

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Shuey
                                            last edited by

                                            @Shuey said in Migrate and/or replace old cert server?:

                                            @Dashrender said in Migrate and/or replace old cert server?:

                                            @Shuey said in Migrate and/or replace old cert server?:

                                            @scottalanmiller said in Migrate and/or replace old cert server?:

                                            @Shuey said in Migrate and/or replace old cert server?:

                                            @Dashrender said in Migrate and/or replace old cert server?:

                                            @scottalanmiller said in Migrate and/or replace old cert server?:

                                            @Dashrender said in Migrate and/or replace old cert server?:

                                            @scottalanmiller said in Migrate and/or replace old cert server?:

                                            @Shuey said in Migrate and/or replace old cert server?:

                                            First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                                            Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                                            I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                                            Right.... so assuming one bad decision leading to another.

                                            I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                                            I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                                            The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                                            I deployed the VMware infrastructure about a year or so after I started working here.

                                            Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                                            It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

                                            That's not what he means - he means, why was the console for Hyper-V installed and VMs not created - OR - ARE there VMs and Sharepoint is running in a VM? etc...

                                            Nope, SharePoint is running natively in the host OS (not in a VM inside the Hyper-V host which was also installed/running on this server in the past)

                                            Wait, this statement doesn't make sense. There is no "host" with virtualization. EIther it is on the Hyper-V machine or it is not. Everything on a Hyper-V machine is a VM.

                                            DashrenderD S 2 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 7 / 7
                                            • First post
                                              Last post