Click here to get back home

Certificate Services Web interface and Win2k3 x64/AMD64 edition
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Certificate Services Web interface and Win2k3 x64/AMD64 edition bradenm 10-02-2006
Posted by bradenm on October 2, 2006, 5:13 pm
Please log in for more thread options
 I recently reinstalled a machine with x64 edition in order to better
use the 6GB of RAM on the server. It was previously running 32-bit and
was an enterprise root CA and domain controller. I performed steps
outlined in KB 298138 to backup the CA in preparation to re-add it back
to the machine once it had x64 installed. I then removed the CA from
32-bit and dcpromo'd the machine out of active directory, and then
removed it from the domain.

I staged the box with W2k3 Standard x64. I installed IIS, and then I
installed Certificate services (along with the optional IIS/web
component) and configured it as an enterprise root. I imported
previously saved settings (from a 32-bit system) on the server. The
old system and the new install are using the same computer name so as
to keep the root CA functioning properly.

The import went fine, but then I was unable to access the /certsrv
directory on the webserver. It would show 404 and 403.1 and 403.2
(access denied/bad credentials type errors).

I eventually broke out filemon and watched the system as I hit "go" on
the URL bar... and that's when I noticed "w3wp.exe" (IIS web server
process) was trying to hit C:\Windows\SysWOW64\CertSrv and throwing NOT
FOUND errors in filemon.

The CertSrv folder is in C:\Windows\System32.

Obviously, this is a problem. I didn't want to just move the folder
around, so I found a utility to allow me to create an NTFS junction
point. I created a junction with the source of %windir%\system32 and
the target of %windir%\syswow64\certsrv. Now the full tree is where it
is expected to be by IIS and the web site sort of works. However, now
it throws errors when I try to submit a request - "an unexpected error
(0x000001A8) occurred while getting the certificate template list."

I'm stuck now... did anybody test the operation of the CA services in
an x64 system before it went gold?


Posted by Ken Schaefer on October 2, 2006, 8:00 pm
Please log in for more thread options
 You are running a 32bit worker process - you want to be using a 64bit worker
process.

See:
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/09/30/Certificate-Services-Website-generates-404-on-Windows-Server-2003-x64-_2800_64-bit-edition_2900_.aspx
and change the IIS metabase setting back

Cheers
Ken


>I recently reinstalled a machine with x64 edition in order to better
> use the 6GB of RAM on the server. It was previously running 32-bit and
> was an enterprise root CA and domain controller. I performed steps
> outlined in KB 298138 to backup the CA in preparation to re-add it back
> to the machine once it had x64 installed. I then removed the CA from
> 32-bit and dcpromo'd the machine out of active directory, and then
> removed it from the domain.
>
> I staged the box with W2k3 Standard x64. I installed IIS, and then I
> installed Certificate services (along with the optional IIS/web
> component) and configured it as an enterprise root. I imported
> previously saved settings (from a 32-bit system) on the server. The
> old system and the new install are using the same computer name so as
> to keep the root CA functioning properly.
>
> The import went fine, but then I was unable to access the /certsrv
> directory on the webserver. It would show 404 and 403.1 and 403.2
> (access denied/bad credentials type errors).
>
> I eventually broke out filemon and watched the system as I hit "go" on
> the URL bar... and that's when I noticed "w3wp.exe" (IIS web server
> process) was trying to hit C:\Windows\SysWOW64\CertSrv and throwing NOT
> FOUND errors in filemon.
>
> The CertSrv folder is in C:\Windows\System32.
>
> Obviously, this is a problem. I didn't want to just move the folder
> around, so I found a utility to allow me to create an NTFS junction
> point. I created a junction with the source of %windir%\system32 and
> the target of %windir%\syswow64\certsrv. Now the full tree is where it
> is expected to be by IIS and the web site sort of works. However, now
> it throws errors when I try to submit a request - "an unexpected error
> (0x000001A8) occurred while getting the certificate template list."
>
> I'm stuck now... did anybody test the operation of the CA services in
> an x64 system before it went gold?
>



Posted by Ken Schaefer on October 4, 2006, 10:51 pm
Please log in for more thread options
You are running a 32bit worker process - you want to be using a 64bit worker
process.

See:
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/09/30/Certificate-Services-Website-generates-404-on-Windows-Server-2003-x64-_2800_64-bit-edition_2900_.aspx
and change the IIS metabase setting back

Cheers
Ken

>I recently reinstalled a machine with x64 edition in order to better
> use the 6GB of RAM on the server. It was previously running 32-bit and
> was an enterprise root CA and domain controller. I performed steps
> outlined in KB 298138 to backup the CA in preparation to re-add it back
> to the machine once it had x64 installed. I then removed the CA from
> 32-bit and dcpromo'd the machine out of active directory, and then
> removed it from the domain.
>
> I staged the box with W2k3 Standard x64. I installed IIS, and then I
> installed Certificate services (along with the optional IIS/web
> component) and configured it as an enterprise root. I imported
> previously saved settings (from a 32-bit system) on the server. The
> old system and the new install are using the same computer name so as
> to keep the root CA functioning properly.
>
> The import went fine, but then I was unable to access the /certsrv
> directory on the webserver. It would show 404 and 403.1 and 403.2
> (access denied/bad credentials type errors).
>
> I eventually broke out filemon and watched the system as I hit "go" on
> the URL bar... and that's when I noticed "w3wp.exe" (IIS web server
> process) was trying to hit C:\Windows\SysWOW64\CertSrv and throwing NOT
> FOUND errors in filemon.
>
> The CertSrv folder is in C:\Windows\System32.
>
> Obviously, this is a problem. I didn't want to just move the folder
> around, so I found a utility to allow me to create an NTFS junction
> point. I created a junction with the source of %windir%\system32 and
> the target of %windir%\syswow64\certsrv. Now the full tree is where it
> is expected to be by IIS and the web site sort of works. However, now
> it throws errors when I try to submit a request - "an unexpected error
> (0x000001A8) occurred while getting the certificate template list."
>
> I'm stuck now... did anybody test the operation of the CA services in
> an x64 system before it went gold?
>



Similar ThreadsPosted
Certificate Services August 3, 2005, 12:22 pm
Certificate Services August 6, 2007, 2:10 am
Certificate Services Question September 16, 2005, 1:16 pm
Certificate Services will not start ... October 11, 2005, 11:01 am
Certificate Services Issues October 19, 2005, 1:45 am
Uninstalling Certificate Services October 23, 2005, 12:03 pm
Certificate Services Question November 4, 2005, 10:59 am
Certificate Services not Starting. August 31, 2006, 5:16 am
Where to run the Certificate Services to be an Enterprise CA July 5, 2007, 2:24 pm
Where to run the Certificate Services to be an Enterprise CA July 5, 2007, 2:43 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap