Move CertServices to a new DC

Home | NewsGroups | Search | About

microsoft.public.windows.server.security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

Move CertServices to a new DC

Tim

05-31-2005

Re: Move CertServices to a new DC

Mark Gamache

06-15-2005

Re: Move CertServices to a new DC

Tim

06-20-2005

Posted by Tim on May 31, 2005, 2:03 pm

Please log in for more thread options

Hi,
I have 2 x Windows 2003 Server DC's and am trying to retrench one. To this
end I am trying to move the cert services database and following
instructions at :
http://support.microsoft.com/?kbid=298138

(The steps in the above seem a little drastic: certservices is not the only
service on the old DC and I would like to keep it around for a small while -
off line is fine... any comments? I am happy to keep cert services disabled
on it.)

After loading the registry with the backup of the keys from the old DC then
attempting the restore I am getting an error "Restore of an Incremental
image cannot be performed before performing restore from a full image. The
directory name is invalid 0x8007010b".

I did not tick the Incremental option during either the Backup or Restore
steps...

The directory name is correct. The backup was taken exactly as per the
instructions above. The only thing I have not done in following these
instructions is to remove the cert server from the original DC as that would
leave me with no regression step.

I have tried certutil to the same nett affect - it does not moan about
incremental backup but returns the same error number:

C:\> certutil -restoredb c:\certbackups
restoring database for mydc.mydomain\myCAName/
restoring database files: 0%CertUtil: -restoreDB command FAILED: 0x8007010b
(WIN32/HTTP: 267).

I even tried doing an incremental on the off chance that the tick box was
'upside down' - that fails also, but with a different error.

Any help anyone?
TIA,

- Tim

Posted by Mark Gamache on June 15, 2005, 11:59 am

Please log in for more thread options

I've seen this when you recreate the new sever and have different drive
letters and folders. Specifically, the certutil -restoredb only will
restore the db to its original path. If it was on the D: drive on the old
server it must be on the d: drive on the new server. You can hex edit one
of the backup files, I can't recall which, and see the path it is looking to
place the db into.

Hope it helps,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com

> Hi,

> I have 2 x Windows 2003 Server DC's and am trying to retrench one. To this

> end I am trying to move the cert services database and following

> instructions at :

> http://support.microsoft.com/?kbid=298138

> (The steps in the above seem a little drastic: certservices is not the

> only service on the old DC and I would like to keep it around for a small

> while - off line is fine... any comments? I am happy to keep cert services

> disabled on it.)

> After loading the registry with the backup of the keys from the old DC

> then attempting the restore I am getting an error "Restore of an

> Incremental image cannot be performed before performing restore from a

> full image. The directory name is invalid 0x8007010b".

> I did not tick the Incremental option during either the Backup or Restore

> steps...

> The directory name is correct. The backup was taken exactly as per the

> instructions above. The only thing I have not done in following these

> instructions is to remove the cert server from the original DC as that

> would leave me with no regression step.

> I have tried certutil to the same nett affect - it does not moan about

> incremental backup but returns the same error number:

> C:\> certutil -restoredb c:\certbackups

> restoring database for mydc.mydomain\myCAName/

> restoring database files: 0%CertUtil: -restoreDB command FAILED:

> 0x8007010b (WIN32/HTTP: 267).

> I even tried doing an incremental on the off chance that the tick box was

> 'upside down' - that fails also, but with a different error.

> Any help anyone?

> TIA,

> - Tim

Posted by Tim on June 20, 2005, 8:03 pm

Please log in for more thread options

Thanks. Makes some sense.
I recreated the CA manually.

The path to the CA root was definitely different although the drive letter
was the same.

- Tim

> I've seen this when you recreate the new sever and have different drive

> letters and folders. Specifically, the certutil -restoredb only will

> restore the db to its original path. If it was on the D: drive on the old

> server it must be on the d: drive on the new server. You can hex edit one

> of the backup files, I can't recall which, and see the path it is looking

> to place the db into.

> Hope it helps,

> --

> Mark Gamache

> Certified Security Solutions

> http://www.css-security.com

>> Hi,

>> I have 2 x Windows 2003 Server DC's and am trying to retrench one. To

>> this end I am trying to move the cert services database and following

>> instructions at :

>> http://support.microsoft.com/?kbid=298138

>> (The steps in the above seem a little drastic: certservices is not the

>> only service on the old DC and I would like to keep it around for a small

>> while - off line is fine... any comments? I am happy to keep cert

>> services disabled on it.)

>> After loading the registry with the backup of the keys from the old DC

>> then attempting the restore I am getting an error "Restore of an

>> Incremental image cannot be performed before performing restore from a

>> full image. The directory name is invalid 0x8007010b".

>> I did not tick the Incremental option during either the Backup or Restore

>> steps...

>> The directory name is correct. The backup was taken exactly as per the

>> instructions above. The only thing I have not done in following these

>> instructions is to remove the cert server from the original DC as that

>> would leave me with no regression step.

>> I have tried certutil to the same nett affect - it does not moan about

>> incremental backup but returns the same error number:

>> C:\> certutil -restoredb c:\certbackups

>> restoring database for mydc.mydomain\myCAName/

>> restoring database files: 0%CertUtil: -restoreDB command FAILED:

>> 0x8007010b (WIN32/HTTP: 267).

>> I even tried doing an incremental on the off chance that the tick box was

>> 'upside down' - that fails also, but with a different error.

>> Any help anyone?

>> TIA,

>> - Tim

Similar Threads	Posted
move enterprise root ca	September 13, 2006, 8:09 am
Re: Move Enterprise CA server	December 18, 2007, 8:48 am
Event ID for Move Users	December 28, 2007, 1:51 am
ACLs - Users with READ can MOVE a whole folder?	April 11, 2007, 10:45 am
file server move from win2000 to win2003	April 24, 2008, 9:50 pm
How to not allow user move folders accidentially in MS server 2003?	January 31, 2008, 4:33 am
Re: share/move NTFS external disk between two separate computers	September 5, 2005, 9:09 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap