Windows 2000 Certificate server---->2003

[Mark Bohlsen]

3Hi, I plan to migrate my existing Windows 2000 physical server running
certificate services (subordinate CA in the forest) to a VM, and then upgrade
the server to Windows 2003 R2. Are there any caveats to an in place upgrade
of this type? I will have to change the ip address, but the name of the
server will stay the same. Is there any problems with this? Also, when I do
the in place upgrade does it automatically detect that certificate services
is installed and upgrade the certificate database without having to do
anything else? Currently, all of 3 DC's in this child domain are Windows
2003. Any help or advice would be greatly appreciated, as I haven't gone
through an upgrade of this type. Thanks in advance.

 

[Dan]

I am sure if you contact Microsoft directly they can give you very good
advice. BTW, why do you want to upgrade and please forgive the question but
does your current system not meet your needs or something else? Thanks in
advance for helping me and others understand your needs.

"Mark Bohlsen" wrote:

> 3Hi, I plan to migrate my existing Windows 2000 physical server running
> certificate services (subordinate CA in the forest) to a VM, and then upgrade
> the server to Windows 2003 R2. Are there any caveats to an in place upgrade
> of this type? I will have to change the ip address, but the name of the
> server will stay the same. Is there any problems with this? Also, when I do
> the in place upgrade does it automatically detect that certificate services
> is installed and upgrade the certificate database without having to do
> anything else? Currently, all of 3 DC's in this child domain are Windows
> 2003. Any help or advice would be greatly appreciated, as I haven't gone
> through an upgrade of this type. Thanks in advance.

 

[Mark Bohlsen]

I would like to upgrade to Windows 2003 so I can stay current and avoid an
issue with unsupported software in the near future with Windows 2000. My
hardware is out of warranty and I thought this would be a good opportunity to
do both. I have contacted Microsoft support and they will not talk to me
about the question. They try to send me off to pre-sales, saying it's not a
break/fix issue.

"Dan" wrote:

> I am sure if you contact Microsoft directly they can give you very good
> advice. BTW, why do you want to upgrade and please forgive the question but
> does your current system not meet your needs or something else? Thanks in
> advance for helping me and others understand your needs.
>
> "Mark Bohlsen" wrote:
>
> > 3Hi, I plan to migrate my existing Windows 2000 physical server running
> > certificate services (subordinate CA in the forest) to a VM, and then upgrade
> > the server to Windows 2003 R2. Are there any caveats to an in place upgrade
> > of this type? I will have to change the ip address, but the name of the
> > server will stay the same. Is there any problems with this? Also, when I do
> > the in place upgrade does it automatically detect that certificate services
> > is installed and upgrade the certificate database without having to do
> > anything else? Currently, all of 3 DC's in this child domain are Windows
> > 2003. Any help or advice would be greatly appreciated, as I haven't gone
> > through an upgrade of this type. Thanks in advance.

 

[Paul Adare - MVP]

On Tue, 26 Aug 2008 12:52:27 -0700, Mark Bohlsen wrote:

> 3Hi, I plan to migrate my existing Windows 2000 physical server running
> certificate services (subordinate CA in the forest) to a VM, and then upgrade
> the server to Windows 2003 R2. Are there any caveats to an in place upgrade
> of this type? I will have to change the ip address, but the name of the
> server will stay the same. Is there any problems with this? Also, when I do
> the in place upgrade does it automatically detect that certificate services
> is installed and upgrade the certificate database without having to do
> anything else? Currently, all of 3 DC's in this child domain are Windows
> 2003. Any help or advice would be greatly appreciated, as I haven't gone
> through an upgrade of this type. Thanks in advance.

Ignore Dan, he tries to insert himself into threads even when he has no
idea what he's talking about, as is the case here.
An in-place upgrade from 2000 to 2003 will work just fine and Certificate
Services will be upgraded along with the rest of the OS bits.
Keep in mind however, that you don't get to take full advantage of all of
the new Certificate Services features in 2003 unless your CA is running the
Enterprise or Datacentre Edition SKU.
--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
That does not compute.

 

[Mark Bohlsen]

Paul,

Thanks for the response. Dan had me worried, I was hoping that wasn't going
to be an attempt to answer my question. Anyway, I was wondering if you could
expand on the 2003 features that I would be missing out on if I went with
2003 standard edition. Thanks in advance.

Mark

"Paul Adare - MVP" wrote:

> On Tue, 26 Aug 2008 12:52:27 -0700, Mark Bohlsen wrote:
>
> > 3Hi, I plan to migrate my existing Windows 2000 physical server running
> > certificate services (subordinate CA in the forest) to a VM, and then upgrade
> > the server to Windows 2003 R2. Are there any caveats to an in place upgrade
> > of this type? I will have to change the ip address, but the name of the
> > server will stay the same. Is there any problems with this? Also, when I do
> > the in place upgrade does it automatically detect that certificate services
> > is installed and upgrade the certificate database without having to do
> > anything else? Currently, all of 3 DC's in this child domain are Windows
> > 2003. Any help or advice would be greatly appreciated, as I haven't gone
> > through an upgrade of this type. Thanks in advance.
>
> Ignore Dan, he tries to insert himself into threads even when he has no
> idea what he's talking about, as is the case here.
> An in-place upgrade from 2000 to 2003 will work just fine and Certificate
> Services will be upgraded along with the rest of the OS bits.
> Keep in mind however, that you don't get to take full advantage of all of
> the new Certificate Services features in 2003 unless your CA is running the
> Enterprise or Datacentre Edition SKU.
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> That does not compute.
>

 

[Brian Komar \(MVP\)]

- No issuance of certificates based on version 2 certificate templates = no
customized certificates-
- No key archival and recovery
- No autoenrollment of user certificates for deployment
- Can only issue version 1 certificates using Automatic Certificate Request
Services for computer certificates

To be honest, you pretty much gain nothing moving from Windows 2000 to
Windows 2003 if you do not run on Enterprise or Data Center Edition SKUs.
The only thing you gain is newer bits
Brian


"Mark Bohlsen" <MarkBohlsen@discussions.microsoft.com> wrote in message
news:157E9980-A8A6-4162-8351-BE668CCB06EB@microsoft.com...
> Paul,
>
> Thanks for the response. Dan had me worried, I was hoping that wasn't
> going
> to be an attempt to answer my question. Anyway, I was wondering if you
> could
> expand on the 2003 features that I would be missing out on if I went with
> 2003 standard edition. Thanks in advance.
>
> Mark
>
> "Paul Adare - MVP" wrote:
>
>> On Tue, 26 Aug 2008 12:52:27 -0700, Mark Bohlsen wrote:
>>
>> > 3Hi, I plan to migrate my existing Windows 2000 physical server running
>> > certificate services (subordinate CA in the forest) to a VM, and then
>> > upgrade
>> > the server to Windows 2003 R2. Are there any caveats to an in place
>> > upgrade
>> > of this type? I will have to change the ip address, but the name of
>> > the
>> > server will stay the same. Is there any problems with this? Also,
>> > when I do
>> > the in place upgrade does it automatically detect that certificate
>> > services
>> > is installed and upgrade the certificate database without having to do
>> > anything else? Currently, all of 3 DC's in this child domain are
>> > Windows
>> > 2003. Any help or advice would be greatly appreciated, as I haven't
>> > gone
>> > through an upgrade of this type. Thanks in advance.
>>
>> Ignore Dan, he tries to insert himself into threads even when he has no
>> idea what he's talking about, as is the case here.
>> An in-place upgrade from 2000 to 2003 will work just fine and Certificate
>> Services will be upgraded along with the rest of the OS bits.
>> Keep in mind however, that you don't get to take full advantage of all of
>> the new Certificate Services features in 2003 unless your CA is running
>> the
>> Enterprise or Datacentre Edition SKU.
>> --
>> Paul Adare
>> MVP - Identity Lifecycle Manager
>> http://www.identit.ca
>> That does not compute.
>>

 

[Dan]

Thanks Brian. As you can see Mark Bohlsen my questions were relevant because
it helped you to explain what you wanted to do and Paul has given his
thoughts and now clearer heads prevail again with Brian Komar whose response
is clear cut and shows that unless you have Enterprise or Data Center SKu's
you will only gain newer bits. As we all can see, Brian Komar, mvp has
cleared away the confusion of the situation and now Mark Bohlsen can make a
better decision in how Mark would like to proceed and going to newer software
does not always mean that the huge investment return on the newer software is
worth the cost. Remember, Microsoft even has over 100+ pages about properly
securing and safeguarding Windows 98 and Windows NT computers available from
their website.

"Brian Komar (MVP)" wrote:

> - No issuance of certificates based on version 2 certificate templates = no
> customized certificates-
> - No key archival and recovery
> - No autoenrollment of user certificates for deployment
> - Can only issue version 1 certificates using Automatic Certificate Request
> Services for computer certificates
>
> To be honest, you pretty much gain nothing moving from Windows 2000 to
> Windows 2003 if you do not run on Enterprise or Data Center Edition SKUs.
> The only thing you gain is newer bits
> Brian
>
>
> "Mark Bohlsen" <MarkBohlsen@discussions.microsoft.com> wrote in message
> news:157E9980-A8A6-4162-8351-BE668CCB06EB@microsoft.com...
> > Paul,
> >
> > Thanks for the response. Dan had me worried, I was hoping that wasn't
> > going
> > to be an attempt to answer my question. Anyway, I was wondering if you
> > could
> > expand on the 2003 features that I would be missing out on if I went with
> > 2003 standard edition. Thanks in advance.
> >
> > Mark
> >
> > "Paul Adare - MVP" wrote:
> >
> >> On Tue, 26 Aug 2008 12:52:27 -0700, Mark Bohlsen wrote:
> >>
> >> > 3Hi, I plan to migrate my existing Windows 2000 physical server running
> >> > certificate services (subordinate CA in the forest) to a VM, and then
> >> > upgrade
> >> > the server to Windows 2003 R2. Are there any caveats to an in place
> >> > upgrade
> >> > of this type? I will have to change the ip address, but the name of
> >> > the
> >> > server will stay the same. Is there any problems with this? Also,
> >> > when I do
> >> > the in place upgrade does it automatically detect that certificate
> >> > services
> >> > is installed and upgrade the certificate database without having to do
> >> > anything else? Currently, all of 3 DC's in this child domain are
> >> > Windows
> >> > 2003. Any help or advice would be greatly appreciated, as I haven't
> >> > gone
> >> > through an upgrade of this type. Thanks in advance.
> >>
> >> Ignore Dan, he tries to insert himself into threads even when he has no
> >> idea what he's talking about, as is the case here.
> >> An in-place upgrade from 2000 to 2003 will work just fine and Certificate
> >> Services will be upgraded along with the rest of the OS bits.
> >> Keep in mind however, that you don't get to take full advantage of all of
> >> the new Certificate Services features in 2003 unless your CA is running
> >> the
> >> Enterprise or Datacentre Edition SKU.
> >> --
> >> Paul Adare
> >> MVP - Identity Lifecycle Manager
> >> http://www.identit.ca
> >> That does not compute.
> >>
>

 

[Brian Komar \(MVP\)]

Huh?????
Not sure where you read all of this into my answer.
Brian

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:2AF4D144-1C68-4EB0-BEA0-24C15C184D78@microsoft.com...
> Thanks Brian. As you can see Mark Bohlsen my questions were relevant
> because
> it helped you to explain what you wanted to do and Paul has given his
> thoughts and now clearer heads prevail again with Brian Komar whose
> response
> is clear cut and shows that unless you have Enterprise or Data Center
> SKu's
> you will only gain newer bits. As we all can see, Brian Komar, mvp has
> cleared away the confusion of the situation and now Mark Bohlsen can make
> a
> better decision in how Mark would like to proceed and going to newer
> software
> does not always mean that the huge investment return on the newer software
> is
> worth the cost. Remember, Microsoft even has over 100+ pages about
> properly
> securing and safeguarding Windows 98 and Windows NT computers available
> from
> their website.
>
> "Brian Komar (MVP)" wrote:
>
>> - No issuance of certificates based on version 2 certificate templates =
>> no
>> customized certificates-
>> - No key archival and recovery
>> - No autoenrollment of user certificates for deployment
>> - Can only issue version 1 certificates using Automatic Certificate
>> Request
>> Services for computer certificates
>>
>> To be honest, you pretty much gain nothing moving from Windows 2000 to
>> Windows 2003 if you do not run on Enterprise or Data Center Edition
>> SKUs.
>> The only thing you gain is newer bits
>> Brian
>>
>>
>> "Mark Bohlsen" <MarkBohlsen@discussions.microsoft.com> wrote in message
>> news:157E9980-A8A6-4162-8351-BE668CCB06EB@microsoft.com...
>> > Paul,
>> >
>> > Thanks for the response. Dan had me worried, I was hoping that wasn't
>> > going
>> > to be an attempt to answer my question. Anyway, I was wondering if you
>> > could
>> > expand on the 2003 features that I would be missing out on if I went
>> > with
>> > 2003 standard edition. Thanks in advance.
>> >
>> > Mark
>> >
>> > "Paul Adare - MVP" wrote:
>> >
>> >> On Tue, 26 Aug 2008 12:52:27 -0700, Mark Bohlsen wrote:
>> >>
>> >> > 3Hi, I plan to migrate my existing Windows 2000 physical server
>> >> > running
>> >> > certificate services (subordinate CA in the forest) to a VM, and
>> >> > then
>> >> > upgrade
>> >> > the server to Windows 2003 R2. Are there any caveats to an in place
>> >> > upgrade
>> >> > of this type? I will have to change the ip address, but the name of
>> >> > the
>> >> > server will stay the same. Is there any problems with this? Also,
>> >> > when I do
>> >> > the in place upgrade does it automatically detect that certificate
>> >> > services
>> >> > is installed and upgrade the certificate database without having to
>> >> > do
>> >> > anything else? Currently, all of 3 DC's in this child domain are
>> >> > Windows
>> >> > 2003. Any help or advice would be greatly appreciated, as I haven't
>> >> > gone
>> >> > through an upgrade of this type. Thanks in advance.
>> >>
>> >> Ignore Dan, he tries to insert himself into threads even when he has
>> >> no
>> >> idea what he's talking about, as is the case here.
>> >> An in-place upgrade from 2000 to 2003 will work just fine and
>> >> Certificate
>> >> Services will be upgraded along with the rest of the OS bits.
>> >> Keep in mind however, that you don't get to take full advantage of all
>> >> of
>> >> the new Certificate Services features in 2003 unless your CA is
>> >> running
>> >> the
>> >> Enterprise or Datacentre Edition SKU.
>> >> --
>> >> Paul Adare
>> >> MVP - Identity Lifecycle Manager
>> >> http://www.identit.ca
>> >> That does not compute.
>> >>
>>

 

[Paul Adare - MVP]

On Thu, 28 Aug 2008 03:39:03 -0700, Dan wrote:

> Thanks Brian. As you can see Mark Bohlsen my questions were relevant because
> it helped you to explain what you wanted to do

Your question was completely irrelevant and you don't have the faintest
idea as to what is being discussed in this thread.

> and Paul has given his
> thoughts

I did not give my thoughts, I answered the question.

> and now clearer heads prevail again with Brian Komar whose response
> is clear cut and shows that unless you have Enterprise or Data Center SKu's
> you will only gain newer bits.

Again, you don't have a clue what you're talking about. Clearer heads? Mark
asked for additional information which Brian provided as he got to the
question before I did. This isn't a competition.

> As we all can see, Brian Komar, mvp has
> cleared away the confusion of the situation and now Mark Bohlsen can make a
> better decision in how Mark would like to proceed and going to newer software
> does not always mean that the huge investment return on the newer software is
> worth the cost. Remember, Microsoft even has over 100+ pages about properly
> securing and safeguarding Windows 98 and Windows NT computers available from
> their website.

Would you please stop parroting the above. You're simply showing your lack
of knowledge and experience and you're certainly not helping anyone, quite
the contrary.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Conversational mode: Describes the typical office the day after a major
sporting event.

 

[Paul Adare - MVP]

On Thu, 28 Aug 2008 08:43:54 -0500, Brian Komar (MVP) wrote:

> Huh?????
> Not sure where you read all of this into my answer.

You need to read some of Dan's other posts, they'd be funny if the subject
weren't so serious and if they weren't so consistently wrong, rambling,
off-topic, and misleading.

--
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca
Transistor: A sibling, opposite of transbrother.

 

[Dan]

From the folks at Microsoft and over 100 pages! ---


[PPT] Threat Mitigation for Windows 98 and Windows NT 4.0File Format:
Microsoft Powerpoint - View as HTML
Securing Windows NT Networks: What Are the Challenges? Guarding systems
against attacks: .... Windows 98 network security can be improved by: ...
download.microsoft.com/.../Threat_Mitigation%20for_Windows_98_and_Windows_NT4.ppt - Similar pages

"Paul Adare - MVP" wrote:

> On Thu, 28 Aug 2008 03:39:03 -0700, Dan wrote:
>
> > Thanks Brian. As you can see Mark Bohlsen my questions were relevant because
> > it helped you to explain what you wanted to do
>
> Your question was completely irrelevant and you don't have the faintest
> idea as to what is being discussed in this thread.
>
> > and Paul has given his
> > thoughts
>
> I did not give my thoughts, I answered the question.
>
> > and now clearer heads prevail again with Brian Komar whose response
> > is clear cut and shows that unless you have Enterprise or Data Center SKu's
> > you will only gain newer bits.
>
> Again, you don't have a clue what you're talking about. Clearer heads? Mark
> asked for additional information which Brian provided as he got to the
> question before I did. This isn't a competition.
>
> > As we all can see, Brian Komar, mvp has
> > cleared away the confusion of the situation and now Mark Bohlsen can make a
> > better decision in how Mark would like to proceed and going to newer software
> > does not always mean that the huge investment return on the newer software is
> > worth the cost. Remember, Microsoft even has over 100+ pages about properly
> > securing and safeguarding Windows 98 and Windows NT computers available from
> > their website.
>
> Would you please stop parroting the above. You're simply showing your lack
> of knowledge and experience and you're certainly not helping anyone, quite
> the contrary.
>
> --
> Paul Adare
> MVP - Identity Lifecycle Manager
> http://www.identit.ca
> Conversational mode: Describes the typical office the day after a major
> sporting event.
>