How to reinstall the CA role in Small Business Server 2011 Essentials

Article translations Article translations
Article ID: 2581361 - View products that this article applies to.
Expand all | Collapse all

On This Page

Summary

This article describes how to uninstall and then reinstall the Certificate Authority (CA) role in Windows Small Business Server 2011 Essentials (SBS 2011 Essentials). 

Uninstall the CA server role

  1. On the server that is running SBS 2011 Essentials, click Start, point to Administrative Tools, and then click Server Manager.
  2. Right-click Roles, and then select Remove Roles.
  3. On the Before You Begin page, click Next.
  4. Click to clear the Active Directory Certificate Services check box, and then click Next.
  5. On the Confirm Removal Selections page, click Remove.
  6. Click Close, and then restart the server.
  7. After the server restarts, click Close when you are prompted by a message that reads
    Removal Succeeded.

Reinstall the CA server role

  1. On the server, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Roles Summary section, click Add Roles.
  3. On the Before You Begin page, click Next.
  4. On the Server Roles page, select Active Directory Certificate Services, and then click Next.
  5. On the Introduction to Active Directory Certificate Services page, click Next.
  6. On the Select Role Services page, select Certification Authority and Certification Authority Web Enrollment, and then click Next.
  7. On the Specify Setup Type page, select Standalone, and then click Next.
  8. On the Specify CA Type page, select Root CA, and then click Next.
  9. On the Set Up Private Key page, select Use existing private key, select Select a certificate and use its associated private key option, and then click Next.
  10. On the Select Existing Certificate page, select the <Server_Name>-CA certificate, and then click Next.

    Note In this certificate name item, <Server_Name> is the name of the destination server.
  11. On the Configure Certificate Database page, accept the default locations, and then click Next.
  12. Confirm your selections, and then click Install.
  13. When the wizard is finished, click Close, and then restart the server.
  14. At an elevated command prompt, run the following commands:
    • CertUtil -setreg CA\ValidityPeriod Years
    • CertUtil -setreg CA\ValidityPeriodUnits 30

Verify the installation

  1. Click Start, point to Administrative Tools, and then click Certification Authority.
  2. Right-click the server name, and then click Properties.
  3. Click the Extensions tab.
  4. In the list that is displayed, click http://<ServerDNSName>/CertEnroll/<CaName><CRLNAMESUFFIX><DELTACRLALLOWED>.crl.
  5. Make sure that the following options are selected:
    • Include in CRLs. Clients use this to find the Delta CRL location.
    • Include in the CDP extension of issued certificates.
  6. Click OK to save your changes.
  7. When you are asked to restart Active Directory Certificate Services, click Yes.
  8. Close the Certification Authority screen.

Add the server and the clients to the Dashboard

  1. Locate the following folder: C:\Program Files\Windows Server\Bin\.
  2. Right-click the Wsspowershell.exe file, and then click Run As Administrator.

    Note A new window that runs PowerShell opens.
  3. In the PowerShell windows, type Add-WssLocalMachinecert.
  4. Rerun the connector installation on all client computers. For more information about how to install the client connector, see How do I connect computers to the server?

Properties

Article ID: 2581361 - Last Review: August 30, 2013 - Revision: 15.0
Applies to
  • Windows Small Business Server 2011 Essentials
Keywords: 
kbsmb KB2581361

Give Feedback

 

Kontaktieren Sie uns, um weitere Hilfe zu erhalten

Kontaktieren Sie uns, um weitere Hilfe zu erhalten
Wenden Sie sich an den Answer Desk, um professionelle Hilfe zu erhalten.