New Server

I recently decided to get a new server for our house. My old Windows 2000 Server PIII 450 MHz with 4 SCSI drives totalling 45 GB and 512 MB of RAM was getting pretty bogged down. We use this server for our domain authenitication, port mapping, web sites, extra disk space, and it tracks the callerid of every person who calls our house. I ended up getting a Windows 2003 Server AMD 2900+ 2.0 GHz computer with 1 GB of RAM and a 200 GB SATA hard drive.

Since I wanted this to be a direct replacement of my old one, I needed it to have the same name as the old one and the same IP addresses. This caused a little difficulty since if you have Active Directory installed, you can’t rename the computer. So I had to get the new computer up and running, add it to the domain, add active directory and let it sync. Then I could remove Active Directory from the old server, rename it, then install active directory, and let it sync. Then I did the same with the new server, remove AD, rename, reinstall, sync. But the problem came in when I was trying to remove AD. It wouldn’t let me. So I had to unplug it from the network and force AD to remove. Then I was able to do the rename and everything seems fine. I replace the old server with the new one.

It wasn’t until I was trying to install certificate services that I started running into issues. It would install but I could never start the service, it kept saying “The directory service was unable to allocate a relative identifier.” I finally figured out the reason for this was because no computer in my network had any FSMO Roles. This was because when I forcefully removed AD from the new server it never transferred any of those roles to the old server. So of course the old server couldn’t transfer those roles back to the new server. So I had to seize all the roles using ntdsutil.exe. Once that was done I was able to successfully install and start cerficate services.

But then when I was trying to setup the user certificate templates, I was unable to do any template stuff. This was because I didn’t install Certificate services as an Enterprise CA. That option was grayed out for me. Turns out that I also needed to make the new computer the Global Catalog Server. After a reboot I was finally able to install Certificate Services as an Enterprise CA, and thus be able to issue User Certificates.

All the Certificate stuff was for what I was planning for my wireless network. In my next blog, I’ll explain how my network is setup and how to setup windows 2003 server as a radius server and use certificates for authentication on your wireless network.

Leave a Reply

Your email address will not be published. Required fields are marked *