Microsoft
MicrosoftSo I'm currently working on my upgrade from 2008R2 to 2019 servers, in a lab. My environment is as follows.
Standalone Root CA
Enterprise Issuing CA
Enterprise OSCP Responder/CRL holder
I basically followed this article step by step to build a new root ca on 2019. Kept the same name all that. Seemed to go fine.
Then I followed this article step by step building a new issuing ca on 2019, keeping the same name etc. Went all fine until the end when I did the restore. At the end, it said could not start the ADCS service because of the RPC was not running and could not verify CRLs. From there I rebooted, and launched CA console. The templates showing as issued were the generic versions, not my customized ones. When I try to issue the correct one, I get the same errors.
To move forward with my migration, do I maybe need to build the OCSP Responder/CRL holder server first, before the issuing ca? That way it will see the CRL and be happy? Also, for the OCSP Responder, I assume I just follow this document step by step, but add the role features to go with that?
Thanks
