| Author |
KMS Server aarghhh!!!!!
|
|
| stepfaul 2003-09-04, 4:54 am |
| I am trying to setup a KMS server in my test domain and it keeps failing, I wondered if anyone else has had problems ?
For once, I have followed the setup instructions as per MS Press training book. ie. named the domain 'Bluesky-inc-10.com' and completed all the excercises up to the KMS server excercise.
I am fortunate enough to have a test domain at work (2 servers+workstation) and the same at home, I have setup KMS at home but have not had a chance to test yet , although an error message was displayed during setup.
I will report the error message in another post but i am just after general thoughts for now.
Thanks | |
| jeff_j_black 2003-09-04, 11:22 am |
| Have you been able to import the appropriate certificates? | |
| stepfaul 2003-09-05, 7:17 am |
| No Jeff, I cannot enroll users as I cannot install KMS. After a couple of hours research (while being sent in all different directions) I read an article that mentioned installing Exchange SP3. I have done this and have now managed to install KMS on my DC in a child domain, the DC in the parent domain is running Certificate services as per MS Press book.
The problem I have now is that I cannot enroll all users, I have managed to enroll a user from the parent domain OK, but when I try and enroll the administrator user from the child domain I receive an error in the enroll.log :
/o=Blue Sky Airlines/ou=First Administrative Group/cn=Recipients/cn=AdminCA Failed because this user is in wrong state.
/o=Blue Sky Airlines/ou=First Administrative Group/cn=Recipients/cn=CarlT CPKOQCYETAVP Succeeded. Token sent to user.
As you can see AdminCA failed (Child domain admin account) and CarlT succeeded (Parent domain account).
I have read an article (KB272388) regarding enrolling users in child/parent domains and it states the latest service pack should be installed for W2K server, which in my case is SP4. I will try this. | |
| jeff_j_black 2003-09-05, 10:01 am |
| Your child domain has the parent domain in it's certificate trust list? | |
| stepfaul 2003-09-05, 10:05 am |
| I think I know what the problem is.. Early on in the book there is an exercise to create a child domain, which I performed but in the later chapters the book is assuming you have one domain with two DC's.
I don't quite know why the KMS server does not function as it should do in a Parent/child domain setup, but I have had enough of this problem now. I am re-building both DC's from scratch and starting from fresh again.
Sorry to confuse anyone. | |
| jeff_j_black 2003-09-05, 11:28 am |
| Good luck! Getting Certificate Services and KMS working is good experience. Just know that DNS has to be rock solid, your child domain has to trust the parent CA and before installing KMS, you have to import three certificates on the Exchange Server. I don,t have my docs or my Exhcange server here with me so I can't be sure what those certificates are. | |
| stepfaul 2003-09-08, 7:02 am |
| Having re-built my servers and setup only one domain with two DC's all is working OK now. Thanks for your help.
I should have really tried your suggestion regarding the trust list but hey ho, I am now back on track. | |
| jeff_j_black 2003-09-08, 5:05 pm |
| Good deal! |
|
|
|