Migrate NDES service to a new Server

Simon Auty 41 Reputation points
2020-08-05T06:06:23.537+00:00

Hi,

I'm in the process of migrating certificate services from 2008R2 to 2016, one of the CA servers is also running the NDES service but I can't find any guide on how to move this to a new server (I'm planning on re-using the old server IP and name).

Has anyone done this before and can provide some help?

The NDES is being used for our MDM so I don't want to re-install it from scratch if at all possible.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,774 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hannah Xiong 6,256 Reputation points
    2020-08-06T02:42:31.067+00:00

    Hi,

    Thank you so much for posting here.

    According to this similar discussion, it would make more sense to install Certificate Services (using a backup of the CA key), Web Enrollment, restore the certificate database & registry key, and then install NDES.

    Reference: https://social.technet.microsoft.com/Forums/windowsserver/en-US/981f7a8e-77a5-417c-b0bb-941008b942ed/restoring-certificate-services-database-and-enabling-ndes?forum=winserversecurity

    As for migrating certificate service, we could refer to:

    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674

    Hope the information is helpful. Thanks.

    Best regards,
    Hannah Xiong