I have server (A) running Windows Server 2008 with a define domain (world) and a DNS role with the following configuration IP 10.10.0.11 mask 255.255.0.0 Gateway 10.10.0.1 I have another server (B) which uses the DNS of A with configuration IP 10.10.01.12 Mask 255.255.0.0 Gateway 10.10.0.1 DNS 10.10.0.11 When I try to install a CA enterprise in server (B), I only see the option stand alone and gray out the enterpise. As far I understand the requirements for server (B) to install the CA enterprise are: server (A) a domain and DNS roles define and server (B) to point to DNS of server (A). Am I missing something else?  michael john ocasio

Hi, Server A should have localhost defined in its DNS so 127.0.0.1. Also is Server B a member of the domain that server A is hosting? Regards, Rmknight

Yes I do know the first one..... second point I check the network connection of the internet protocol version (TCP/IPv4) and see if it points to server (A) 10.10.0.11. Add server (A) to domain. Do I use the same account to add the domain which I use to log in as an administrator? michael john ocasio

Hi, Is Server A a domain Controller? e.g. Have you run dcpromo on it? Is this a test CA you are planning on running?Regards, Rmknight

Hi, Is Server A a domain Controller? e.g. Have you run dcpromo on it? Is this a test CA you are planning on running?Regards, Rmknight

No changes were made in server (A). changes were made in (B). If there were changes made to A I will nedd to dcpromo? michael john ocasio

No changes were made in server (A). changes were made in (B). If there were changes made to A I will nedd to dcpromo? michael john ocasio

Hi, To effectively set up an enterprise CA , the following actions must be taken: Domain Name Service (DNS) installed on a DNS server on the network. Active Directory installed on a domain controller on the network. Enterprise policy places information into the Active Directory. The computer that will host the enterprise root CA joined to the Active Directory domain. Enterprise administrator privileges placed on the DNS, Active Directory, and CA servers. This is especially important because setup modifies information in numerous places, some of which require enterprise administrator privileges. I would like suggest you run DCPROMO on server A, create a domain, and server A will be the DNS server and Domain Controller, then add server B(which will be the Enterprise root CA) to the domain, and then log on to server B with enterprise administrator. For more details, please refer to the below links: http://technet.microsoft.com/en-us/library/aa996120(v=exchg.65) Building an Enterprise Root Certification Authority in Small and Medium Businesses http://technet.microsoft.com/en-us/library/cc875810.aspx Hope this helps. Regards, Yan Li Yan Li TechNet Community Support

Hi, To effectively set up an enterprise CA , the following actions must be taken: Domain Name Service (DNS) installed on a DNS server on the network. Active Directory installed on a domain controller on the network. Enterprise policy places information into the Active Directory. The computer that will host the enterprise root CA joined to the Active Directory domain. Enterprise administrator privileges placed on the DNS, Active Directory, and CA servers. This is especially important because setup modifies information in numerous places, some of which require enterprise administrator privileges. I would like suggest you run DCPROMO on server A, create a domain, and server A will be the DNS server and Domain Controller, then add server B(which will be the Enterprise root CA) to the domain, and then log on to server B with enterprise administrator. For more details, please refer to the below links: http://technet.microsoft.com/en-us/library/aa996120(v=exchg.65) Building an Enterprise Root Certification Authority in Small and Medium Businesses http://technet.microsoft.com/en-us/library/cc875810.aspx Hope this helps. Regards, Yan Li Yan Li TechNet Community Support

So a root CA does not have to be a Domain Controller, is this correct?

Hi, No, we always recommend don't install CA on DC, root CA will be set offline, if your Root CA is your DC, then your DC will be offline. That is not we want. Regards, Yan LiYan Li TechNet Community Support

Hi, No, we always recommend don't install CA on DC, root CA will be set offline, if your Root CA is your DC, then your DC will be offline. That is not we want. Regards, Yan LiYan Li TechNet Community Support