Breadcrumbs

Installing AD CS Server Role on Second Cluster Node

To install the CA on the second node, complete the following tasks:

  1. Log in as a user with Administrative privileges.

  2. Select Start, then select Server Manager to open Server Manager.

  3. Select the File and Storage Services. Click Disks.

image-20250805-115008.png


"Server Manager" Window

  1. Bring the shared disk online on the second cluster node.

  2. Copy the exported CA certificate to the second cluster node.

  3. Import the CA certificate that was previously created on the first cluster node.

›_ PowerShell

 
PS> certutil -addstore -f "My" "<CaName>.cer"
Signature matches Public Key
Certificate "DemoRootCa" added to store.
CertUtil: -addstore command completed successfully.

If you are using smartcard authentication, the prompt will appear on the PIN Pad device to insert the smartcard and enter the PIN. Then, press the OK button on the PIN Pad.

  1. To create a link between the certificate and the private key, first find the certificate serial number.

›_ PowerShell

 
PS> certutil -addstore -f "My" "<CaName>.cer"
Signature matches Public Key
Certificate "DemoRootCa" added to store.
CertUtil: -addstore command completed successfully.

  1. And use the certutil command to repair the link.

›_ PowerShell

 
PS> certutil –f –repairstore –csp "Utimaco CryptoServer Key Storage
Provider" my <serial>
CertUtil: -repairstore command completed successfully

If you are using smartcard authentication, the prompt will appear on the PIN Pad device to insert the smartcard and enter the PIN. Then, press the OK button on the PIN Pad.

  1. Open Server Manager under Configure this Local Server and click Add Roles and Features.

  2. The Add Roles and Features Wizard displays.

  3. Click Next. Select radio for the Role-based or feature-based installation and click Next.

  4. Select the radio button for a server from the server pool, select the second cluster node from the server pool, and click Next.

  5. Select the Active Directory Certificate Services check box from the Server Roles.

  6. Add features that are required for Active Directory Certificate Services window displays. To add a feature, click the Add Features button.

  7. Click Next.

  8. Click Next.

  9. Select the check box for Certification Authority from the Role services list and click Next.

  10. Click Install.

  11. Once installation is complete, select the link Configure Active Directory Certificate Services on the destination server. The AD CS Configuration wizard displays.

  12. In the Credentials page of the AD CS Configuration wizard, click Next.

  13. Select the check box for Certification Authority and click Next.

  14. Select Enterprise CA as Setup Type and click Next.

  15. Select Root CA as the type of CA and click Next.

  16. Select the radio button for Use existing private key and choose the option Select a certificate and use its associated private key, and click Next.

  17. Select the CA certificate that was generated on the first cluster node and click Next.

  18. Change the default paths for the database and log location to the shared disk and click Next.

  19. A dialog box displays stating that an existing database was found. Click Yes to overwrite.

  20. In the Confirmation page, click Configure.

  21. Verify that the CA service has successfully started by running the following command.

›_ PowerShell

 
sc query certsvc