What if you created a certificate infrastructure, sized it according to the requirements known at the moment and a new project comes along that requires a certifcate services Database and log that is three times the size of the original one, so it doesn't fit onto your sized harddisk. In alot of scenario's it's possible to expand the disks (using vmware, xenserver or hyper-v this is quite easy), but when you're using physical servers it's not so easy.
Or, maybe, when you installed AD CS you forgot to move it from c:\windows\system32\Certsvc. No worries, it's quite easy to change it.
In this short blogpost I'll explain how to move the certificate services database and log location after AD Certificate Services has been installed.
1. Prepare the disk, LUN or whatever you have in mind for your database and log. Ideally both will be placed on separate disks for performance reasons. Create the path for the database and log. In case it'll be placed on one disk I always assume CertDB for the database and CertDB\Logs for the logs, to keep things tidy.
2. Stop the AD Certificate Services service by running net stop certsvc from an elevated command prompt or by right clicking and selecting Stop service in the Services MMC.
3. Copy the database and the logs to their new location.
4. Open the registry editor by starting regedit and browse to HKLM\System\CurrentControlSet\Services\CertSvc\Configuration.
5. Edit the following entries:
DBDirectory (default is C:\Windows\System32\CertLog\..., change it to your new databasedir)
DBLogDirectory (default is C:\Windows\System32\CertLog, change it to your new logdir)
DBSystemDirectory (default is C:\Windows\System32\CertLog, change it to your new databasedir)
DBTempDirectory (default is C:\Windows\System32\CertLog, change it to your new databasedir)
6. Start the certification authority again by running net start certsvc from the commandline or by right clicking the AD Certification Services service and choosing Start. From this moment your DB and log should be running from the new location.
7. Verify it is running from the new location. You can do this by opening up the certification authority MMC. Right click on the name of your CA and choose Properties. Choose the tab Storage. The tab should look like this, with the location of your DB and Logs on a perhaps different drive/letter.
Hope this helps.
Regards,
Stefan Hazenbroek
donderdag 13 januari 2011
Abonneren op:
Reacties posten (Atom)
Geen opmerkingen:
Een reactie posten