Home » Microsoft » 70-640 » What should you do first?
A company has an Active Directory forest.
You plan to install an offline Enterprise root certification authority (CA) on a server named CA1.
CA1 is a member of the PerimeterNetwork workgroup and is attached to a hardware security module for private key storage.
You attempt to add the Active Directory Certificate Services (AD CS) server role to CA1.
The Enterprise CA option is not available.
You need to install the AD CS server role as an Enterprise CA on CA1.
What should you do first?
A. Add the DNS Server server role to CA1.
B. Add the Web Server (IIS) server role and the AD CS server role to CA1.
C. Add the Active Directory Lightweight Directory Services (AD LDS) server role to CA1.
D. Join CA1 to the domain.
Correct Answer: D
Explanation/Reference:
Reference 1:
http://kazmierczak.eu/itblog/2012/09/23/enterprise-ca-option-is-greyed-out-unavailable/
Many times, administrators ask me what to do when installing Active Directory Certificate Services they cannot choose to install Enterprise Certification Authority, because it’s unavailable.
Well, you need to fulfill basic requirements:
1. Server machine has to be a member server (domain joined).
2. (…)
Reference 2:
http://social.technet.microsoft.com/Forums/en/w7itproSP/thread/34f95b81-b196-4211-9a99-a06108521268
I am trying to install a new enterprise root CA on my windows server 2008 r2 system, but the enterprise option is always greyed out. The server was originally setup and put on the domain, but has since been removed from the domain and left in a workgroup.
its greyed out because it’s not in a domain; that’s one of the requirements for Enterprise CA.