Monday, August 25, 2008

Gotcha's Using the SBS 2008 Answer File

This blog post comes courtesy of all of the folks that have already gotten into trouble using the SBS 2008 Answer File and "Certificate Authority Name".  Through the beta process, we've found a number of people miss-using the Certificate Authority Name from the Answer File.


The Certificate Authority Name is only used to override the default.  If you leave this blank (which is totally acceptable) you will end up with a Root certificate issued to %DOMAIN%-%SERVER%-CA (e.g. CONTOSO-SBSSRV-CA, for the NETBIOS domain as CONTOSO, and the server name as SBSSRV).

You can override this to be whatever you want EXCEPT your domain name.  Make it "Contoso CA" or "Contoso Web Certificate Authority".... just don't make it "" if that's the domain you will use for your network.

What happens if you do make this mistake? you'll need to use a DIFFERENT domain name inside the Internet Address Management wizard, because this wizard will fail to configure anything certificate related on your network.

If you're not sure what to put in here, just leave it blank.  Oh, and one more thing, if you make something far too long, or use crazy complex characters, then the server ignores your selection and just makes it DOMAIN-SERVER-CA again.


iTropics said...

Thanks for this reminder...