Wednesday, April 18, 2007

Issues with Automated Deployment Services Certificates

In case anyone here is planning on updating ADS to WDS (Windows Deployment Services) I would recommend first backing up the ADS SQL Database and uninstalling ADS in its entirety. I have had nothing but problems with a mixed environment for imaging, not that one would want that in the first place...

I ended up ditching WDS for now until I can implement a virtual server solution. Turns out that reinstalling ADS severs the tie between the managed devices (160+ servers) and the ADS Controller. One MUST reinstall the ADSAdministrationAgent on each device. This can prove to be a little tedious but it has to be done...so I am in the process of reinstalling the service and re-linking the adsroot certificate to the controller so I can manage my servers.

This can be done one of two ways...via command line or by reinstalling the package included with the ADS install. The command line options are as follows:

regcert
/l - lists current certificates installed
/d - deletes currently registered certificate

Unless you have an excellent knowledge of certificates and how they work, I have found that it is easier to just use the package to reinstall the adsadmin service and bind the adsroot.cer correctly.

Also it is Microsoft's best practice to actually copy the certificate (adsroot.cer) down to the server and register the cert there locally as opposed to pointing the service out to the controller.

I have been looking into Windows Deployment Services which replaces ADS and RIS and rolls everything up into a nicely managed snap-in in which you can use to push images to servers and PC's alike. More to come...

No comments: