After CA migrating Will there be any problems and/or interruptions on the 802.1x side during this migration?

ssadoglu said:

Hi,


We have Cisco ISE 802.1x authentication for Win10&11 clients in our domain environment. Also , I have been deploying 802.1x wireless (computer authentication) setttings via GPO.

My question is : I will migrate the AD Certificate Authority Service server role from 2012 R2 to 2022. Will there be any problems and/or interruptions on the 802.1x side during this migration?

Would there be any special considerations to keep in mind after I migrate the CA servers?

thanks,

Click to expand...

Don't decommission the 2012 server. It is possible to run both concurrently, thereby allowing you to switch external services one by one to the 2022 server, and verify it works. If it doesn't, rollback to the 2012 server while you conduct further investigation is easy.

When the last service has been removed from the 2012 server, you kill it. Leave both running until you're done, and avoid a "big bang" migration.

depends on what you are trying to do when you migrate. If you want to move the original cert to the new server with the same name, then you need to do the "rip the band-aid" approach. I just did that on a 2016 to 2022 subordinate CA and it worked well, but I wasnt doing 802.1x on it. If you are really paranoid, then create a new sub-CA and repoint the 802.1x to that new server. If this is the root CA... then maybe you should consider moving to an offline root CA with the domain CAs being subordinate ones.