Is it safe to reboot a Windows 2003 certificate authority server? What problems might occur?

windows-server-2003 certificate-authority ad-certificate-services

My company has a Windows 2003 root certificate authority server which is used to generate client certificates for Remote Desktop Services logins, as well as certificates for internal HTTPS websites.

It recently developed some problems, and we would like to reboot the server.

Those problems are the inability to login remotely via Remote Desktop due to a "RPC server not available" error, and the lost ability to create new certificates. We tried stopping and restarting some of the services, but several of them remain stuck in the "stopping" phase. The server uptime is something close to a year and a half, and the assumption is that a restart ought to bring everything back up fresh.

However, several IT staff members are claiming that if we reboot the CA, all services on all servers (IIS, SQL Server, etc) will stop working until the system is back online.

I can't find any Microsoft documentation to support that position, but neither can I find any documentation that proves that there will not be any impact to running services.

Does anybody here know for certain what potential impact there may be for rebooting the company root CA server?


This is simply not true. All certificates issued by the server are signed with it's private key. That signature is what's checked by clients using the public key certificate that has also been generated by the server and installed on the clients. Nothing needs to be verified on the server in order for connections to succeed. The only thing that would ever be checked is revocations. So go ahead and reboot it. In fact, go ahead and start installing security updates on it as well. Since you haven't rebooted it in a long time, I assume it hasn't been updated in a very long time. That's kind of worrisome...

Related

PTY allocation request failed on channel 0
How to configure Squid with for authentication but skip it for local requests?
Managing laptops and desktops in the organization and pushing windows updates to them
Creating a bootable PXE image from a dos utility firmware updater
What is the fastest way to remove thousands of files on a btrfs filesystem?
what are the numbers in bracket against chain name in iptable? [duplicate]
Howto make SonicWall use a specific WAN interface based on IP?
problem executing a bash script with utf8 encoding
Why mysql cluster does not use multiple cores of the CPU?
How to check if ESX hosts have enough RAM
how can i configure active directory to make passwords expire at midnight?
Tunneling all TCP and UDP traffic through a Server?