Is it safe to reboot a Windows 2003 certificate authority server? What problems might occur?
My company has a Windows 2003 root certificate authority server which is used to generate client certificates for Remote Desktop Services logins, as well as certificates for internal HTTPS websites.
It recently developed some problems, and we would like to reboot the server.
Those problems are the inability to login remotely via Remote Desktop due to a "RPC server not available" error, and the lost ability to create new certificates. We tried stopping and restarting some of the services, but several of them remain stuck in the "stopping" phase. The server uptime is something close to a year and a half, and the assumption is that a restart ought to bring everything back up fresh.
However, several IT staff members are claiming that if we reboot the CA, all services on all servers (IIS, SQL Server, etc) will stop working until the system is back online.
I can't find any Microsoft documentation to support that position, but neither can I find any documentation that proves that there will not be any impact to running services.
Does anybody here know for certain what potential impact there may be for rebooting the company root CA server?
This is simply not true. All certificates issued by the server are signed with it's private key. That signature is what's checked by clients using the public key certificate that has also been generated by the server and installed on the clients. Nothing needs to be verified on the server in order for connections to succeed. The only thing that would ever be checked is revocations. So go ahead and reboot it. In fact, go ahead and start installing security updates on it as well. Since you haven't rebooted it in a long time, I assume it hasn't been updated in a very long time. That's kind of worrisome...