CLM FP 1 Database Backup and Restore

  • Article

Prerequisite knowledge

This document assumes that you have an understanding of CLM FP1, Active Directory, and Hyper-V.

Audience

This guide is intended for IT planners, systems architects, technology decision makers, consultants, infrastructure planners, and IT personnel who maintain and use CLM FP1.

Time requirements

The procedures in this document require between 60 and 90 minutes for a new user to complete.

Note

These time estimates assume that the testing environment is already configured for the scenario, and do not include the time required to set up the test environment.

Scenario description

Fabrikam, a fictitious company, currently uses Microsoft® Certificate Lifecycle Manager Feature Pack 1 for certificate management. They wish to test the backup and restore procedures for Certificate Lifecycle Manager Feature Pack 1.

The testing environment

The scenario outlined in this document has been developed and tested on a stand-alone computer running the 64-bit editions of the Windows Server® 2008 operating system and Hyper-V. The server has two 3.0 gigahertz (GHz) dual core processors and 8 gigabytes (GB) of RAM. Using Hyper-V, the following four virtual machines were created on the host.

Table 1 Virtual Machines and Roles

Name Memory Operating system Description

DC.Fabrikam.com

512 MB

32-bit Windows Server 2003

Domain Controller

CA.Fabrikam.com

512 MB

32-bit Windows Server 2003

Certificate Authority

CLMOLD.Fabrikam.com

2048 MB

32-bit Windows Server 2003

Certificate Lifecycle Manager Feature Pack 1, Microsoft SQL Server 2005, and Microsoft IIS 6.0

CLMNEW.Fabrikam.com

2048 MB

32-bit Windows Server 2003

Certificate Lifecycle Manager Feature Pack 1, SQL Server 2005, and IIS 6.0

Hyper-V is not a requirement to complete the steps outlined later. These steps can be implemented on physical computers as long as they reflect the same roles as the preceding table.

Required accounts

The following table summarizes the CLM accounts used in this step-by-step guide.

Table 2 Required Accounts

Account Display name Password

Fabrikam\clmAgent

CLM Agent

Pass1word$

Fabrikam\clmKRAgent

CLM KR Agent

Pass1word$

Fabrikam\clmAuthAgent

CLM Auth Agent

Pass1word$

Fabrikam\clmCAMngr

CLM CA Manager

Pass1word$

Fabrikam\clmWebPool

CLM Web Pool

Pass1word$

Fabrikam\clmEnrollAgent

CLM Enroll Agent

Pass1word$

Before you begin

Before starting the backup process, you must have access to the passwords for the six CLM FP1 accounts. These passwords are required for the restoration process. If the passwords were auto-configured by the CLM FP1 configuration wizard, follow the ILM documented instructions for resetting the account passwords to a known value before starting the backup process.

All CLM agent accounts that require certificates—CLM Agent, CLM Key Recovery Agent, and CLM Enrollment agent—must have exportable keys if the keys are stored locally on the CLM Server. If you are using an HSM for agent keys, the keys will be stored on the HSM, but the certificates must still be exported as part of the backup process.

Implementing the procedures in this document

To implement the procedures in this document, complete the following steps in the order shown:

  1. Creating the CLMBackup folder

  2. Backing up the CLM FP1 database

  3. Backing up the CLM Agent key

  4. Backing up the CLM KR Agent key

  5. Backing up the CLM Enrollment Agent key

  6. Backing up the CLM FP1 configuration files

  7. Installing Certificate Lifecycle Manager Feature Pack 1 on a new server

  8. Running the Configuration Wizard

  9. Restoring the CLM FP1 database to the new server

  10. Restoring the CLM Agent key

  11. Restoring the CLM KR Agent key

  12. Restoring the CLM Enrollment Agent key

  13. Restoring the CLM FP1 configuration files

  14. Testing the new installation

Creating the CLMBackup folder

For the scenario in this document, you create a folder that stores the database backup, the exported CLM FP1 account keys, and the backed up configuration data.

To create the CLMBackup folder

  1. Log on to the OLDCLM.Fabrikam.com as Administrator.

  2. Click Start, select My Computer, and then double-click Local Disk (C:).

  3. From the top, click File, select New, and then select Folder.

  4. Replace the text New Folder by typing CLMBackup.

  5. Click OK.

  6. Close Local Disk (C:).

Backing up the CLM FP1 database

The following steps show how to back up the old CLM database.

To back up the CLM FP1 database

  1. Log on to CLMOLD.Fabrikam.com as Administrator

  2. Click Start, select All Programs, select Microsoft SQL Server 2005, and then click SQL Server Management Studio. This starts SQL Server Management Studio.

  3. On the Connect To Server dialog that opens, leave the defaults and then click Connect.

  4. On the left, expand CLMOLD (SQL Server 9.0.4035 – Fabrikam\Administrator), and then expand Databases.

  5. Under Databases, right-click CLM, select Tasks, and then select Back Up. This brings up the Back Up Database - CLM dialog box.

  6. On the Back Up Database – CLM dialog box, under Source, verify that Database is set to CLM.

  7. On the Back Up Database – CLM dialog box, under Source, verify that Backup type is set to Full.

  8. On the Back Up Database – CLM dialog box, under Source, verify that the Backup component option button is set to Database.

  9. On the Back Up Database – CLM dialog box, under Backup set, leave the default name CLM-Full Database Backup.

  10. On the Back Up Database – CLM dialog box, make sure Backup set will expire, that Backup type is set to After 0 days.

  11. On the Back Up Database – CLM dialog box, under Destination, select the default and then click Remove.

  12. On the Back Up Database – CLM dialog box, under Destination, click Add. This brings up the Select Backup Destination dialog box.

  13. On the Select Backup Destination dialog box, click This brings up the Locate Database Files dialog box.

  14. On the Locate Database Files dialog box, select the CLMBackup folder from the tree view and then type CLM.bak in the File Name box.

  15. Click OK.

  16. On the Select Backup Destination dialog box, click OK.

  17. On the Back Up Database – CLM dialog box, click OK.

  18. After the backup completes, a dialog box appears that displays the message “The backup of database ‘CLM’ completed successfully.” Click OK.

  19. Close SQL Server Management Studio.

    Note

    For additional information, including best practices for backing up SQL Server 2005 databases, see How to: Back Up a Database (SQL Server Management Studio).

Backing up the CLM Agent key

The following steps show how to back up the CLM Agent key.

To back up the CLM Agent key

  1. Log on to the CLMOLD.Fabrikam.com as Fabrikam\clmAgent.

  2. Click Start, select Run, and then type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File, and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates and then click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and then select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM Agent certificate, select All Tasks and then click Export This brings up the Certificate Export Wizard.

  11. On the Welcome to the Certificate Export Wizard dialog box, click Next.

  12. On the Export Private Key dialog box, select Yes, export the private key and then click Next.

  13. On the Export File Format dialog box, under Personal Information Exchange – PKCS#12 (.PFX), select Enable strong protection (requires IE 5,0, NT 4.0 SP4 or above) and then click Next.

  14. On the Password dialog box, type Pass1word$ in the Password and Confirm Password boxes, and then click Next.

  15. On the File to Export dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  16. In the File name box, type clmAgentCert and verify that Personal Information Exchange (*.pfx) is selected under Save as type. Click Save.

  17. On the File to Export dialog box, verify the export path and click Next.

  18. On the Completing the Certificate Export Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  19. The dialog box displays the message “The Export was successful.” Click OK.

  20. Close Console1.

  21. Log off CLMOLD.fabrikam.com.

    Note

    For additional information, including best practices for backing up private keys, see Exporting a Certificate (SP Only).

Backing up the CLM KR Agent key

The following steps show how to back up the CLM KR Agent key.

To backup the CLM KR Agent key

  1. Log on to the CLMOLD.Fabrikam.com as Fabrikam\clmKRAgent.

  2. Click Start, select Run, and type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates and then click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM KR Agent certificate, select All Tasks and then click Export. This brings up the Certificate Export Wizard.

  11. On the Welcome to the Certificate Export Wizard dialog box, click Next.

  12. On the Export Private Key dialog box, select Yes, export the private key and then click Next.

  13. On the Export File Format dialog box, under Personal Information Exchange – PKCS#12 (.PFX), select Enable strong protection (requires IE 5,0, NT 4.0 SP4 or above) and then click Next.

  14. On the Password dialog box, type Pass1word$ in the Password and Confirm Password boxes, and then click Next.

  15. On the File to Export dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  16. In the File name box, type clmKRAgentCert and then verify that Personal Information Exchange (*.pfx) is selected under Save as type. Click Save.

  17. On the File to Export dialog box, verify the export path and then click Next.

  18. On the Completing the Certificate Export Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  19. The dialog box displays the message “The Export was successful.” Click OK.

  20. Close Console1.

  21. Log off CLMOLD.fabrikam.com.

    Note

    For additional information, including best practices for backing up private keys, see Exporting a Certificate (SP Only).

Backing up the CLM Enrollment Agent key

The following steps show how to back up the CLM Enrollment Agent key.

To back up the CLM Enrollment Agent key

  1. Log on to the CLMOLD.Fabrikam.com as Fabrikam\clmEnrollAgent.

  2. Click Start, select Run, and then type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File, and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates and click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and then select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM Enroll Agent certificate, select All Tasks and then click Export. This brings up the Certificate Export Wizard.

  11. On the Welcome to the Certificate Export Wizard dialog box, click Next.

  12. On the Export Private Key dialog box, select Yes, export the private key and then click Next.

  13. On the Export File Format dialog box, under Personal Information Exchange – PKCS#12 (.PFX), select Enable strong protection (requires IE 5,0, NT 4.0 SP4 or above) and then click Next.

  14. On the Password dialog box, type Pass1word$ in the Password and Confirm Password boxes, and then click Next.

  15. On the File to Export dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  16. In the File name box, enter clmAgentCert and then verify that Personal Information Exchange (*.pfx) is selected under Save as type. Click Save.

  17. On the File to Export dialog box, verify the export path and then click Next.

  18. On the Completing the Certificate Export Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  19. The dialog box displays the message “The Export was successful.” Click OK.

  20. Close Console1.

  21. Log off CLMOLD.fabrikam.com.

    Note

    For additional information, including best practices for backing up private keys, see Exporting a Certificate (SP Only).

Backing up the CLM FP1 configuration files

The following steps show how to back up the configuration files.

To back up the CLM FP1 configuration files

  1. Log on to CLMOLD.Fabrikam.com as Administrator.

  2. Navigate to the directory where Microsoft® Certificate Lifecycle Manager is installed.

  3. Copy the files in the following table to the CLMBackup folder.

Table 3 Required CLM FP1 Configuration Files to Back Up

File name Default location

Web.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\web\

Microsoft.CLM.service.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Microsoft.CLM.Config.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Microsoft.Clm.PrintServer.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

ClmUtil.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Installing Certificate Lifecycle Manager Feature Pack 1 on a new server

The following steps show how to install the CLM binaries on a different server. For purposes of this step-by-step guide, the CLM binaries will be installed onCLMNEW.fabrikam.com. These steps assume that this server is already a member of the domain, and has the required CLM FP1 prerequisites installed. They also assume that the CLMBackup folder has been copied over to the new server. The CLMBackup folder should have the following files in it, prior to being copied over.

Table 4 CLMBackup files

File name

CLM.Bak

CLMAgent.pfx

CLMKRAgent.pfx

CLMEnrollAgent.pfx

Web.config

Microsoft.CLM.service.exe.config

Microsoft.CLM.Config.exe.config

Microsoft.Clm.PrintServer.exe.config

ClmUtil.exe.config

To install CLM FP1 on the new server

  1. Log on to the CLMNEW.fabrikam.com Server as Administrator.

  2. Place the Identity Lifecycle Manager Feature Pack 1 installation media in the CD drive of the server.

  3. From the splash dialog box, under Certificate and smart card management, select Install Certificate and smart card management Server and CA Modules

    Note

    A dialog box may appear that displays the following message: “Active content can harm your computer or disclose personal information. Are you sure that you want to allow CDs to run active content on your computer?” For this scenario, you can safely ignore this warning and click Yes.

  4. This brings up the File Download – Security Warning dialog box that will as you Do you want to run or save this file?. Click Run

  5. This brings up the Internet Explorer – Security Warning dialog box that will as you Do you want to run this software. The software name will be Setup.exe Click Run.

  6. This brings up the Certificate Lifecycle Manager setup wizard. On the welcome dialog box, click Next.

  7. From the End-User License Agreement dialog box, after reading the Microsoft Software License Terms, select I accept the terms in the license agreement box and then click Next.

  8. From the Product Key dialog box, enter your product key and click Next.

  9. From the Custom Setup dialog box, leave the defaults and then click Next.

  10. From the Virtual Web Folder dialog box, leave the default of Clm for the virtual folder and then click Next.

  11. From the Ready to install Certificate Lifecycle Manager dialog box, click Install.

  12. When the installation is complete, click Finish.

Running the Configuration Wizard

The following steps show how to configure CLM FP1 on the new restoration server.

To run the Configuration Wizard

  1. Log on to the CLMNEW.fabrikam.com Server as Administrator

  2. On the CLMNEW server, go to Start, select All Programs, click Microsoft Certificate Lifecycle Manager , and then click Configuration Wizard.

  3. From the Welcome dialog box, click Next.

  4. From the Certificate Authority dialog box, leave the defaults and then click Next.

  5. From the SQL Server dialog box, leave the default of (local) and then click Next.

  6. From the Database dialog box, leave the defaults and then click Next.

  7. From the Active Directory dialog box, leave the defaults and then click Next.

  8. From the CLM Agent Accounts dialog box, clear the Use the CLM default settings check box and then click Custom Accounts. This brings up the Agents – Microsoft CLM window.

  9. On the CLM Agent tab, enter clmAgent for the User Name. In the Password and Confirm Password boxes, type Pass1word$. Select the Use an existing user check box.

  10. On the Key Recovery Agent tab, enter clmKRAgent for the User Name. In the Password and Confirm Password boxes, type Pass1word$. Select the Use an existing user check box.

  11. On the Authorization Agent tab, enter clmAuthAgent for the User Name. In the Password and Confirm Password boxes, type Pass1word$. Select the Use an existing user check box.

  12. On the CA Manager Agent tab, enter clmCAMngr for the User Name. In the Password and Confirm Password boxes, type Pass1word$. Select the Use an existing user check box.

  13. On the Web Pool Process Worker Agent tab, enter clmWebPool for the User Name. In the Password and Confirm Password boxes, enter Pass1word$. Select the Use an existing user check box.

  14. On the Enrollment Agent tab, enter clmEnrollAgent for the User Name. In the Password and Confirm Password boxes, type Pass1word!. Select the Use an existing user check box.

  15. Click OK. On the CLM Agent Accounts dialog box, click Next.

  16. From the Certificates dialog box, leave the defaults for the certificate templates and then select Create and configure certificates manually. Click Next.

  17. From the E-mail dialog box, leave the defaults and then click Next.

  18. From the Summary dialog box, review the configuration and then click Configure.

    Note

    This brings up a dialog box that displays the following message: “CLM virtual IIS directory is currently not configured to require communication over a secure channel (SSL). It is strongly recommended to configure CLM virtual IIS directory to require secure channel (SSL). To perform the configuration, click OK. To return to the configuration wizard, click Cancel.” You can safely ignore this message and click OK.

  19. When the configuration is complete, click Finish.

Restoring the CLM FP1 database to the new server

The following steps show how to restore the CLM FP1 database.

To restore the CLM FP1 database

  1. Log on to CLMNEW.Fabrikam.com as Administrator

  2. Click Start, select All Programs, select Microsoft SQL Server 2005 and then click on SQL Server Management Studio. This starts SQL Server Management Studio.

  3. On the Connect To Server dialog box that opeeens, leave the defaults and then click Connect.

  4. On the left, expand CLMNEW (SQL Server 9.0.4035 – Fabrikam\Administrator), and then expand Databases.

  5. Under Databases, right-click on CLM, select Tasks, select Restore, and then select Database This brings up the Restore Database - CLM dialog box.

  6. On the Restore Database – CLM dialog box, under Destination to Restore, verify that To database is set to CLM.

  7. On the Restore Database – CLM dialog box, under Specify the source and location of backup sets to restore, select From device and then click the box. This brings up the Specify Backup window.

  8. On the Specify Backup dialog box, verify that Backup media is set to File and then click Add.

  9. From the tree view, navigate to the CLMBackup folder and then select CLM.Bak. Click OK.

  10. On the Specify Backup dialog box, click OK.

  11. On the Restore Database – CLM dialog box, under Select the backup sets to restore, select the check box, under Restore, next to CLM-Full Database Backup, and then click OK.

  12. On the Restore Database – CLM dialog box, on the left, select Options.

  13. On the Restore Database – CLM dialog box, under Restore Options, select Overwrite the existing database.

  14. On the Restore Database – CLM dialog box, at the bottom of the dialog box, click OK.

  15. When the restore completes, a dialog box appears that displays the message “The restore of database ‘CLM’ completed successfully.” Click OK.

  16. Close SQL Server Management Studio.

    Note

    For additional information, including best practices for restoring a SQL Server 2005 database, see How to: Restore a Database Backup (SQL Server Management Studio).

Restoring the CLM Agent key

The following steps show how to restore the CLM Agent key.

To restore the CLM Agent key

  1. Log on to the CLMNEW.Fabrikam.com as Fabrikam\clmAgent.

  2. Click Start, select Run, and then type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File, and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in dialog box, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates and then click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in dialog box, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and then select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM Agent certificate, select All Tasks, and then click Import This brings up the Certificate Import Wizard.

  11. On the Welcome to the Certificate Import Wizard dialog box, click Next.

  12. On the File to Import dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  13. Under the Files of type drop-down, select Personal Information Exchange (*.pfx;*.p12) and then select clmAgentCert.pfx from the top. Click Open.

  14. On the File to Import dialog box, verify the File name and then click Next.

  15. On the Password dialog box, type Pass1word$ and then click Next. Leave the other options cleared.

  16. On the Certificate Store dialog box, verify Place all certificates in the following store is selected, verify that under Certificate Store: Personal is selected, and then click Next.

  17. On the Completing the Certificate Import Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  18. The dialog box displays the message “The Import was successful.”The Import was successful Click OK.

  19. Close Console1.

  20. Log off CLMNEW.fabrikam.com.

Restoring the CLM KR Agent key

The following steps show how to restore the CLM KR Agent key.

To restore the CLM KR Agent key

  1. Log on to the CLMNEW.Fabrikam.com as Fabrikam\clmKRAgent.

  2. Click Start, select Run, and then type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File, and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in dialog box, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates, and then click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in dialog box, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and then select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM Agent certificate, select All Tasks, and then click Import. This brings up the Certificate Import Wizard.

  11. On the Welcome to the Certificate Import Wizard dialog box, click Next.

  12. On the File to Import dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  13. Under the Files of type drop-down, select Personal Information Exchange (*.pfx;*.p12) and then select clmKRAgent.pfx from the top. Click Open.

  14. On the File to Import dialog box, verify the File name and then click Next.

  15. On the Password dialog box, type Pass1word$ and then click Next. Leave the other options cleared.

  16. On the Certificate Store dialog box, verify that Place all certificates in the following store is selected, verify that under Certificate Store: Personal is selected, and then click Next.

  17. On the Completing the Certificate Import Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  18. The dialog box displays the message “The Import was successful.”The Import was successful. Click OK.

  19. Close Console1.

  20. Log off CLMNEW.fabrikam.com.

Restoring the CLM Enrollment Agent key

The following steps show how to restore the CLM Enrollment Agent key.

To restore the CLM Enrollment Agent key

  1. Log on to the CLMNEW.Fabrikam.com as Fabrikam\clmEnrollAgent.

  2. Click Start, select Run, and then type mmc in the Open box. Click OK. This brings up an MMC console named Console1.

  3. On the Console1 dialog box, at the top, click File, and then select Add/Remove SnapIn. This brings up the Add/Remove Snap-in dialog box.

  4. On the Add/Remove Snap-in dialog box, click Add. This brings up the Add Standalone Snap-in dialog box.

  5. On the Add Standalone Snap-in dialog box, select Certificates and then click Add. This brings up the Certificates snap-in dialog box.

  6. On the Certificates snap-in dialog box, under This snap-in will always manage certificates for, select My user account and then click Finish.

  7. On the Add Standalone Snap-in dialog box, click Close.

  8. On the Add/Remove Snap-in dialog box, click OK.

  9. On the Console1 dialog box, expand Certificates, expand Personal, and then select Certificates.

  10. On the Console1 dialog box, on the right, under Issued To, right-click the CLM Agent certificate, select All Tasks, and then click Import. This brings up the Certificate Import Wizard.

  11. On the Welcome to the Certificate Import Wizard dialog box, click Next.

  12. On the File to Import dialog box, click Browse and then navigate to the CLMBackup folder that was created previously.

  13. Under the Files of type drop-down, select Personal Information Exchange (*.pfx;*.p12) and then select clmEnrollAgent.pfx from the top. Click Open.

  14. On the File to Import dialog box, verify the File name and then click Next.

  15. On the Password dialog box, type Pass1word$ and then click Next. Leave the other options cleared.

  16. On the Certificate Store dialog box, verify Place all certificates in the following store is selected, verify that under Certificate Store: Personal is selected, and then click Next.

  17. On the Completing the Certificate Import Wizard dialog box, click Finish. This initiates the export and causes a dialog box to appear.

  18. The dialog box displays the message “The Import was successful.” Click OK.

  19. Close Console1.

  20. Log off CLMNEW.fabrikam.com.

Restoring the CLM FP1 configuration files

The following steps show how to back up the configuration files.

To restore the CLM FP1 configuration files

  1. Log on to CLMNEW.Fabrikam.com as Administrator.

  2. Navigate to directory where the CLMBackup folder was copied over.

  3. Replace the following files in the table below. Copy the configuration files from the CLMBackup folder where Certificate Lifecycle Manager is installed.

Table 5 Required CLM FP1 Configuration Files to Restore

File Name Default location

Web.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\web\

Microsoft.CLM.service.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Microsoft.CLM.Config.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Microsoft.Clm.PrintServer.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

ClmUtil.exe.config

drive:\Program Files\Microsoft Certificate Lifecycle Manager\bin\

Testing the new installation

At this point the database has been successfully migrated to the new server. You can log on to the new instance of CLM and verify that information from the old database is present. Be sure to add the new CLM URL to your trusted sites in Internet Explorer.