We have a 3rd party application that can only handle a single issuing CA but that CA needs to be highly available. There are several good resources online for ADCS, Clustering ADCS, and Two-Tier PKI hierarchy deployment with an Offline Root CA. Unfortunately I have not been able to get everything working harmoniously and need some assistance. In addition, I am trying to use both nodes of the cluster to host the CDP and AIA location files.
Link 1 (below) is for ADCS Clustering from Microsoft but it omits quite a bit of configuration information, like the CAPolicy.inf, post configurations of the CAs. Link 2 (below) is a good test lab guide on "Deploying an AD CS Two-Tier PKI Hierarchy" but lacks the clustering aspect.
One of the most confusing sections is understanding the names in the cluster. For example, there are three server host names and ip addresses (offline root, cluster node 1, and cluster node 3) as well as the Cluster node name, cluster name, service name, and CA name. The cluster itself also requires two IPs. Can anyone help simplify the process and help explain the order of operations in creating a clustered two-tier PKI hierarchy with an offline root CA?
*So I can't add links yet so here is the majority of link 1 & 2.
Link 1
social.technet.microsoft.com/wiki/contents/articles/9256.active-directory-certificate-services-ad-cs-clustering.aspx
Link 2
technet.microsoft.com/en-us/library/hh831348.aspx?f=255&MSPPError=-2147217396