Upgrade from Classic SEG with KCD to SEGV2 with KCD.
If you are upgrading from a Classic SEG deployment, create a secondary MEM configuration for SEG V2. This is because the inputs for KCD with SEG V2 are different from that of Classic SEG. The configuration changes in SEG V2 with KCD are intended to help streamline the deployment and maintenance of SEG.
Following are the configuration changes required when upgrading from Classic SEG with KCD:
- The Require Client Certificate is defined in the advaced settings.
- The certificate chain of trust is provided in the configuration and is not stored in the Microsoft Management Console. The .pfx certificate type is supported.
- A Service Account must be used, regardless of SEG being joined to the domain. Using the computer account for Kerberos and impersonation is not supported.
- When entering domain and domain controller pairs, the domain controller needs to be explicitly provided as the Fully Qualified Domain Name (FQDN).