Avatar of achernob

asked on 

Problem with Microsoft Root CA

Here is the problem.  About couple months ago while troubleshooting an IAS authentication problem, one of the admins here installed a server as a Enterprise Root CA.  This was a remote server in a field office, and this should never have been done.  I think he saw the error of his ways, and quickly removed Certificate Authority Services from the server.

Fast forward now a couple months, and I need to install an Enterprise CA on a DC here, and begin issuing certificates.

Whenever I use the Certificates MMC snap in to request a certificate, the server that is displayed by the wizard as the CA to request the certificate from is the one that was built in error on a remote server and later removed, and not the correct one that I just installed at the home office.

I have a sinking feeling that the name of the CA is stored somewhere in AD, and cannot be changed (hence all the stuff about not renaming a server once it becomes a CA).  So even though Enterprise CA was removed from the server in the field, AD thinks it is still there, and there is no way for me to have those services on a server with a different name.

Am I correct in my assumption?

Is there anything I can do to correct this problem short of restoring AD from a system state prior to the installation at the remote site?

Does my question even make sense?
Windows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon