Problem with certificates after Issuing CA move to new server
Posted on 2009-04-14
Currently I'm having an issue with a recently moved certificate services install. The details for this CA are:
-Offline Root with Enterprise CA running Win2K3 R2 Enterprise.
-A simple domain structure with multiple DC's. No trusts involved.
-Several certificate have been issued...all via AutoEnrollment.
-The original issuing CA had to be retired (old server) so I moved the issuing CA to a new server (actually a VM running on ESX).
-Domain controllers and RADIUS servers have also been moved to new hardware. Server have been renamed in all cases to match new naming convention.
-I've followed all published Microsoft procedures for this move.
-Some certificates that were issued contain the name of a an old domain controller in the certificate request attributes cdc.
-It is these certificates that are having a problem authenticated users/devices.
RADIUS is setup and working properly. I think the issue is the certificate request attribute. Is there any way to change this without reissueing a new certificate? What is the recommended or best practice method for resolving this for all issued certificates?
Thanks for your help.