Have migrated CA certification from 2003 server to 2012. Follow up article http://blogs.technet.com/b/meamcs/archive/2012/03/27/migrating-windows-2003-enterprise-certificate-authority-to-windows-2008-r2-based-ca.aspx
, that basically have me export CA data and registry, then install the CA on the 2012 server and import the data and registry configuration. After this was done I couldn't first setup WEB enrollment but then found article that have me change registry entry to allow it to install.
At this point thought all went fine but then I start showing errors 75 and 74
Active Directory Certificate Services could not publish a Base CRL for key 1 to the following location on server : ldap:///CN=************(1)
=Public Key Services,CN=Services,CN=Co
. Directory object not found. 0x8007208d (WIN32: 8333).
ldap: 0x20: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
c Key Services,CN=Services,CN=Co
Found some articles that's talk about permission on services in AD site and services nodes. Seems this wasn't an issue in my case as all entries were there.
Now errors still pop up so I tried to Renew CA certificate from the certification authority snap console and that's issued 103 id warning that the AD services added the root certificate to chain 2 to the downloaded Trusted Root Certification Enterprise Authorities store on CA computer.
After this the errors 75 and 74 stop showing up in the log. When I look up the MS CA certification WEB services I now see two CA certificate: Current [CA(2)] and Previous [CA(1)]
I don't know how to get ride off the previous one. Or question should be Can I get ride of the one that has name Previous CN (1). Would currently issued certificates worked if that happen?