CA migration from 2003 to 2012 server

Have migrated CA certification from 2003 server to 2012. Follow up article http://blogs.technet.com/b/meamcs/archive/2012/03/27/migrating-windows-2003-enterprise-certificate-authority-to-windows-2008-r2-based-ca.aspx, that basically have me export CA data and registry, then install the CA on the 2012 server and import the data and registry configuration.  After this was done  I couldn't first setup WEB enrollment but then found article that have me change registry entry to allow it to install.
 At this point thought all went fine but then I start showing errors 75 and 74
Active Directory Certificate Services could not publish a Base CRL for key 1 to the following location on server : ldap:///CN=************(1),CN=Kaydc2,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=kay,DC=***********,DC=com.  Directory object not found. 0x8007208d (WIN32: 8333).
ldap: 0x20: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
      'CN=Kaydc2,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=***,DC=*****,DC=com'


Found some articles that's talk about permission on services in AD site and services nodes. Seems this wasn't an issue in my case as all entries were there.
Now errors still pop up so I tried to Renew CA certificate from the certification authority snap console and that's issued 103 id warning that the AD services added the root certificate to chain 2 to the downloaded Trusted Root Certification Enterprise Authorities store on CA computer.
After this the errors 75 and 74 stop showing up in the log. When I look up the MS CA certification WEB services I now see two CA certificate: Current [CA(2)] and Previous [CA(1)]
I don't know how to get ride off the previous one. Or question should be Can I get ride of the one that has name Previous CN (1). Would currently issued certificates worked if that happen?

Thanks
dtech39Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

x278384Commented:
I suggest that you could only backup CA cert and DB, then try to restore the CA cert during new CA installing wizzard. At last Restore the DB file.

I tried that once without export the REG, I think you could try first in your VM ENV.
That works for me, btw my new CA server has the same name with the old ca server.
dtech39Author Commented:
Name its different from the old server. Any suggestions for that?
dtech39Author Commented:
Ok I think I did resolve the issue by uninstalling the CA service and cleanup AD and reisntalling it and restoring CA withut the registry per Microsoft article.

Now there is still the certificate (0) expired error logged on the CA AD log:

A certificate in the chain for CA certificate #0 for *********** has expired.  A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495).

Any ideas of how to get ride of that certificate #0 as it seems not beign use as the #1 its the old one that is still valid and the 0 one was a lefover from previous systems.

Thanks

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dtech39Author Commented:
Follow up article on Ms for cleanup AD after uninstalling CA from old server. Also the registry modification wasn't necessary.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software

From novice to tech pro — start learning today.