Windows Certificate Authority migration from Windows 2003 to Windows 2008 fails
Posted on 2014-12-12
Source server was Windows 2003 DC configured as an Enterprise CA. Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.
I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template. The error was as follows:
The permissions on the certificate do not allow the current user to enroll for this type of certificate. You do not have permission to view this type of certificate.
Found no errors in the event log.
When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did. I found in another document that stated to use certutil to export a list of templates however it was too late.
Obviously I have missed something but what and how to I fix it without rolling back. The customer does not want to roll back except as a very last resort. I did notice the AD has a number of replication errors along with other problems. Any help would be greatly appreciated. Thanks.