<div>
<div class="content wysiwyg-content">
Source server was Windows 2003 DC configured as an Enterprise CA. &nbsp;Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.<br />
<br />
I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template. &nbsp;The error was as follows:<br />
<br />
Status:Unavailable<br />
The permissions on the certificate do not allow the current user to enroll for this type of certificate. &nbsp;You do not have permission to view this type of certificate. &nbsp;<br />
<br />
Found no errors in the event log.<br />
<br />
When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did. &nbsp;I found in another document that stated to use certutil to export a list of templates however it was too late.<br />
<br />
Obviously I have missed something but what and how to I fix it without rolling back. &nbsp;The customer does not want to roll back except as a very last resort. &nbsp;I did notice the AD has a number of replication errors along with other problems. &nbsp;Any help would be greatly appreciated. &nbsp;Thanks.
</div>
</div>


Source server was Windows 2003 DC configured as an Enterprise CA.  Customer needed to move it off of the DC to Windows 2008 R2 to dcpromo the old server.

I followed all of the steps in the Technet articles and all appeared to go well, however when I tested post restore I received the following error from a client when I attempted to request a cert from a template.  The error was as follows:

Status:Unavailable
The permissions on the certificate do not allow the current user to enroll for this type of certificate.  You do not have permission to view this type of certificate.  

Found no errors in the event log.

When prepping for the migration the Technet doc stated it was sufficient to simply document with a screenshot all of the Templates which is what I did.  I found in another document that stated to use certutil to export a list of templates however it was too late.

Obviously I have missed something but what and how to I fix it without rolling back.  The customer does not want to roll back except as a very last resort.  I did notice the AD has a number of replication errors along with other problems.  Any help would be greatly appreciated.  Thanks.

Windows Certificate Authority migration from Windows 2003 to Windows 2008 fails

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.