We have a single CA server in a domain that was upgrade to Windows Server 2012 last year, and this year we're looking to replace it with a Windows Server 2012 R2 server.
However, in the process of backing up the CA we receive the following error
Windows cannot back up one or more private keys because the CSP does not support key export. Do you want to continue and back up only the private keys that can be exported.
I have found a CA backup from the last time this was performed, but we don't know the password used to protect the private key.
Are there any options outside of completely uninstalling certificate service from this domain and starting over from scratch?