CA does not issue any more certificates after a restauration: "CertificationAuthority EventID 44" ( I am stuck)

Hello,

      I backed up my CA, and then, I restored it in another DC. I had to remove the first CA, that is why I backed it up, and then I restored it. Ever since then, the new CA is unable to issue certificates.

     The old CA was in a 2008 Enterprise SP2, the new one, a 2008 R2 .

     Maybe this is important: The old DC (containing the old CA) was deleted from my hard disk (VMWare file), so, I later removed the DC1 object from the GUI "Active Directory Users", but prior to removing the old DC from the hard disk I moved the 5 FSMOs to the new DC without any issues, I checked this.

     When I restored the CA in the new DC, it looked fine, no problem appeared in the GUI. My fault, I should have checked the even viewer.

    I have tried several steps when I researched about this issue:

From then new DC containing the new CA:

1. in ADSI Edit, the ldap path: "CN=NTAuthCertificates, CN= Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=eu , exists .

2. Someone in another thread advised me to write this command:

"certeutil -viewstore ldap:///CN=NTAuthCertificates, CN= Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=eu"

But I get this message error: "Certutil: The system cannot open the device or file specified."

3. I was advised to do this also: "nltest /sc_verify:mydomain.eu" , getting again a error message: "I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN." , but I read somewhere that this is normal if the command is run from a DC.

4. The following command: "certutil -getreg CA\CACertPublicationURLs" is supposed to tell you where your certificate file is, but I can't understand the output, the result of this command.

5.Following another Microsoft article on this "CertificationAuthority EventID 44" issue, I was told to change permissions in many folders and files on the ADSI Edit path I pointed out above ( CN= Public Key Services,CN=Services,CN=Configuration,DC=mydomain,DC=eu ) , but there is no positive result either.

My guess is that I have to clean the metadata for the old DC removed, but I thought this was necessary in 2003, and not in 2008 if you removed the object from "Active Directory users" mmc.

Thanks in advance!

Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)