Sorry in advance if this is covered elsewhere
I migrated a client's CA from a Windows 2003 server to a Windows 2008 R2 server following the technet AD CS Migration article found here ...http://technet.microsoft.com/en-us/library/ee126140%28v=ws.10%29.aspx
Things of note:
- The new CA has a different name (modified the registry entry for CAServerName as specified in Migration Guide)
- The new CA does NOT have Web Enrollment installed (so I did NOT import CACertPublicationsURLS and CRLPublicationsURLs during the registry restore)
- Their AD has some things left over from previous installations and servers which I will point out below
- The new CA is issuing certs .... user autoenrollment to get a Client Authentication certificate for a Computer account.
Errors and Issues:
Enterprise PKI shows unable to download the following from http://<servername>/CertEnroll/
- AIA Location #2
- DeltaCRL Location #2
- CDP Location #2
In ADSI Edit
- Configuration > Configuration > Services > Public Key Services > AIA has another certificationauthority listed that is for an old server long removed
In AD Sites and Services
- Services > Public Key Services > AIA has a second certification authority (same as above found in ADSI edit ... assuming same thing)
- Services > Public Key Services > CDP there are two extra containers, one for the old CA I migrated from and another for the old server mentioned above
Questions:
- Can I just delete these?
- Are there other places I need to look to remove things?