Moved CA generating errors

Greetings:

I recently went through the process of moving a Certificate Authority
from one physical server to another. The basic process (since it was
running on a Domain Controller) was to backup the registry and CA on
server1(the old server). Demote and remove from service server1. I
then renamed a domain controller server2 to server1 and performed a
restore of the CA and imported the registry keys.

The major problem I encountered (which was not covered in the articles)
was on the original server1 the system_root was c:\winnt as it was an
upgrade machine. Server2 (which was renamed to server1) was an original
2003 install and thus its system_root was c:\windows. This caused many
problems but I was able to overcome it by installing the CA to C:\winnt
when I ran through the custom install.

The CA is up and running and issuing certificates to the enterprise,
however, I get the following Event ID 10 times:

Source: CertSvc
Category: None
Event ID: 66
Description:
Certificate Services could not publish a Delta CRL for key 0 to the
following location: c:\WINNT\system32\CertSrv\CertEnroll
\blahCAname+.crl. The directory name is invalid. 0x8007010b
(WIN32/HTTP:267).

After 10 of these I get this event:

Source: CertSvc
Category: None
Event ID: 67
Description:
Certificate Services made 10 attempts to publish a CRL and will stop
publishing attempts until the next CRL is generated.

I have followed the process of moving the CA back into the windows
directory by modifying the registry key HKLM\SYSTEM\CurrentControlSet
\Services\CertSvc\Configuration and changing all paths to C:\Windows,
however I cannot find where to change the CRL publish path from C:
\WINNT. This has to be something from the import of the old CA from the
original server1.

Any help would be much appreciated and TIA.

Tim

Articles used during my migration: 555012 and 298138
.

Relevant Pages

  • Re: Not able to create user/ group accounts in Exchange server
    ... Server1 is the current domain controller. ... Event String: The attempt to establish a replication link ...
    (microsoft.public.exchange2000.active.directory.integration)
  • Re: Cannot add a second domain controller.
    ... > a second domain controller, by running DCPROMO, I kept ... > I checked DNS on Server1 and found that all services are not ... I have no idea how to go about installing the ... I cannot rebuild Server1 as it is the only domain ...
    (microsoft.public.win2000.dns)
  • Help with Domain Controller Security Policy
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.win2000.active_directory)
  • Domain Controller Policy problem in details
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.windows.server.general)
  • Help with Domain Controller Security Policy
    ... Now whenever I go into "Domain Controller Security ... Policy" the only thing I have access to in "Security Settings" is Public Key ... the "Local Polices" which contains User Rights Assignment nor does it shows ... (Server1 or Server2) ...
    (microsoft.public.windows.server.setup)