I am trying to perform a backup of the CA Database and Private Keys for my old SBS server before migrating to my new server running Windows Server 2019 Standard however when I run the certutil -backupkey command I receive the error "CertUtil: -backupKey command FAILED: 0x80092004 (-2146885628) CertUtil: Cannot find object or property."
Can anybody suggest how to overcome this error?
What would be the implications of not migrating the CA Database and Private Keys?
Thanks
David
Hi,
Thanks for sharing here!
For Migrating The Active Directory Certificate Service, i would recommend you follow the steps in the following link:
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674
And check if you can backup all the database successfully.
If there are still errors , please feel free to let us know.
Best Regards,
Thanks for coming back to me so quickly. I followed the steps in the link you sent me but received a similar error (see attached screenshots). I click OK after the first message and then received the error.
About the error "Cannot find object or property 0x80092004"
Following link for your reference:https://social.technet.microsoft.com/Forums/windowsserver/en-US/ea7d7a20-5d9b-46df-bf65-3cc04f02ab5b/certificate-services-backup-error-cannot-find-object-or-property-0x80092004?forum=winserversecurity
Best Regards,
I would say there is no supported way. Your private key is not allowed for export (even for backup purposes), so you can't backup it and transfer to another server. What I can suggest is to start over with brand new CA and issue certificates from new CA. Keep running existing CA until last client certificate is expired. When last certificate expired, you simply decommission old CA.Can anybody suggest how to overcome this error?
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
4 people are following this question.
