question

edmondlo avatar image
0 Votes"
edmondlo asked LimitlessTechnology-2700 answered

Migrating CA role to new server and unable to import backed up certiticate

Hi there,

We are in the process of migrating the Certificate Authority from a Win 2012 server to a Win 2022 server. I went through the steps of backing up the cert and database from the old server, removed the CA role also (pending reboot). Next I installed the CA role on the new 2022 server and when I tried to import the existing certificate I received the error.

192016-image.png




Active Directory Certificate Services setup failed with the following error: Cannon find object or property.
0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)

Now I am kind of stuck. Worst come to worst, I will reboot the old Win 2012 server and reinstall the CA role and restore the cert and the DB. But any one has any idea what the error actually means please?

Thanks.

windows-server-security
image.png (8.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crypt32 avatar image Crypt32 ·

Have you backed up and restored CA configuration? It would be helpful if you provided your steps you followed to migrate CA and reference article you used.

0 Votes 0 ·

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi Edmondlo,

This error indicates that certreq was unable to find a related request object in the Certificate Enrollment Requests node in the certificate store.

In addition, I would suggest checking whether the public key in the certificate request matches the one in the issued certificate. You can use certutil -dump file.req command to dump request file (there will be public key) and cerutil -dump cert.cer to dump issued certificate and compare public keys. Do the same for each object in the Certificate Enrollment Requests node in the certificate store (focused on Local Machine context) to find request object with matching public key.


I hope this answers your question.


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.