Hello, Don't now if this is the correct forum, We got a CA in a windows 2003 cluster (in one node), after virtualization, no one moved the CA to a new machine, the CA was issuing certificates to 3 or 4 IIS intranet aplications, now DC's keep logging DCOM errors not seeing the CA, and the web pages of the intranet ask for a certificate. The old certificate expires in about 2 months. We tried to create a new CA, but it doesn't let us to make a root CA, we think because the references to the old one are still there, I've read a lot about, but everything I see is migrate an existing CA, but what can we do if that CA doesn't exist so long. We tried to remove CA references on AD manually in a pre-production enviroment but it doesn't work, we tried te gave de same name to the new CA (with no hope obviusly) didn't work. Any ideas?

You probably need to reset the Active Directory computer account http://technet.microsoft.com/en-us/library/cc753596(v=WS.10).aspx Please, review Amer Kamal's blog that covers decomissioning an old CA: http://blogs.technet.com/b/pki/archive/2012/01/27/steps-needed-to-decommission-an-old-certification-authority-without-affecting-previously-issued-certificates-and-then-switching-all-operations-to-a-new-certification-authority.aspx