Hello, Don't now if this is the correct forum, We got a CA in a windows 2003 cluster (in one node), after virtualization, no one moved the CA to a new machine, the CA was issuing certificates to 3 or 4 IIS intranet aplications, now DC's keep logging DCOM errors not seeing the CA, and the web pages of the intranet ask for a certificate. The old certificate expires in about 2 months. We tried to create a new CA, but it doesn't let us to make a root CA, we think because the references to the old one are still there, I've read a lot about, but everything I see is migrate an existing CA, but what can we do if that CA doesn't exist so long. We tried to remove CA references on AD manually in a pre-production enviroment but it doesn't work, we tried te gave de same name to the new CA (with no hope obviusly) didn't work. Any ideas?

Hello, to remove a not longer existing CA see: http://support.microsoft.com/kb/555151 Maybe helpful: http://support.microsoft.com/kb/889250 For IIS related parts you should use the IIS forum: http://forums.iis.net/ And for more detailed questoins about the CA use the security forum instead this one; http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Thanks a lot, the first link seems very helpful, the second one is the procedure that we tried and I didn't work, I think because the CA doesn't exist no longer, I will post my problem in the security forum, thanks a lot...