I have CA1 and this server needs to be removed this server also hosts other roles so i cant migrate the CA role So i did the following: 0. let my domain joined windows 7 machine get a certificate from CA1 1 create new server CA2 and install CA Ent role 2 run the CA wizard with the new server name/common name etc CA2 3 remove all templates from CA1 (from Certificate Template container NOT the certificate templates console) 4 I have enabled the GPO - Automatic certificate request settings with Computer certificate 5 i have enabled GPO - certificate services client auto enrollment 6 reboot the windows 7 machine but im not getting a computer certificate *reenrollment for cert holders option on the Computer certificate is not available because its unsupported not a v2 template? How can i enforce the clients to get a new cert from the CA2 ?

Seems like a simple answer would be to duplicate the v1 template, make the new template v2, list the v1 template in the "Superseded Templates", and force re-enrollment of the older certificates.

Seems like a simple answer would be to duplicate the v1 template, make the new template v2, list the v1 template in the "Superseded Templates", and force re-enrollment of the older certificates.