We have a very small domain with 10-12 users, one DC and three app servers - win2008R2, 64bit, 12GB, 1TB drives. All clients use Win7. A new months ago, while still using win2003, a server went down and I had to move our certificate server to a new server. Ever since that time we've had problems with certificates. For example: when I log into my own firewall device (https://192.168...) I get the following message: The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website was issued for a different website's address. We just bought new servers and upgraded everything to 2008R2 on 64bit servers. The only 2003 server I still have on is the certificate server. My question: Should I move the cert server again, trying to fix what is wrong with it, or just install a new certificate server on a new 2008 box and start from scratch?

it looks like the newly reappeared authority is not installed in AD Configuration catalogue as the Enterprise CA. You either dind't install it as enterprise as it previously was or some error happend. Have you also used the same computer AD account for the newly created operating system or did you deleted the previous account and created a new AD acocunt for the computer? you can try troubleshoot by using Enterprise PKI console (Windows 2008 CA server administation tools or Resource Kit 2003) ondrej.

Currently I have the old server on line. The new server I plan to move it to has a different name and IP address. I guess I'll just move it again and then try to find out what is wrong with it.

ups, this will be the cause :-) you must have the same name on the new server. follow the supported guide. http://support.microsoft.com/kb/298138/en-us o.

It is not possible to have the same name on the new server.

... then no moving existing CA... o.

Then I should just install a brand new CA? Or stop using Microsoft networking?

yes, brand new one :-) using MS networking is just the same as driving some branded car. you can always buy turbo from some chinese car and put it into your precious BMW as well as buy tractor tyres and mount them on Jaguar but in either case, I doubt it is supported or will make things better. You should buy and use things with the supported scenarios in mind. in case, you are doing things according to vendors service guides, they will work flawlessly. the vendor provides them well tested. nobody can test and guarantee everything just as with the cars. o.

Hi, If the target system is Windows Server 2008 or Windows Server 2008 R2, then it is supported to move a CA from one computer to a computer with a different host name. Performing the Upgrade or Migration http://technet.microsoft.com/en-us/library/cc742388(WS.10).aspxThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

excelent!!!