Hi all, I have some problems regarding the PKIView between 2003 and 2008 only with the LDAP CDP and AIA extensions. First the environment: Offline Root (2003) - Offline Policy (2003) - Issuing 2003 (old) and second Issuing 2008 (new) The issuing 2008 CA has been recently deployed. The forest has serveral domain controllers and for some reason in the initial setup (which I have not done) the CDP and AIA LDAP-locations have been configured like : ldap://directory.domain.com/CN=%%7%%8,CN=%%2,CN=CDP,CN=Public Key Services,CN=Services,%%6%%10 where the name directory.domain.com is listed in DNS as A records (one for every domain controller) the idea behind was (I think) to have all domain controllers setup. .... instead of using the ldap:/// (three slashes which means nearest domaincontroller by site) .... The problem is: a) it is not possible to publish CRLs to that ldap location from the old CA, has to be done manually by certutil. but b) the 2003 PKIView and clients says Download OK from that A-Entry Ldap Point but not the 2008 PKIView from Servermanager, it says unable to download. Can someone explain that bahavior ? btw: in the new CA I changed the LDAP path to the correct LDAP:/// , I cannot do so in the old because of thousands of certificates already deployed :) Many thanks for reading all this and all input. Christoph Gre, Christoph

It seems the LDAP path is not correct as it should be the CA computer account's distinguished name.