I've taken over the support role in an enterprise environment. My predecessor started to setup a PKI infrastructure and never completed his roll out. What I know I have: VM Offline image of an Enterprise Root CA with only 6 years remaining on Lifespan Online Enterprise CA Errors in PKIVIEW relating to AIA and CRL locations. They point to invalid URLs. As far as we know there was nothing using the PKI infrastructure however I do see certificates that were handed out (most are expired or nearing expiration). What would be the best way to just tear all of this out and start over. Or should I start over and repair all of the problems?

I have one problem with pushing CDP/AIA to web servers which are public and private. The only servers that exist that meet those roles are Domino servers not running IIS.

Ok.. so I'm following: (http://support.microsoft.com/kb/889250/en-us ) to remove from the domain. And during Step #6 I'm getting an error while trying to re-import the output.ldf file that it makes. It's telling me error in line 4, the last token starts with 'd'. This is kind of confusing, and I don't want to leave traces behind. One other thing. How can I be sure there's nothing left behind from the previous person trying to do this? At one point I saw other CA's listed with our domain name, however they aren't listed anywhere else.

So all boxes in PKIVIEW need to be blank? I've got items in NTAuthCert, AIA container, and Cert Authories Container. Is there any way to see if there are any other CA's running on our network other than the ones documented?