I had to move my CA from a DC 2003 server to a DC 2003 server. Everythign seems successful except for the certificate templates. I get a "Template information could not be loaded. Element not found." When restarting the Cert Services I also get the following:Event Type: ErrorEvent Source: CertSvcEvent Category: NoneEvent ID: 44Date: 1/20/2006Time: 2:09:43 PMUser: N/AComputer: xxxxxxxxxDescription:The "Windows default" Policy Module "Initialize" method returned an error. Element not found. The returned status code is 0x80070490 (1168). Certificate Services could not find required Active Directory information

The "new" CA computer must have:- the same NetBIOS name- the same domain membershipThere is no supported way to "move" the CA from one DC to another.In fact, it is recommended to "not" install Certificate SErvices on a DC for this very reasonBrian

Hello, Yes, Brian is right. Please make sure that migration is supported according to the Microsoft Knowledge Base article 298138: How to move a certification authority to another server http://support.microsoft.com/kb/298138 To the particular Event 44 Certsrv "Element not found" error, please check the following 1. Verify the "Authenticated Users" have Read Permissions to the following location: "cn=Certificate Templates,cn=Public Key Services,cn=Services,cn=Configuration,dc=<Domain Component>,dc=<Domain Component>"283218 A Certification Authority Cannot Use a Certificate Templatehttp://support.microsoft.com/default.aspx?scid=kb;EN-US;283218 2. Check whether there is a pKIEnrollmentService Object at the following location:"cn=<CA Name>,cn=Enrollment Services,cn=Public Key Services,cn=Services,cn=Configuration,dc=<Domain Component>,dc=<Domain Component>"If you are missing this AD Object then follow the below steps:a) Right clicked on "CN=Enrollment Services" then selected "New" then "Object"b) We selected the object class of: "pKIEnrollmentService"c) For Attribute "cn" we gave it the name of the Certification Authority then clicked "Next"d) Then clicked on "Finish"e) We then Right clicked on the new "pKIEnrollementService" object and selected "Properties" i. cACertificateDN= This from the "Subject" field the the CAs Certificate. ii. cACertificate - We got the information for this attribute by looking at another object that had the field defined within Active Directory. You can look at the following location for the CA Certifcate Object: "cn=<CA Name>,cn=Certification Authorities,cn=Public Key Services,cn=Services,cn=Configuration,dc=<Domain Component>,dc=<Domain Component>" iii. displayName = "<CA Name>" - We named this the same as the CAs name. iv. dNSHostName = The Servers DNS name. v. flags = See NOTE belowNOTE: The Flags attribute needs to be configure for the Type and OS version of the CA. Here are basically the different valid flags settings: Enterprise CA running on Standard Edition of the Operating System: "2"Enterprise CA running on Enterprise Edition of the Operating System: "10"Standalone CA running on Standard Edition of the Operating System: "5"Standalone CA running on Enterprise Edition of the Operating System: "9"f) Make sure that the CA's computer object has Full Control to this object via the Security Tab.g) We then clicked OK.Hope it helps. If you have any questions or concerns, please do not hesitate to let me know.

I have the same problem. I inherited a network with the CA on a DC. Now I can't demote the DC becuase it has the CA.What does one do in this situation? Start another CA on a member server and get the network to start using that CA?Thanks.

If you wish to remove the CA, then you must ensure that all certificates in use that were issued by the CA are replaced.May be time to re-evaluate your PKI and maybe follow best practices, rather than just "setting up another CA"www.microsoft.com/pki and look for the BEst Practices whitepaper.Brian

Miles Li, you are my friggin hero. This worked like a charm to resolve my Event 44 "Element not Found" error. Seriously dude, how do I buy you a lifetime supply of your favorite beer. You saved my keester bigtime.

Miles Li, you are my friggin hero. This worked like a charm to resolve my Event 44 "Element not Found" error. Seriously dude, how do I buy you a lifetime supply of your favorite beer. You saved my keester bigtime.

Miles Li - that works. You are awesome

Hi, I am also having this issue, in my case certificate templates was not their so i was unable to download the certificate for Exchange 2010 as Web Server Template from my Internal CA, and i created the ADSI edit missing attributes as "Miles Li" told and also manually added the Template names under "Certificate Templates" in Enrolement Services>PKIEnrolementService. After Restarting the service i successfully downloaded the cert and installed into Exchange but now in Exchange it shows as "The certificate service could not be determined because the revocation check failed". I then found in ADSIEdit under CN=Public Key Services>CN=Certification Authorities there is no object exist. Could this be the culprit and how can i create the missing one in CN=Certification Authorities Miles appreciate your help :) Regards, Kanishka