I had a working two-tier certificate services solution with a 2008 standard CA and a 2008 enterprise Sub-CA. I have managed to break this by attempting to uninstall and decommission both and setup just a single tier solution on what was the Sub-CA. I went thru the decommissioning procedure I found on technet and removed the Roles from both servers, the cert datbases and all of the certificates (I think). Then on the 2008 Ent server I attempted to add back the Enterprise CA role. However, the installation fails with errors. When I look in the log file, there are multiple sections with "ccertsrvsetup: GetExistingCACertificates". Each of these generates an error "A certificate chain could not be built to a trusted root authority". The details show it is trying to retrieve CA and SubCA certs from my old infrastructure. I'm trying to create a new CA so I don't know why it is trying to use the old ones. Any ideas on how to get out of this mess I've created?

Make sure you have deleted the old CA certificate, you can check and delete it using the command: certutil -viewdelstore my Make sure you have not deleted any necessary objects in AD, just check KB938613 http://support.microsoft.com//kb/938613 and recreate any missing containers and objects /Hasain