When old CA was not correctly decomissioned
You can check for all CA in domain by Running the following command from a CMD prompt: “certutil -config – -ping” it will prompt you with all the CA available in the organisation.
To remove from domain Open PKIView.msc, right-click on root node and select Manage AD Containers. Go through all tabs and remove items related to old CA. I have used this on Windows 2008 Server.
Categorised as: Microsoft, Networking, Server OS
Leave a Reply
You must be logged in to post a comment.