This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 64%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I was attempting to migrate AD certificate services from a WS2008 R2 domain controller; I exported the old AD CS information as described in this article: https://argonsys.com/microsoft-cloud/library/step-by-step-migrating-the-active-directory-certificate-service-from-windows-server-2008-r2-to-2019/
I had to remove ADCS in order to demote the old domain controller.
Then I stood up a new WS2016 server to become the new AD CS server, installing AD CS on it, but when I go to configure the new CA by importing the old certificate/private key, the wizard displays a strange error message having no text!:
There are also a warning and an error logged in the event log under certificate-services-deployment operational log:
Log Name: Microsoft-Windows-CertificateServices-Deployment/Operational
Source: Microsoft-Windows-CertificateServices-Deployment
Date: 6/24/2021 6:13:14 PM
Event ID: 104
Task Category: Exceptions
Level: Error
Keywords:
Description:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.PowerShellCommandExecutor.Execute(Command command, IPowerShellEngine powerShellEngine, IRehydrator rehydrator)
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.CAPSHProviderContext.Validate()
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.Operations.SetExistingCertificate.Execute(ExistingCertificateParameters parameters)
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.DeploymentWizard.CA.ViewModels.ExistingCertificate.ExistingCertificateViewModel.Validate()
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServices-Deployment" Guid="{B2D1F576-2E85-4489-B504-1861C40544B3}" />
<EventID>104</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-06-25T01:13:14.655281500Z" />
<EventRecordID>294</EventRecordID>
<Correlation ActivityID="{FB511EAF-6948-0000-0B7E-51FB4869D701}" />
<Execution ProcessID="4464" ThreadID="4036" />
<Channel>Microsoft-Windows-CertificateServices-Deployment/Operational</Channel>
</System>
<EventData>
<Data Name="Prop_UnicodeString">Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.PowerShellCommandExecutor.Execute(Command command, IPowerShellEngine powerShellEngine, IRehydrator rehydrator)
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.CAPSHProviderContext.Validate()
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.Provider.CA.Operations.SetExistingCertificate.Execute(ExistingCertificateParameters parameters)
at Microsoft.CertificateServices.ServerManager.DeploymentPlugIn.DeploymentWizard.CA.ViewModels.ExistingCertificate.ExistingCertificateViewModel.Validate()</Data>
</EventData>
</Event>
Log Name: Microsoft-Windows-CertificateServices-Deployment/Operational
Source: Microsoft-Windows-CertificateServices-Deployment
Date: 6/24/2021 6:13:14 PM
Event ID: 103
Task Category: Deserialization
Level: Warning
Keywords:
Description:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServices-Deployment" Guid="{B2D1F576-2E85-4489-B504-1861C40544B3}" />
<EventID>103</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>2</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2021-06-25T01:13:14.655094600Z" />
<EventRecordID>293</EventRecordID>
<Correlation ActivityID="{FB511EAF-6948-0000-0B7E-51FB4869D701}" />
<Execution ProcessID="4464" ThreadID="4036" />
<Channel>Microsoft-Windows-CertificateServices-Deployment/Operational</Channel>
</System>
<EventData>
<Data Name="Prop_UnicodeString">Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException:
Microsoft.CertificateServices.Deployment.Common.CA.CertificationAuthoritySetupException</Data>
</EventData>
</Event>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
Would you please tell did you assign the same CA name as before?
Before you install the ca service on the new server, did you remove the old one from the domain?
For the CA migration, you can refer to the following link:
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn486805(v=ws.11)
Best Regards,
Yes, same CA name as before, I did uninstall AD CS prior to the decommission of the OLD server also.
The link provided gives a 404 page not found error.
