Hello there,
As one of the first steps check the integrity of the Active Directory database file ntds.dit and see if there are any corruption.
You cannot migrate CA to another server without valid backup of all CA keys so i would suggest you to back up before the migration.
I would double-check what certificates are stored in PFX. For example, by running certutil -dump and specify the path to a PFX file.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--