Can you tell me where in AD the enterprise CA servers are listed? I built a certificate authority server on a separate 2012 R2 VM for the local domain, and had to rebuild it. Now when I create a machine certificate for a system, I can "browse" and see the old server that no longer exists, listed as one of the choices for the CA root server in the domain to request the cert from. Where is the metadata stored on the domain controller that lists the Enterprise CA servers? I want to clean up the remnants of the first install.
I have no idea what you're going on about, so, I figured Google showed me how to build an oval drawing jig, so maybe it knows. I'll laugh if this is the answer. https://social.technet.microsoft.co...ty-server-in-the-ad-domain?forum=winservergen
Open ADSI edit and select Configuration from the well known naming context. After that expand Services, and then Public Key Services. All previous CA's should be listed in the containers and you can delete the records from there. Here are detailed steps: http://retrohack.com/cleaning-up-after-a-failed-2008-certificate-authority/ This should work for Server 2012 R2 as well.