Migrating the AD Certificate Authority Service server role from 2012 R2 to 2019 — ‘template information could not be loaded’ error

I recently had a 2012R2 server with AD Certificate Services installed, the server was to be discontinued, so we needed to rebuild on a 2019 server.

It didn’t go quite to plan — so I thought I would share my experience!

The 2019 server was spun up in Azure, and I followed this guidance:

https://www.petenetlive.com/KB/Article/0001473

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674

Steps are broadly as follows:

Step 1: Backup Windows Server 2012 R2 certificate authority database and its configuration

Step 2: Backup CA Registry Settings

Step 3: Uninstall CA Service from Windows Server 2012 R2

Step 4: Install Windows Server 2019 Certificate Services

Step 5: Configure AD CS

Step 6: Restore CA Backup

Step 7: Restore Registry info

NOTE: If you are installing to a machine with a different name, edit the registry backup and replace the old server name with the new one before merging the registry entry.

Step 8: Reissue Certificate Templates