Photo by Emiliano Arano on

Issue Description

I was recently working on Active Directory Root Certificate Authority Migration and encountered a weird error during the import of the exported certificate from the old CA Server to the new.

The account being used had Domain Admin & Enterprise Admin Right as well as full permission on the folder and the .pfx file.

CCertSrvSetup::CAImportPFX: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED).


I used a different account to export and import the certificates and take CA Backup, This caused the issue, as soon as I switched to the same account, the problem disappeared.

FYI, AD Replication wasn’t a cause, because both account had domain & enterprise admin access for more than a day.


Use the same account to export and import the certificates during “Certificate Server Migration” to avoid such issues.

Thanks for reading !