I was recently working on Active Directory Root Certificate Authority Migration and encountered a weird error during the import of the exported certificate from the old CA Server to the new.
The account being used had Domain Admin & Enterprise Admin Right as well as full permission on the folder and the .pfx file.
CCertSrvSetup::CAImportPFX: Access is denied. 0x80070005 (WIN32: 5 ERROR_ACCESS_DENIED).
I used a different account to export and import the certificates and take CA Backup, This caused the issue, as soon as I switched to the same account, the problem disappeared.
FYI, AD Replication wasn’t a cause, because both account had domain & enterprise admin access for more than a day.
Use the same account to export and import the certificates during “Certificate Server Migration” to avoid such issues.
Thanks for reading !