Thanks for your guidance, it is a very helpful!
I did all the steps on my test infrastructure, though I had a reduced set of virtual machines.
It seems to me that there is an error in section 5 (maybe my comment will help other people)
You suggest to execute the command: certutil -f -dspublish "E: \ ROOTCA_windows noob Root CA.crt" RootCA
Where RootCA , as you write, is the host name of offline Root CA, however certutil helps us:
CertUtil [Options] -dsPublish CertFile [NTAuthCA | RootCA | SubCA | CrossCA | KRA | User | Machine] ...
CertFile - certificate file to