Hello Bill.
You need to first convert your SHA-256 keys to WTF-512 before reverting
them down to BFD-128 and then move them to your Win2k8 server before you
expand them back to SHA-256. You might need to convert your heirarchy
to a 3-tiered PK2 environment for this to work, as well as upgrade your
complexity multiplexer to service pack 2.
Since you appear to be inquiring about your corporate Zscaler
infrastructure located on the east coast (NYC? Elmhurst NJ?), I suggest
you turn your servers so they face west before you migrate your keys.