This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 27%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
How do I troubleshoot why a certificate didn't get issued to a new server added to the domain?
The setting is set in the Default Domain GPO, under Security Settings-->Public Key Policies--> trusted root certificates.
It was discovered that the new server didn't get the certificate when we tried to access our internet wiki while on the new server, and it didn't show the URL as a safe https site.
The rest of the GPO loads on the machine succesfully, so I'm not sure how else to troubleshoot why this failed to load.
Any tips on the first steps to research this? I looked in event log and I didn't see any clues, all I saw were messages about the GPO loading as a whole.
Hi there,
There might be many reasons for this like difference between Computer Configuration and User Configuration.
You can use the following procedure to push down the appropriate Secure Sockets Layer (SSL) certificates (or equivalent certificates that chain to a trusted root) for account federation servers, resource federation servers, and Web servers to each client computer in the account partner forest by using Group Policy.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
@Limitless Technology Yes, that is how the GPO is already setup. What I don't understand, is how to troubleshoot why it isn't working for this one specific resource, it's worked for the others.
Can you elaborate on what you mean by "difference between Computer Config and User Config?"
I put these settings into it's own GPO, and it's still not loading. Event log on the target machine states that the new GPO loaded successfully. But when I go to our internal website from this new machine, it's "still" saying that the website is not trusted.In case this might be related, when the machine was first built, I added it to the domain successfully.
Then a few days later it was discovered that it wasn't on the domain, so I put it back onto the domain shortly thereafter, and it's remained on the domain since then. This issue with the trusted root cert was discovered after I resolved that domain join issue.
Any idea how I can go about figuring out why this cert is failing to load? I'm not sure where to turn with no event log info to go off-of.
Even though the GPO shows as loading successfully, when I do an rsop and look under Public Key Policies----> Trusted Root Cert is blank
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 71%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER5%3C/text%3E%3C/svg%3E)
Hello agfreesafety3
Did you find a solution?
It seems that I have same issue.