![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 50%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
3,085 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi,
Thank you for posting your query.
Kindly follow the steps provided below to resolve your issue.
Cleanup any Root Certificates that point to non existing CAs within you Local Certificate Store certlm.msc only leaving your active CA server, these can be found in your Trusted Root Certification Authorities and Intermediate Certification Authorities.
Remove the DCs certificate using certlm.msc (Local Certificate Store) Personal you will see the hostname of the DC delete them all.
Right Click on Personal, choose All Tasks and Request New Certificate following the steps adding the certificates deleted in step 2 or just add all the templates.
Do these same steps for all your DCs.
Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/answers/questions/958146/kdc-certificate-could-not-be-validated-error.html
Do not hesitate to message us if you need further assistance.
If the answer is helpful kindly click "Accept as Answer" and up vote it.