Trusted root certificates not synchronize between DC

Tutek 721 Reputation points
2023-03-07T08:08:13.9866667+00:00

Hi,

I just promoted new serv 2022 to current domain as new domain controller, I see that users, coputers, gpo synchronized.

Policydefenitions are auto created in sysvol folder as central store - so everything is good.

But one GPO have settings to apply to all domain computer one certificate from trusted root, but when I do certlm.msc and go to this folder I don't see that this cert was synchronized on the new DC, on the old DC this cert is visible but not on then new DC.

I have no errors in sync:

PS C:\Users\Administrator.domain> Repadmin /replsummary
Replication Summary Start Time: 2023-03-07 08:42:17

Beginning data collection for replication summary, this may take awhile:
  .....


Source DSA          largest delta    fails/total %%   error
 UKS0001                   17m:51s    0 /   5    0
 UKS01                     07m:23s    0 /   5    0


Destination DSA     largest delta    fails/total %%   error
 UKS0001                   07m:23s    0 /   5    0
 UKS01                     17m:51s    0 /   5    0


Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2023-03-07T08:13:52.74+00:00

    Hi @Tutek

    Try to force the GPO by running the following command :

    gpupdate /force

    Then you can check if the GPO setting for root certificate is well configured in gpo report by running the following command:

    gpresult /H c:\temp\gporeport.html

    Please don't forget to mark helpful answer as accepted


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.