![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 79%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,246 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello there,
Check the configuration of CA. The notes state you have one 2022 CA so you have a root that is also acting as the policy and issuance CA as well. Remote to the CA itself, open Certificate Authorities console under Windows Administrative Tools. Right click the CA and select Properties. Click the Extensions tab. In the selections box choose Authority Information Access (AIA). This is where the validation of the CA is defined. What is located there is encoded on all certificates issued from the CA. If you find LDAP entries and/or OCSP entries then the problem is you are encoding certs with that validation information but the validation end points don't exist. LDAP validation is the old way and is listed for support of 2003 and older OS. The URLs listed on this tab should exist or not be listed. They are populated when the CA was initially configured. You should have at least one location (local drive) and one CDP location (AIA entry) at minimum. Remove the LDAP and OCSP locations which don't exist.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–