After Renewal of Certificate on the Intermediate Certificate server , Previous Intermediate Server Certificate Isn't Visible in Intermediate Certificate Authorities folder on Client

Fahad Noaman 151 Reputation points

Hi All,

We recently renewed a certificate on the Intermediate Certificate server listed below and published it on Active Directory.

Our setup includes one offline root Certificate server and three Intermediate Certificate servers:

  1. Server 1 provides certificates to servers,
  2. Server 2 provides certificates to clients,
  3. Server 3 provides certificates to users.

After the renewal, we encountered an issue with Windows Hello for Business on newly provisioned client machines. Despite having the new certificate installed on the machines, we were unable to access shared resources. Upon investigation, we discovered an issue with the certificate chain. Under the Intermediate Certificate Authorities folder, we noticed both the old and new certificates for the Intermediate Certificate server that provides certificates to clients, but the other two old Intermediate Certificate servers' certificates were missing.

Could you advise how these certificates are deployed and how to obtain the missing certificates? Is the old certificate still needed for accessing shared resources? Please note that we have both Azure AD joined devices and Hybrid joined devices, and the issue is occurring only with the Azure AD joined devices, not the Hybrid joined ones.

Thank you.

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
530 questions
0 comments No comments
{count} votes