Hello @Chau Le ,
Thank you for posting here.
Based on "Policy CA cert on client machines is about to expire in 6/26/21", would you please show us what container Policy CA cert on client machines in?
We can copy the 2027 expiration cert to one domain controller, and run the following command:
certutil -dspublish -f <the full path of the Policy CA cert>
Then check if the 2027 expiration cert will be on the client machine.
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.