This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 19%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi
We have a domain controller that is about 12 years old, the OS itself has been upgraded regularly (now it is Windows Server 2019) because in these years a lot of setting has been changed or a couple of services connected to Active Directory then disconnected, a lot of junks has been leftover and many services not work as proper as used to.
Therefore, we need a way to clean up our domain controller.
Recently we seize our primary DC and install a fresh OS but when making it primary again, it takes back all those crap from our additional DC, so back, to where we are
The reason I ask you is that recently an annoying problem occurred, any Windows PC that joins our domain get SSL Cert error even for google.com
I create a policy on top of the tree and import an updated version of certificates from Microsoft and enforce that policy but the problem still exists.
PS: dcdiag.exe is showing everything pass
Thank you in advanced
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 16%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Hi @Mahyar S ,
You are welcome. Thank you so much for your kindly reply.
So glad that the certificate error is gone. Based on the scenario we described, it is hard to judge the causes of the issue. And based on my understanding, it is more like a performance issue. Have we tried to use a different Browser to open the website?
Greatly appreciate your time and support.
Best regards,
Hannah Xiong
Hi @Hannah Xiong
Yes, I tested with FF, Edge, Chrome but the same problem exists!
Thank you for your time.
Hi @Hannah Xiong
I'm sorry to bring up this topic again!
I see something new and thought I should update this topic
as you can see below I screenshot certificate of this site (https://learn.microsoft.com) in two different PC
1.PC Joined to our domain that has a problem
2.PC joined to a clean test domain
As you can see PC number 2 have the correct certificate but the certificate of PC number 1 is not correct at all! it's issued by PC itself not Microsoft and all the details are different.
both of the PCs use the same internet, same browser, same OS but performance of opening site like this topic is very different.
I think this problem is because of an old certificate authority that was in our domain and now it doesn't exist.
Do you have any thoughts?
Thank you for your time