Almost 100 DCs have automatically enrolled and obtained a new certificate and the old certificates where discarded.īut strangely we have about 10 DCs where the automatic process fails. We are currently replacing the 'Domain Controller Authentication' certificates with 'Kerberos Authentication' certifcates. Our DCs need Certificates because we are using SmartCard-Logon.
We have Root- and Intermediate CAs integrated into AD. We have a domain running in 2008R2 domain-mode.