none
Local root CA certificate is missing in the Trust List RRS feed

  • Question

  • Hi,

    Some of our workstations running Win 10 Pro v 1803 are missing the local root CA certificate in the  Root CA Trust List. The consequence is that they are rejecting all certificates issued by our PKI and are not able to connect to services. The easy way to solve the issue is to install back the root CA certificate but we are not able to identified the cause.

    Does anyone has an idea of what can cause tha issue? Any help would be greatly appreciated.

    Thanks.

    Monday, March 2, 2020 4:01 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    To better understand our question, please confirm the following information:

    1. According to our description "Some of our workstations running Win 10 Pro v 1803 are missing the local root CA certificate in the Root CA Trust List.", so we have our internal PKI and CA, and these workstation are in the domain, is that right?

    2. Do we mean the root CA certificate in the Root CA Trust List on all the domain-joined machines or on only some machines we mentioned above is missing?



    Meanwhile, if we have single-tier CA, we can add the root CA certificate into the Trusted Root Certification Authority container on the workstations by deploying the following group policy setting:

    Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities\ right click Trusted Root Certification Authorities and select import the root certificate




    Meanwhile, if we have two-tier CA, we can add the root CA certificate into the Trusted Root Certification Authority container on the workstations by deploying the following group policy setting:

    Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities\ right click Trusted Root Certification Authorities and select import the root certificate

    and 

    Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Intermediate Certification Authorities\ right click Intermediate Certification Authorities and select import the intermediate CA certificate


    If we add the root CA certificate to the Trusted Root Certification Authority container, will the root certificate be missing again? If so, we can try to check if we can see any event as below:



    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 3, 2020 4:06 AM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 5, 2020 2:54 AM
  • Hi,
     
    I just want to confirm the current situations.
     
    Please feel free to let us know if you need further assistance.
     
    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 9, 2020 1:33 AM