I have this weird unexplained delay before the certificates i put in my servers start actually working
it goes something like this:
I add the certificates snap-in to mmc to manage the computer account certificates
I then add some certificates to the trusted root certificates, and some to the intermediate certification authorities
The certificates i add to the trusted root certificates are of the entire organization, and the ones i add to the intermediate certification authorities are of the branch i belong to.
I publish the certificates to active directory using the cmd command
"cerutil -f -dspublish RootCA"
and
"certutil -f -dspublish NTAuthCA"
I try to log in using my smartcard, and i get this error:
"an untrusted certificate authority was detected while processing the smart card"
I wait a day, and then everything is suddenly working fine, i can log in, i don't get any errors, nothing.
I've searched everywhere for this weird delay, but i haven't managed to find anything concrete, anyone has any ideas?
Best Answer
Two possible explanations:
1) The delay is caused by replication between domain controllers (if you have more than one)
2) The delay is caused by policies not being applied in servers when you attempt verification. Machine policies are applied every 90 minutes by default in w2k8r2, don't know what the timer is in w2k12.
(1) and (2) may be combined. I always do "gpupdate /force" in servers I would log in to when verifying certificates, have you tried it?