Doubtful if they’re using GoDaddy. ;) I’d wager you have a difference in GPO around certificates for your DCs; either that or the “root certificate updates” aren’t applied to the DCs.
DAMIEN SOLODOW Senior Systems Engineer 317.447.6033 (office) 317.447.6014 (fax) HARRISON COLLEGE From: [email protected] [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Monday, February 1, 2016 4:16 PM To: '[email protected]' <[email protected]> Subject: [NTSysADM] DC's and certs. So I am working with a vendor on a new product they are developing.. It installs a single exe as a service and runs as system. That service makes an SSL connection to their servers. That is all I can say about the software at this point. Desktops and member servers make the SSL call no problem. But DC’s fail and reject the cert on the vendor’s server. It is a GoDaddy G2 cert. I dl’d the chain from GoDaddy, installed it into the local machine store on the DC’s and all is well. The GoDaddy chain is not installed on the member servers. My question is why the difference between a DC and a Member server? Do DC’s only talk to themselves for cert verification? PS: You folks are going to be very jelly when you find out what it is and that I have it. ☺
