How To Check Domain Controller Certificate Expired. Domain controllers automatically request a domain controller certificate if published when they discover an enterprise certificate authority is added to Active Directory. Select the Update certificates that use certificate templates check box.
We have an SBS 2011 domain controller where the root CA has expired. If this profile or domain controller no longer exists you may not be able to use. Only valid and non-expired certificates are eligible for renewal.
An expired certificate can certainly cause this to happen.
Domain Controller auto-enrollment behavior. I rebooted the domain controller just for good measure. By default the lifetime of a certificate that is issued by a Stand-alone Certificate Authority CA is one year. In the Certificate dialog box choose the Details tab and then choose Copy to File.