I can't figure out why my IIS 8 website trusts my Windows 2003 root CA but not the Windows 2012 root CA. Both roots are installed in the trusted root store, but the server behaves as if the new CA doesn't exist or isn't valid for authenticating clients.
I've tried reinstalling the Windows 2012 root CA. I've tried adjusting the registry SendTrustedIssuerList value, but all that seems to do is make the certificate unavailable at the client end.
What is going on with this new server?