Hello,
I just noticed two event 4097s come through for CAPI2 in the Application event log. I started poking around and couldn't find any of these events on any other Windows Servers. Apparently two third party root certificates were auto-updated. When I looked at the list of root CAs in the Certificates Console on a few Windows Servers I noticed that each had a slightly different set of root CAs.
What is the best practice with managing these root CAs in the cert stores of each server? I would like to verify each one and determine why some servers have some root CAs and others don't. Such as the root CA for USERTrust, with thumbprint "58119f0e128287ea50fdd987456f4f78dcfad6d4". It's on certain servers in our DEV and PROD environments, but weirdly not consistently on a similar function server.
What are the scenarios in which the root CA list could be modified?
Thank you.