Missing User Certificates from windows 11 and windows 10 laptops.

Question

Hi, We are facing strange issue. Starting February 7, 2025 we have few users who could not connect to VPN. We use user certificates through our PKI and when checked our issuing certificate authority we could see certificate there but it was missing from users devices. Currently it has impacted both windows 11 and windows 10 laptops. I am trying to figure out what is causing this. We have auto enrollment enabled and CA is configured to issue certificate 6 weeks prior to expiration. Has anyone observed or seen this issue. I am stumped at the moment and want to contain this asap.

Answer 1

@Mohsauga, Thanks for posting in Q&A. Based on my researching, I find a link describe when you update the device to a later version of Windows, the device loses its system and user certificates.

https://learn.microsoft.com/en-us/troubleshoot/windows-client/certificates-and-public-key-infrastructure-pki/certs-missing-after-device-update

However, if the above link can't fix the issue, please collect the following information to clarify:

1, How did we deploy the user certificate? is it deployed from Intune SCEP?

2, If we sync on the device with Intune, will we receive the new certificate?

3, Did the previous certificate expires? Did a renewed certificate generate on CA side?

Please try the above suggestion and if there's any update, feel free to let us know.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.