Do you have a certificate server on the domain? If so is it set to automatically approve requests for new certificates. If not you may need to manually go in and approve the certificates.
Yes. I have Certficate server on my first domain controler but not on second domain controllera(backup domain controllera). How can i set that automatically approve requests for new certificates?. I installed new certficate on second domain controllera but the problem not resolved.