We recently upgraded our 3 old Windows 2008 domain controllers to Windows 2012. The old main domain controller was called Sale-fs2. After the upgrade we are receiving errors on some of our servers, Schannel Event ID 36881 which states that the certificate received from the remote server has expired. When I go on to the new Windows 2012 domain controller which is called Sale-DC1 and go to the 'Trusted Root Certification Authorities' and click on certificates there is a certificate called 'Sale-fs2' which has expired. Now my question is, is it OK to delete this certificate or should there be one in here for the new primary domain controller called Sale-DC1. If I need one for Sale-DC1 how do I create it?