Public Key Infrastructure (PKI) relies on the certificates which are being utilized to be issued from “trusted” authorities. Put very basically (basically enough to make PKI experts worldwide collectively wince) the certificate being used can be checked against the list to make sure there is a matching trusted issuer certificate in the trusted root list and that the issuer’s certificate passed some checks. If the issuing certificate is missing and cannot be retrieved from the Microsoft PCA (which is not uncommon in secure corporate networks) then whatever services the certificate is being used for will likely fail.
There is a known condition which can happen where there can be too many certificates in the trusted root stores. This leads to some of them not being retrieved and may cause the trusted root check to fail and hence the services which rely on that to fail. This can be perceived as an intermittent and tough to track down problem.
This script will look at a local computer’s certificate trust list and count what is present. The problem is typically seen when there are greater than one hundred certificates in the store, so the script will show “problem detected = $true” in that case. The sizing of when the problem may occur is not precise since the data in certificates can may the size in memory a little different.