Is there a difference in the check used? No Is it redundant to check for a machine certificate on both the realm & role? maybe, but that is a call you & your security team need to decide. doing it at both allows you to check if it is present at the realm and have role mapping rules that allow or disallow access based on if that certificate is present. as far as the error goes: is it on all machines or only some? does the connection in your connection set enable machine store for the certificate?
... View more