User started getting access denied messages accessing web sites via WSS first thing in the day, when all worked fine previous day
WSS agents used to connect users into WSS
Auth Connector shows a number of failed connections to WSS
Auth Connector reporting errors that 'The certificate chain was issued by an authority that is not trusted' as shown below
2021/04/27 09:34:06.368  [6936:8140] SSL negotiate: AcceptSecurityContext failed: 0x80090325; status=-2146893019:0x80090325:The certificate chain was issued by an authority that is not trusted.
2021/04/27 09:34:06.369  [6936:8140] SSL setup failed; status=-2146893019:0x80090325:The certificate chain was issued by an authority that is not trusted.
WSS could not get group information from authenticating users due to Auth Connector communication errors, and any policy that needed the users group info would fail.
Download the DigiCert Global G2 TLS RSA SHA256 2020 CA1 intermediate certificate from https://knowledge.digicert.com/alerts/DigiCert-ICA-Update.html, and install into the Windows Auth Connector server certificate store.
WSS Authentication certificate changed made to switch from Entrust (expiring April 10) to Digicert
Windows server running Auth Connector was missing the Digicert intermediate cert needed to validate the handshake
Windows updates should have updated trust package (July 2020 MS trust package has the right cert)