In Orchestrator, workflows that utilize the Active Directory Plugin may fail after a CA Root Certificate is renewed and applied to the Domain Controller. 

You may see errors similar to these:

"TypeError: Cannot find function searchComputer in object notfound (Workflow:Add Computer to Group / Find Computer (item10)"
"TypeError: Cannot find function createUserGroup in object notfound. (Dynamic Script Module name : createUserGroup)"

The workflow, "Import a Certificate using URL" using the FQDN of the Domain Controller may fail with errors similar to: "One or more certificates in the chain are not valid. Certificate chain details: The certificate could not be retrieved or contains errors: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake"

Aria Automation Orchestrator 8.x

The new RootCA certificate is not in the Orchestrator trust store, so the server certificate is not trusted. 

Import the new RootCA Certificate and then Import the new Server certificate.

1. Download the base64 encoded RootCA certificate from the CA
2. Run the "Import a trusted certificate from a file" workflow in Orchestrator 
3. After it completes successfully, the Server certificate can be imported by running the "Import a certificate from URL" workflow using the FQDN of the Domain Controller
        NOTE: If the Domain Controllers are behind a VIP, you will need to run the "Import a certificate from URL" workflow using the VIP and you may need to run it for each Domain Controller behind the VIP, depending on how the certificates are configured.