I'm having some problem with my 2-tier PKI setup on windows. I've got 2 Root CAs RSA and ECC. I issue certs to my servers and PCs. I'm using Windows server 2012 R2.
For example. My Exchange has problems when I test it with SSL LABS.
Shows the chain is incomplete.
I also did a test on High-Tech Bridge and the chain shows normally:
I've tested the chain using certutil and it works. the CRL and OCSP works fine.
I don't what the problem is..