We're not in Azure but not sure which forum this really belongs in because nothing else really fit...so mods feel free to move.
--
So we added two new Root CA certs to our Default Domain Policy last night. This policy is only used for publishing our certs out to domain-joined members. About 6:30 I get a call that all the websites are down that use SSL. Upon looking at the GPO, we found it to be completely blank. Servers are 2012 R2 and at the 2012 R2 function level.
Here's what we checked so far
1. Replication: All successful according to the Replication Tool and repadmin (we're using DFS-R)
2. Event Viewer on the DCs: No warnings or errors pertaining to GPO
We had this happen to another GPO a few months back, and it doesn't seem to lose it's mind until we make a modification. Doesn't seem to matter how big or small the GPO is either...just loses all it's settings.