Thank you! We had this problem and didn't notice for about a month, so needless to say we had a lot of certificates to clean up across a lot of servers. Here's a script I put together based on your work that fixed the issue on all Windows servers in our AD domain, in case anyone else needs it. I filtered the certificates a little differently than you did in
http://www.sevecek.com/Lists/Posts/Post.aspx?ID=396 because I couldn't use the -Eku parameter on some of our older servers.
# Remove all archived certs in the LocalMachine store across domain servers where the subject is CN=servername...
$Servers = Get-ADComputer -Properties * -Filter {enabled -eq $true -and operatingsystem -like "*server*"}
$ServerNum = 1
$Servers|%{
"[$ServerNum/$($Servers.Count)]:"
" 1/3 Removing archived certs from local machine store..."
Invoke-Command -ComputerName $_.Name {gci -Recurse 'Cert:\LocalMachine\My' -force | where {$_.archived -eq $true} | where {$_.subject -like "CN=$($_.Name)*"} | Remove-Item -force }
" 2/3 Stopping SessionEnv..."
Invoke-Command -ComputerName $_.Name {sc.exe stop sessionenv}
" 3/3 Restarting SessionEnv..."
Invoke-Command -ComputerName $_.Name {sc.exe start sessionenv}
$ServerNum++
}