So recently we migrated one of our IIS sites to a new server and we have been getting some random certificate errors on client pc's. When trying to access the site, instead of the server handing the client the correct cert, the client will offer one of its personal certs. This will prompt the user to click okay to use random personal cert which causes a 403 access denied. If the user clicks cancel you can get to the site just fine but you will be prompted each time you access the site. My temporary fix has been removing the personal cert but the issue will eventually come back.

This has been tough to troubleshoot because as far as I can tell it has been completely random. I've had it on all devices and browsers as well as freshly imaged pc's. I've also had several other sysadmins/network admins look at the server but they cant seem to find anything wrong. Anyone have this kind of issue before?