Smart cards

Should the root certificate be subject to a revocation status check?

Good day to all.

I inherited PKI on Windows:
1) RootSRV - not in the domain, issues CA, SubCA and CRL to it (offline);
2) IssueSRV - in the domain (aka DC), stores SubCA on itself, issues client certificates and CRLs to them. All for 2008r2.

Everything is used to authorize domain users using a smart card.

Added a new domain controller (2016) and ran into a problem that if a user tries to authenticate with a smart card through a new domain controller, then the error "The revocation status of the certificate of the domain controller used for smart card authentication is not defined" occurs . =(

On this DC I check CertUtil -verify:
1) client certificate - no errors;
2) SubCA certificate - no errors;
3) finally ROOTCA - "Failed to check certificate revocation status".

At the same time, when checking the rootca on the IssueSRV itself, it also swears that it was not possible to check the status of the certificate revocation, but this does not prevent it from authenticating clients, just as it does not prevent another old domain controller from starting clients on a smart card.

So I can’t even understand, maybe the root one shouldn’t pass this check, but the problem is something else?))

By the way, the new domain controller at first cursed that he couldn’t get a certificate for himself with the same error, but now I see in the personal certificate store of the computer that I still received a certificate from IssueSRV (Domain Controller template).