If you have recently changed domains on your PC (for example, connected it to the Azure AD and then reconnected to the on premises AD) and now you are seeing an error in the screenshot below while registering your device to sign in to your domain account, follow these steps:

1. Run certificate manager (certmgr.msc) as local admin on the user PC.

2. Browse to the Trusted Root Certification Authority -> Certificates.

3. Check if the list of certificates contains more than one certificate that was issued by the domain server. If you have two or more certificates you should determine which one of them is Root CA Certificate and delete any extra certificates except root.