Untrust Root CA with cert imported in IE Trusted Root

We encounter below problems, Could someone help?

on some PC, when user access website signed by my company CA, IE will show untrusted certificate page. But the certificate already imported in the IE Trust Root

To uncheck "Check server certificate revocation", then no warning page.

To verify the certificate with certutil, below is the message.

certutil -verify -urlfetch test.cert

ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)

CertContext[0][0]: dwInfoStatus=10a dwErrorStatus=20
  Issuer: O=MyCompany Root CA, C=US
  Subject: O=MyCompany Root CA, C=US
  Serial: 

  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_IS_UNTRUSTED_ROOT (0x20)
  ----------------  Certificate AIA  ----------------
  No URLs "None" Time: 0
  ----------------  Certificate CDP  ----------------
319.1862.0: 0x8007006e (WIN32: 110): ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary
319.1862.0: 0x8007003a (WIN32: 58): ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary
  Failed "CDP" Time: 0
    Error retrieving URL: The system cannot open the device or file specified. 0x8007006e (WIN32: 110)
    ldap:///CN=CRL1, O=MyCompany Root CA, C=US?certificateRevocationList;binary,authorityRevocationList;binary,deltaRevocationList;binary

  Failed "CDP" Time: 0
    Error retrieving URL: The specified server cannot perform the requested operation. 0x8007003a (WIN32: 58)
    ldap://dc.mycompany.com/o=mycompany%20CA1,c=US?certificateRevocationList;binary

  Verified "Base CRL (2419)" Time: 1
    [2.0] http://dc.mycompany.com/CombinedCDP/CRL.crl"

I had the same problem. Installing the root certificate on Local Computer > Trusted Root Certification Authorities solved my problem. Installing the root certificate in Current User > Trusted Root Certification Authorities was not required.