J
jilljen01
Having an issue with certificate autoenrollment.
I have the following test environment, windows 2016 standard Domain Controller running Certificate Authority and a windows 2016 member server I am testing to get the computer certificate.
I copied the computer template and set the appropriate permissions for domain computers (read, enroll, auto-enroll), set the GPO at the domain level to autoenroll the computer certificate etc (just a note that this is working perfectly in another 2016 test environment).
On the member server, I ran the rsop.msc to ensure that the computer has received the policy etc. I can certutil ping the CA on the domain controller from the member server. When I do a gpupdate /force, in the application log (I enabled logging), I get the following error:
Certificate enrollment for Local system could not enroll for a Machine certificate. A valid certification authority cannot be found to issue this template.
I can manually enroll for the certificate using the MMC certificate snap-in so I know that the cert is published etc and I can connect from the member server if I manually enroll. It is just the auto enrollment that I cannot seem to get working.
any thoughts on what I can look at now to troubleshoot this?
Continue reading...
I have the following test environment, windows 2016 standard Domain Controller running Certificate Authority and a windows 2016 member server I am testing to get the computer certificate.
I copied the computer template and set the appropriate permissions for domain computers (read, enroll, auto-enroll), set the GPO at the domain level to autoenroll the computer certificate etc (just a note that this is working perfectly in another 2016 test environment).
On the member server, I ran the rsop.msc to ensure that the computer has received the policy etc. I can certutil ping the CA on the domain controller from the member server. When I do a gpupdate /force, in the application log (I enabled logging), I get the following error:
Certificate enrollment for Local system could not enroll for a Machine certificate. A valid certification authority cannot be found to issue this template.
I can manually enroll for the certificate using the MMC certificate snap-in so I know that the cert is published etc and I can connect from the member server if I manually enroll. It is just the auto enrollment that I cannot seem to get working.
any thoughts on what I can look at now to troubleshoot this?
Continue reading...