Guest jilljen01 Posted January 17, 2020 Posted January 17, 2020 Having an issue with certificate autoenrollment. I have the following test environment, windows 2016 standard Domain Controller running Certificate Authority and a windows 2016 member server I am testing to get the computer certificate. I copied the computer template and set the appropriate permissions for domain computers (read, enroll, auto-enroll), set the GPO at the domain level to autoenroll the computer certificate etc (just a note that this is working perfectly in another 2016 test environment). On the member server, I ran the rsop.msc to ensure that the computer has received the policy etc. I can certutil ping the CA on the domain controller from the member server. When I do a gpupdate /force, in the application log (I enabled logging), I get the following error: Certificate enrollment for Local system could not enroll for a Machine certificate. A valid certification authority cannot be found to issue this template. I can manually enroll for the certificate using the MMC certificate snap-in so I know that the cert is published etc and I can connect from the member server if I manually enroll. It is just the auto enrollment that I cannot seem to get working. any thoughts on what I can look at now to troubleshoot this? Continue reading... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.