did you configured security permissions on certificate to autoenroll for domain computers too?
RDP Certificate not auto-renewing
Hi,
I have set up an RDP cert for auto renewal in my lab. I have ticked 'Auto-Enroll' for all users, create a group policy for RDP and set the server authentication template to my template, i have also changed the configuration for both computer and user to allow auto-enrollment in group policy. However, my auto-renewal is not triggering when my cert expires. Can someone help please. Thanks.
4 answers
Sort by: Most helpful
-
-
Fan Fan 15,291 Reputation points Microsoft Vendor
2021-03-31T06:22:44.007+00:00 Hi,
First of all ,check if the group policy for 'Auto-Enroll' was applied for all the users.
You can run the GPRESULT /H REPORT.HTML and check the gpresult.
Make sure the users have the read and auto-enroll permission on the templates.
If possible , please share a screenshot here.(Hide the private information)Best Regards,
-
PKInoob88 101 Reputation points
2021-03-31T07:11:25.233+00:00 Hi,
The GPresult does not show the users. I have allowed read and auto-enroll/enroll for all users in my CA. Thanks.
-
PKInoob88 101 Reputation points
2021-04-01T06:04:38.977+00:00 hi, i managed to get auto-enrollment to work but now i see this error from my event viewer.
Certificate enrollment for Local system failed to enroll for a RDPxxxx certificate with request ID 400 from hostname.testlab.local\SubCA (The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)).