Active Directory
A set of directory-based technologies included in Windows Server.
5,851 questions
did you configured security permissions on certificate to autoenroll for domain computers too?
RDP Certificate not auto-renewing
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 14.000000000000002%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
PKInoob88
101
Reputation points
Hi,
I have set up an RDP cert for auto renewal in my lab. I have ticked 'Auto-Enroll' for all users, create a group policy for RDP and set the server authentication template to my template, i have also changed the configuration for both computer and user to allow auto-enrollment in group policy. However, my auto-renewal is not triggering when my cert expires. Can someone help please. Thanks.
4 answers
Sort by: Most helpful
-
dimiro 11 Reputation points2021-03-31T02:16:17.273+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Fan Fan 15,291 Reputation points Microsoft Vendor2021-03-31T06:22:44.007+00:00 Hi,
First of all ,check if the group policy for 'Auto-Enroll' was applied for all the users.
You can run the GPRESULT /H REPORT.HTML and check the gpresult.
Make sure the users have the read and auto-enroll permission on the templates.
If possible , please share a screenshot here.(Hide the private information)Best Regards,
-
PKInoob88 101 Reputation points
2021-03-31T07:11:25.233+00:00 
Hi,
The GPresult does not show the users. I have allowed read and auto-enroll/enroll for all users in my CA. Thanks.
-
Fan Fan 15,291 Reputation points Microsoft Vendor
2021-03-31T07:21:42.397+00:00 Hi,
Sorry that i can't figure out is the policy a user setting?
If yes, the auto-enroll policy is applied.
You can run gpupdate /force on the clients and check if any events logged or if there are any errors.
Best Regards, -
PKInoob88 101 Reputation points
2021-03-31T07:22:53.373+00:00 Yes the auto-enroll policy is applied and i have run gpupdate /force but my cert is not auto-renewing... sad
-
dimiro 11 Reputation points
2021-03-31T11:15:58.3+00:00 but... is this gpo was applied both to computer and users?
-
PKInoob88 101 Reputation points
2021-04-01T01:57:33.357+00:00 Yes sir, i have checked and it is applied to both user and computer.
Sign in to comment -
-
PKInoob88 101 Reputation points
2021-04-01T06:04:38.977+00:00 hi, i managed to get auto-enrollment to work but now i see this error from my event viewer.
Certificate enrollment for Local system failed to enroll for a RDPxxxx certificate with request ID 400 from hostname.testlab.local\SubCA (The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)).
-
Fan Fan 15,291 Reputation points Microsoft Vendor
2021-04-06T07:55:53.857+00:00 Hi,
I tried to do more research about this issue but without no lucky.
If there is no progress, I would suggest you contact Microsoft Customer Services and Support to get an efficient solution:
https://support.microsoft.com/en-in/hub/4343728/support-for-businessBest Regards,
Sign in to comment -