Cannot request Certificate for Radius Server

That's sad, but you have much more work than I expected. You have a Standalone CA which isn't suited for large environments, automation and so on. It is really impractical to use this type of CA in AD environment. Standalone CAs are used as offline Root/Policy CAs that issue certificates only to other CAs.

This means that you will have to reinstall CA from scratch. First of all, you will need to remove CA role from server and perform AD cleanup from CA objects as per this article: https://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx

Then you will have to install new CA and choose "Enterprise CA" CA type in wizard.

And the last note: never install CA on domain controllers. Because you will be stuck with this DC. You cannot move/replace your DC if CA is installed there.

You did everything wrong.

1) Domain Controller Authentication template is not for RADIUS servers. It is for DCs only and intended for smart card logon and LDAP/S
2) For RADIUS there is a template called "RAS and IAS Servers" which is intended specifically for RADIUS
3) grant RADIUS servers group Read, Enroll and Autoenroll permissions. Do not grant permissions to principals, use groups instead.
4) never enable "Publish certificate in AD" option in computer-based certificate templates. No exceptions
5) never enable "Publish certificate in AD" option in user-based templates if they don't include "Encrypting File System" or "Secure Email" EKU
6) add "RAS and IAS Servers" template for issuance to CA:
6.1) in Certification Authority MMC, right-click on "Certificate Templates" folder, then New -> Certificate Template to Issue.
6.2) add specified certificate template to CA
7) retry enrollment.

Hi,

I am not able to find the "Certificate Templates" folder in the CA installed on the Domain Controller.

Hi there,

To work around this issue, remove the expired (archived) certificate.

After you replace an expired certificate with a new certificate on a server that is running Microsoft Internet Authentication Service (IAS) or Routing and Remote Access, clients that have Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) configured to verify the server's certificate can no longer authenticate with the server. When you view the System log in Event Viewer on the client computer, the following event is displayed.

You can remove the expired certificate by following this
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/clients-cant-authenticate-server

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--

The CA was installed on the main dc by someone else to issue certificates to System Center 2012 but now all the issued certificates are under the Revoked container. I believe it won't affect the system center if I remove CA now from DC and install an enterprise CA on another server. Is it better to install Enterprise CA on a separate server that does not have any other role installed?

Thanks.