Hello IESSysAdmin-1344,
Thank you for posting in our Q&A forum.
Usually, we should check the permissions on the certificate template.
1.Logon the CA server and open Certification Authority console.
2.Open Certificate Template Console.
3.Usually, we do not change the default certificate template setting, if we need to use one certificate template, we can duplicate (right click this certificate template and select "Duplicate Template") it and configure the corresponding certificate template setting based on your own requirements.
4.Especially, we should set the permissions on certificate template Security tag.
If it is a machine certificate template, we should give the machine account or the group including this machine Read and Enroll permissions.
For example:
Here is a Web Server certificate template that I duplicated, I give "Domain Computers" Read and Enroll permissions.
5.Issue certificate template to "Certificate Templates" container.
Hope the information above is helpful.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.