Share via

Certificate Services Lifecycle Notifications GPO not working?

Rob Mulder 136 Reputation points
2022-12-16T07:58:44.363+00:00

14250.certificate-services-lifecycle-notifications.aspx

Configured a GPO for Computer and User:
271268-gpo-settings.jpg

BUT, if I review the settings the configured policies are NOT showing in the computer settings:
271247-gpo-viewcomputersettings.jpg

HOWEVER, I do see them under user settings:
271304-gpo-viewusersettings.jpg

Same for Group Policy Results and the Local Policies on a server with that policy!

Tested in on 3 different domains.

What is going on here?

Windows for business | Windows Server | User experience | Other
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rob Mulder 136 Reputation points
    2022-12-16T09:30:11.477+00:00

    I found the registry keys, so I can confirm that the percentage setting is enrolled to the servers.
    HKLM and HKCU registry hives: SOFTWARE\Policies\Microsoft\Cryptography\AutoEnrollment\
    Keys: OfflineExpirationPercent, OfflineExpirationStoreNames=MY and AEPolicy=7

    So, why do I get event ID 1003 when certificates are on 50% lifetime?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.