Sorry, I misread your question, I thought it is about CEPEncryption and NDES.
Speaking about your problem it is by design. CEP template list is cached and agent re-fetch it every 8 hours by default. This means that template changes detection on agent can take up to 8hrs. You can try to delete enrollment policy cache on client by deleting the following folders depending on a context:
- user templates
%userprofile%\AppData\Local\Microsoft\Windows\X509Enrollment
- machine templates
%programdata%\Microsoft\Windows\X509Enrollment
then retry enrollment.
Update: you cannot change cache lifetime interval using GPO, because it is CEP server setting. Do the following in order to change cache lifetime interval:
- Log on to CEP server
-
- Launch IIS manager
- Expand "Default Web Site" and select CEP application
-
- in middle pane, press Application Settings button. You will see several settings there.
- Add (if doesn't exist yet) a new setting with name
nextUpdateHours
and specify your value in hours. Keep in mind that you cannot set it to less than 1 hour.