Share via

Certificate enrollment fails for the smart card template.

Anonymous
2024-02-27T21:25:24+00:00

Hi,

I have set up a certificate template for yubikey(PIV) smart card authentication . The enrollment of the certificate fails with error message:

Certificate enrollment for <DomainName\User> failed in authentication to all urls for enrollment server associated with policy id: {671F4BEC-78C2-4E83-90A5-43DD8DFD933B} (The file name is too long. 0x8007006f (WIN32/HTTP: 111 ERROR_BUFFER_OVERFLOW)). Failed to enroll for template: <TemplateName>

Enabled Win32 long paths both on Windows 11 23H2 Pro Workstation but it made no difference to the error.

Windows Windows Client for IT Pros Identity and access Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-02-28T01:55:51+00:00

    Hello Sam_LI_2024,

    Thank you for posting in Microsoft Community forum.

    How did you enroll certificate for the smart card template?

    Did you enroll it manually via MMC.exe?

    Did you enroll this certificate using the Windows AD CS server?

    It may be the issue with the subject name in the certificate template. You can try to change the subject name in the certificate template and check if it helps.

    Here is a similar thread with the same error message "The file name is too long. 0x8007006f (WIN32/HTTP: 111 ERROR_BUFFER_OVERFLOW)" for your reference.

    The file name is too long. 0x8007006f Error with NDES & SCEP Profile in Intune - Microsoft Community Hub

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Anonymous
    2024-02-28T05:49:10+00:00

    Thanks for the response.

    Yes, trying to enroll manually via MMC as the user logged in has permissions for auto enrollment and autoenroll GPO is applied for the user. Strange thing is, the same certificate template with the subject name worked earlier fine. Its as though some windows update or GPO got pushed thats causing the problem.

    0 comments
  3. Anonymous
    2024-02-28T06:24:35+00:00

    Hello Sam_LI_2024,

    Thank you for your reply.

    Now if you try to change the subject name in the certificate template, can you enroll the certificate successfully?

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  4. Anonymous
    2024-02-28T21:07:29+00:00

    Inspite of changing the Subject name format from DistinguishedName to Common name in the template i still face the same issue

    0 comments
  5. Anonymous
    2024-02-29T06:13:57+00:00

    Hello Sam_LI_2024,

    Good day!

    Based on the description "Strange thing is, the same certificate template with the subject name worked earlier fine", what changes did you make recently?

    Please check if the problem occurs on all the domain users or all the domain machines?

    Best Regards,
    Daisy Zhou

    0 comments