Certificate Autority auto enrollment fails

Question

Hi,

I am running Certificate Authority on the Windows Server 2019 standard.

I have Certificate authority configured and manual mode authentication works fine. I have enabled automatic enrollment using following links but auto enrollment fails. Request sent is sitting there in the "Pending Requests" section.

Links used for configuration are:

https://docs.druva.com/Knowledge_Base/inSync/How_To/How_to_set_up_automatic_certificate_enrollment_in_Active_Directory#:~:text=Go%20to%20User%20Configuration%20%3E%20Windows,Auto%2DEnrollment%20and%20click%20Properties.

https://www.ntweekly.com/2017/12/21/certificate-auto-enrollment-using-group-policy-windows-server-2016-ca/

Let me know if you need any additional data. Thanks in advance.

Answer 1

Hello @DevendraSatbhai-4042 ,

I checked the articles you have shared. I believe you need to check two things.

• Permissions on the template. :- Please check if the requesting user and "Authenticated Users" have enroll permissions on the Template that you have created for auto enrollment.
• Issuance Requirements :- Please check if the Issuance requirements section on the auto enroll template you have created. You must have an option which would say CA certificate manager approval . And if that is checked please uncheck it .

I don't have a CA server right now in my lab but think the above should fix the issue. If the information provided helps , please do accept the post as answer. If the requests still remain in the pending section then I would suggest you to post in the Windows Security forums where community members can help you better as QnA currently support Azure related products mostly. However in the interest of the community, please do update if the above works and even if it does not then I will try to help as far as I can and I would also request you to post in parallel in the Technet forums using the link provided.

Thank you.