Look in the Applications and Services Logs / Microsoft / Windows / CertificateServicesClient-Licecycle-User on the client computer. You may have more informations
Issue with certificate renewal via autoenrollment
Hi All,
We have configured Autoenrollment of certificates via GPO to issue the email encryption certificates. But recently we have started observing the issues with renewal of the certificate. When the previously issued certificate is in renewal window we are seeing the certificate getting renewed in CA, but it's not installing on the user machine. Hence, we have to recover the new certificate from CA db and hand over to the users. Since the old certificate reaches renewal window, as part of Microsoft default behavior the old certificate is marked as "archived" and users are not able to send new encrypted email until we provide the PFX file manually.
Could you please help me to identify why the renewed certificate is not installing on the user machines automatically?
Thanks,
Shaan
1 additional answer
Sort by: Most helpful
-
Limitless Technology 39,736 Reputation points
2021-09-23T10:51:08.257+00:00 Hello @Shaan ,
Before you perform this procedure, you must configure a server certificate template by using the Certificate Templates Microsoft Management Console snap-in on a CA that is running AD CS.
Membership in both the Enterprise Admins and the root domain's Domain Admins group is the minimum required to complete this procedure.
Please do check the CertificateServicesClient-Licecycle-User under Service logs for more information and a better understanding
Do have a look at the below link for ideas about Configuring certificate auto-enrollment
---------------------------------------------------------------------------------------------------------
Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )