![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 57.99999999999999%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
7,023 questions
Hi there,
Here are some points to check first.
-Check whether the machine has configured certificate auto-enrollment GPO.
-Check whether the certificate template is issued on the CA server.
-Check whether the machine has read, enroll and autoenroll permissions for this certificate template.
If it does not work above, because certificate templates are stored on DCs, not CA server, please check AD replication is working fine by running repadmin /showrepl and repadmin /replsum.
Here is a thread as well which discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.
https://learn.microsoft.com/en-us/answers/questions/84204/computer-certificate-autoenrollment-not-working.html
Troubleshooting SSL related issues (Server Certificate)
https://learn.microsoft.com/en-us/iis/troubleshoot/security-issues/troubleshooting-ssl-related-issues-server-certificate
--------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--