New Root CA not showing custom certificate template

Question

Hi,

I have just deployed a new enterprise Root CA as we are decomissioning our old PKI and replacing it with this new setup.
Root CA deployment has gone fine, but I'm trying to create and publish a new template on the new root CA and having issues.

I have created the template ok, and my old CA can see it. It's been over 12 hours, but my new CA cannot see it when trying to publish it.

I have restarted the AD CS services, restarted the server, checked the new CA is a member of domain computers which has read and enroll permissions on the template, and I check the "Flags" attribute on the CA is set to 10 via ADSIEdit.

Anyone have any thoughts on what else might cause this template to not show for the new CA?

Thanks
James

Answer 1

Actually my issue was with my management console.

actually, it is how management console works. When you open it, the console loads some data, including templates and cache them. This cache is not updated while the console is opened. It is expected behavior. To force cache reload, you have to navigate to Certificate Templates folder and hit F5 button.

Answer 2

Literally as I posted this, I reopened my CA management console and checked again, and they've all appeared!
Might have taken some time after a restart for this to kick in?

EDIT: Actually my issue was with my management console. After I restarted that, the templates appeared as expected.