Sub-CA Machine Cert Expired

Question

Computer names are fictitious.
We have our own PKI infastructure.
CA-ROOT is the offline root CA on Server 2019
Sub_CA is the online subordinate CA on Server 2019 as a domain member server. Seems the machine cert on this subordinate CA computer has expired and I'm attempting to renew it. The cert was originally issued by the Sub-CA. On the Sub-CA from Powershell I issue the command:

certreq -enroll -machine -q -PolicyServer * -cert <cert serial number here> renew

But I get the error:
Certificate Request Processor: An enrollment policy server cannot be located. 0x80094015 (-2146877419 CERTSRV_E_NO_POLICY_SERVER)
I am assuming a policy server needs to be installed. Where to begin? Can someone direct me to a starting point please?

Answer 1

I think, you need to remove that -PolicyServer * part, because you are most likely using default LDAP provider which doesn't require any specific parameters.

Answer 2

Thanks for the feedback. Turns out, since this isn't something I do every day, I apparently experienced a brain dump. First, can't renew an expired cert that is past the grace period as this one was. Next, to get a new certificate is was just a matter of opening certlm.msc then right-clicking the personal container, select All Tasks - Request New Certificate. Then click NEXT, select AD Enrollment Policy and Next. Select Computer, click the Enroll button, and I was done. I hate that when I find the solution 10 minutes after posting the question. :)