This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Autoenrollment of Computer Certificates failed

Question
0

Sign in to vote
Hi,

I have a Server 2012 R2 DC and a Server 2012 Enterprise CA.

When I set up an autoenrollment policy (Certificate Services Client - Auto-Enrollment), publish the computer certificate template and grant "Domain Computers" "read" and "autoenroll" rights - everything is working fine!

When I grant these rights to a custom Computer Group that contains certain Computer accounts - these Clients do not receive the certificates.

Any help appreciated!
- Moved by Mihaela ParedesMicrosoft contingent staff Friday, July 24, 2015 12:46 PM
Sunday, July 5, 2015 9:22 AM

Answers

0

Sign in to vote
Hi,

Pleae make sure that the auto enrollment policy has been applied to the computer properly.

To check the policy applied on the computer, please run the command below:

gpresult /h C:\report.html

Note: This procedure needs the privilege of domain administrator.

Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Steven_Lee0510 Thursday, August 6, 2015 9:06 AM
- Marked as answer by Steven_Lee0510 Thursday, August 6, 2015 2:29 PM
Wednesday, July 29, 2015 9:14 AM

All replies

1

Sign in to vote

Hi,

Am 05.07.2015 11:22, schrieb STEF_XX:

> When I grant these rights to a custom Computer Group that contains

> certain Computer accounts - these Clients do not receive the certificates.

du hast die Computer neugestartet, damit sie auch in der Gruppe sind?

Tschö

Mark

--

Mark Heitbrink - MVP Windows Server - Group Policy

Homepage: http://www.gruppenrichtlinien.de - deutsch

GPO Tool: http://www.reg2xml.com - Registry Export File Converter

Monday, July 6, 2015 8:37 AM
0

Sign in to vote
Hi,

Pleae make sure that the auto enrollment policy has been applied to the computer properly.

To check the policy applied on the computer, please run the command below:

gpresult /h C:\report.html

Note: This procedure needs the privilege of domain administrator.

Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.
- Proposed as answer by Steven_Lee0510 Thursday, August 6, 2015 9:06 AM
- Marked as answer by Steven_Lee0510 Thursday, August 6, 2015 2:29 PM
Wednesday, July 29, 2015 9:14 AM