An error occurred while obtaining certificate enrollment policy.

Recently I was following: KB5005413: Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS)

After various changes I got to the point where I could not fully disable NTLM on EnterpriseCA server, because I simply could not login to the MSADCA:

Audit NTLM authentication requests within this domain that would be blocked if the security policy Network Security: Restrict NTLM: NTLM authentication in this domain is set to Deny for domain servers or Deny domain accounts to domain servers.

But also the changes caused the error while accessing from mmc/certificates

An error occurred while obtaining certificate enrollment policy.

Url: https://entca.domain.local/ADPolicyProvider_CEP_Kerberos/service.svc/CEP

Error: The remote endpoint could not process the request. 0x803d000f (-2143485937 WS_E_ENDPOINT_FAILURE)

I can click Continue & everything works fine, but would like to understand why the error

Help appreciated

Seb