Forum Discussion
User Certificate Template by Group Policy
Hi Stefano Colombo,
It appears that you've taken most of the necessary steps for autoenrollment, but there are a few additional checks you can perform:
Certificate Template Schema Version:
Verify the schema version of the certificate template. If you use the "Reenroll All Certificate Holders" option, it changes the template version. After the client updates the Group Policy, the certificate template version on the certificates should match the template's version.Group Policy Configuration:
Double-check the Group Policy settings. In the Group Policy Management Editor, go to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
Enable "Certificate Services Client - Auto-Enrollment," set the Configuration Model to Enabled, and select both "Renew expired certificates, update pending certificates, and remove revoked certificates" and "Update certificates that use certificate templates".Force Group Policy Update:
If the template version changes but not on the certificate, run gpupdate /force or certutil -pulse on the client to trigger an update.Refresh Certificate Store:
Refresh the Certificate Store: Refresh the certificate store on the client.
Computer Certificate autoenrollment not working - Microsoft Q&A
Configure server certificate auto-enrollment | Microsoft Learn
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)