Hello
i've setup a PKI with offline Root and online intermediate under Windows 2012.
I deployed certificates to Active directory using
dspublish /RootCA
dspublish /NTauth and SubCA for intermediate
When i activate Auto enrollment or MMC Enrollment for Windows 7 Client the two certificates appear under Intermediate Certificate Authorities but the root certificate is not listed under the Root Certificate Authorities store. Client receives User Cert but because of the missing Root Cert it is untrusted.
I tried to put the root cert in my Autoenroll GPO but this has no effect. Pkiview Status is OK for my Root Cert
I already followed this Troubleshooting Guide without any result
http://blogs.technet.com/b/askds/archive/2007/11/06/how-to-troubleshoot-certificate-enrollment-in-the-mmc-certificate-snap-in.aspx
I could provide link with my certs if this would help?
I've seen one question where this appeared due to wrong signature, but I'm using sha1 so this should not be an issue.