We set up a computer certificate needed for our SCCM environment for https, we created the template, set it for auto enroll, and created a GPO. The certificate deployed fine on all of our clients, and working as expected, except for the ones running Windows XP. Despite them getting the group policy, they are not auto enrolling. When I try to enroll them manually I get the following error:
The Certificate request failed. The Permissions on this certification authority do not allow the current user to enroll for certificates.We are using the SHA1, though I tried to install the kb968730 hotfix anyway, in the security all Domain Computers and Domain Users have read, enroll, and autoenroll rights. Under the compatibility tab of the template the Certification Authority is Windows Server 2003, and Certificate recipient is Windows XP / Server 2003. I am unable figure out while, and I until I do I can't deploy the SCCM client to these computers.