Hi,
I´m having hard time to find a solution to my problem. First of all a bit background description to get the bigger picture about what I´m doing.
I have 3 Domain Controllers: 2x Windows Server 2003R2 SP2 (AD1, AD2) and 1x Windows Server 2012 (AD3). PDC and all FSMO roles are at Windows Server 2003R2. The migration proccess to Server 2012 is my next mission after getting PKI to work.
I have 3 CA Servers: (Offline Root CA - non-domain; Issuing CA - domain, Revocation CA/OCSP - domain). All Server 2012.
The problem is that autoenroll for computer and user is turned on and from rsop I can see that GPO is working. But what is happening is when I use gpupdate /force (or restart) then no Certificate is requested. At the same time when I´m using mmc and request certificate manually then everything is working and certificate is requested. I have tried to turn off all the firewalls from all the computers. I can´t see any denial from Cisco firewall so all the traffic is allowed. From client computer I have tried certutil -pulse but no use. Event viewer is showing me:
Certificate enrollment for DOMAIN\user is successfully authenticated by policy server EVENT ID 65
Certificate enrollment for DOMAIN\user successfully load policy from policy server EVENT ID 64
I have done the same thing and policy in many organisations and everything is working like a charm. Now I don´t undestand what is wrong or what am I missing. Is there anything I can do to monitor what is wrong.
Any help would be appriciated,
Taavi