I've stood up a Server 2008 R2 Enterprise CA, and created a duplicate "Smartcard Logon" template.
On the client (whether it's on Win7 or Win8), I success requested and received an Enrollment Agent certificate in my Personal store. The CA certificate is in the Trusted Root and Intermediate CA store, as well as the NTAuth container.
Everything appears to be going well, until I tried to "Enroll on Behalf of" another user for a smartcard logon certificate.
When I selected "Enroll on Behalf of," I was prompted to browse for the Enrollment Agent certificate. When I clicked on Browse, it says that no certificate available, even though, it's in the Personal store. I even requested and received a new Enrollment Agent certificate, but with the same issue.
I'm out of ideas. Any help would be greatly appreciated.
Thank you.