We have setup autoenrollment for a computer certificate and see client machines (servers and workstations regardless of OS - XP,2K3,2K8,W7,W8,W12) enrolling the certificate but doing so multiple times every day. Some systems do it every 8 hours while on others the times are erratic but nonetheless they are re-requesting the same certificate. We have checked GPO to ensure settings are correct and on a few of them checked the RSA\MachineKeys folder security settings are the default.
We have 3 forests(merge) with 2way trusts and the CA resides in the resource forest. The resource forest and one of the others work without issue but on this one forest we see the multiple enrollment issue.
What I am basically looking for is if there is any additional debug logging that can tell us why it keeps re-requesting the certificate. BTW it gets the certificate successfully so each machine's store has the multiple computer certificate. It is more as if the system does not register that it has successfully enrolled the certificate.
thanks for any advice!