We have just migrated our Enterprise certificate authority servers (Subordinate and Root) from Server 2008 SP2 to 2012 R2. Right now, I'm trying to modify the default validity period for the Subordinate CA template (which you can only do by making a duplicate of the default template.
So far, I've duplicated the template and changed the validity period on it. Then I added these lines to CAPolicy.inf on the Sub CA server and restarted certificate services:
[RequestAttributes]
CertificateTemplate = "MyNewTemplateName"
Then I issued the new template.
Now, when I try to renew the Subordinate certificate via the Certfication Authority snap-in, I am met with the following error:
I've validated that the account I'm using (a domain administrator) has permissions to enroll using this certificate template. Does anyone have any ideas?