Error 0x803d0013 (-2143485933 WS_W_ENDPOINT_FAULT_RECEIVED)

I've setup and configured the Root CA (offline), Subordinate CA, CEP, CES servers in my network.

I configured AD GPO to deploy the certificates and any domain computer works fine.

When I try this on a non-domain computer, I'm able to request a cert from workstation, issue the cert from the Subordinate CA, Receive the cert on the workstation.

Now when I go into my non-domain workstation and run gpedit, then go to Computer Configuration --> Windows Settings --> Security Settings --> Public Key Policies and edit the following:

1. Certificate Services Client - Auto Enrollment = Enabled and both checkboxes are checked.

2. Certificate Services Client - Certificate Enrollment Policy = Enabled, Click ADD, enter my "enter enrollment policy server URI", change Authenticate type = X.509.Certificate and click on Validate Server I receive the following error.

LOGS

CEP Server Logs

Security -

(I checked WebServices log and it's blank)

( I checked the EnrollmentWebService log and it's blank)

(I checked the EnrollmentPolicyWebService log and no errors, I have a EventID of 7, 1, 21

from bottom to top)

(Scroll down to see the other logs - Subordinate CA Event Viewer (System), CEP Server IIS LOG & netlogon.log)

CEP SERVER SECURITY LOG

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/6/2014 1:46:17 PM
Event ID:      4625
Task Category: Logon
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      aCS-SubCEP.avery.com
Description:
An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		
	Account Domain:		

Failure Information:
	Failure Reason:		An Error occured during Logon.
	Status:			0xC000006D
	Sub Status:		0x0

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Schannel
	Authentication Package:	Schannel
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /><EventID>4625</EventID><Version>0</Version><Level>0</Level><Task>12544</Task><Opcode>0</Opcode><Keywords>0x8010000000000000</Keywords><TimeCreated SystemTime="2014-10-06T18:46:17.382259400Z" /><EventRecordID>10499</EventRecordID><Correlation /><Execution ProcessID="524" ThreadID="1816" /><Channel>Security</Channel><Computer>aCS-SubCEP.avery.com</Computer><Security /></System><EventData><Data Name="SubjectUserSid">S-1-0-0</Data><Data Name="SubjectUserName">-</Data><Data Name="SubjectDomainName">-</Data><Data Name="SubjectLogonId">0x0</Data><Data Name="TargetUserSid">S-1-0-0</Data><Data Name="TargetUserName"></Data><Data Name="TargetDomainName"></Data><Data Name="Status">0xc000006d</Data><Data Name="FailureReason">%%2304</Data><Data Name="SubStatus">0x0</Data><Data Name="LogonType">3</Data><Data Name="LogonProcessName">Schannel</Data><Data Name="AuthenticationPackageName">Schannel</Data><Data Name="WorkstationName">-</Data><Data Name="TransmittedServices">-</Data><Data Name="LmPackageName">-</Data><Data Name="KeyLength">0</Data><Data Name="ProcessId">0x0</Data><Data Name="ProcessName">-</Data><Data Name="IpAddress">-</Data><Data Name="IpPort">-</Data></EventData></Event>CEP SERVER IIS LOG

#Software: Microsoft Internet Information Services 8.5
#Version: 1.0
#Date: 2014-10-06 18:46:18
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2014-10-06 18:46:18 10.0.0.7 POST /KeyBasedRenewal_ADPolicyProvider_CEP_Certificate/service.svc/CEP - 443 - 10.0.0.55 MS-WebServices/1.0 - 500 0 0 2107


CEP SERVER NETLOGON.LOG

10/06 13:35:19 [MISC] [1152] DsGetDcName function called: client PID=2744, Dom:AVERY Acct:(null) Flags: WRITABLE LDAPONLY RET_DNS 
10/06 13:35:19 [MISC] [1152] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c07ffff1
10/06 13:35:19 [MISC] [1152] NetpDcGetName: avery.com. using cached information ( NlDcCacheEntry = 0x000000D14064E6C0 )
10/06 13:35:19 [MISC] [1152] DsGetDcName: results as follows: DCName:\\aDC-01.avery.com DCAddress:\\10.0.0.4 DCAddrType:0x1 DomainName:avery.com DnsForestName:avery.com Flags:0xe000f1fd DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
10/06 13:35:19 [MISC] [1152] DsGetDcName function returns 0 (client PID=2744): Dom:AVERY Acct:(null) Flags: WRITABLE LDAPONLY RET_DNS 
10/06 13:35:22 [MISC] [4052] DsGetDcName function called: client PID=2744, Dom:(null) Acct:(null) Flags: DSP 
10/06 13:35:22 [MISC] [4052] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c07ffff1
10/06 13:35:22 [MISC] [4052] NetpDcGetName: avery.com. using cached information ( NlDcCacheEntry = 0x000000D140611D50 )
10/06 13:35:22 [MISC] [4052] DsGetDcName: results as follows: DCName:\\aDC-01.avery.com DCAddress:\\10.0.0.4 DCAddrType:0x1 DomainName:avery.com DnsForestName:avery.com Flags:0xe000f1fd DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
10/06 13:35:22 [MISC] [4052] DsGetDcName function returns 0 (client PID=2744): Dom:(null) Acct:(null) Flags: DSP 
10/06 13:35:22 [MISC] [4052] DsGetDcName function called: client PID=2744, Dom:avery.com Acct:(null) Flags: LDAPONLY RET_DNS 
10/06 13:35:22 [MISC] [4052] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c07ffff1
10/06 13:35:22 [MISC] [4052] NetpDcGetName: avery.com using cached information ( NlDcCacheEntry = 0x000000D14064E6C0 )
10/06 13:35:22 [MISC] [4052] DsGetDcName: results as follows: DCName:\\aDC-01.avery.com DCAddress:\\10.0.0.4 DCAddrType:0x1 DomainName:avery.com DnsForestName:avery.com Flags:0xe000f1fd DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
10/06 13:35:22 [MISC] [4052] DsGetDcName function returns 0 (client PID=2744): Dom:avery.com Acct:(null) Flags: LDAPONLY RET_DNS 
10/06 13:37:21 [MISC] [4052] DsGetDcName function called: client PID=916, Dom:(null) Acct:(null) Flags: DS BACKGROUND 
10/06 13:37:21 [MISC] [4052] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c07ffff1
10/06 13:37:21 [MISC] [4052] NetpDcGetName: avery.com. using cached information ( NlDcCacheEntry = 0x000000D140611D50 )
10/06 13:37:21 [MISC] [4052] DsGetDcName: results as follows: DCName:\\aDC-01.avery.com DCAddress:\\10.0.0.4 
DCAddrType:0x1 DomainName:avery.com DnsForestName:avery.com Flags:0xe000f1fd DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
10/06 13:37:21 [MISC] [4052] DsGetDcName function returns 0 (client PID=916): Dom:(null) Acct:(null) Flags: DS BACKGROUND 
10/06 13:46:17 [LOGON] [1816] SamLogon: Generic logon of AVERY\(null) from (null) Package:Microsoft Unified Security Protocol Provider Entered
10/06 13:46:17 [CRITICAL] [1816] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc000006d)
10/06 13:46:17 [LOGON] [1816] SamLogon: Generic logon of AVERY\(null) from (null) Package:Microsoft Unified Security Protocol Provider Returns 0xC000006D
10/06 13:49:17 [SESSION] [908] AVERY: NlTimeoutApiClientSession: Unbind from server \\aDC-01.avery.com (TCP) 1.
10/06 13:52:21 [MISC] [1152] DsGetDcName function called: client PID=916, Dom:(null) Acct:(null) Flags: DS BACKGROUND 
10/06 13:52:21 [MISC] [1152] NetpDcInitializeContext: DSGETDC_VALID_FLAGS is c07ffff1
10/06 13:52:21 [MISC] [1152] NetpDcGetName: avery.com. using cached information ( NlDcCacheEntry = 0x000000D140611D50 )
10/06 13:52:21 [MISC] [1152] DsGetDcName: results as follows: DCName:\\aDC-01.avery.com DCAddress:\\10.0.0.4 
DCAddrType:0x1 DomainName:avery.com DnsForestName:avery.com Flags:0xe000f1fd DcSiteName:Default-First-Site-Name ClientSiteName:Default-First-Site-Name
10/06 13:52:21 [MISC] [1152] DsGetDcName function returns 0 (client PID=916): Dom:(null) Acct:(null) Flags: DS BACKGROUND 


SUBORDINATE SERVER SYSTEM LOG - I opened COMEXP.MSC and went to MY Computer --> COM+ Applications and opened
properties for each application and items under components folder to see if I can find any that match the 
CLSID noted below. I didn't find anything that matched.

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          10/6/2014 11:42:00 AM
Event ID:      10016
Task Category: None
Level:         Error
Keywords:      Classic
User:          AVERY\javery
Computer:      aCS-Sub.avery.com
Description:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{D99E6E73-FC88-11D0-B498-00A0C90312F3}
 and APPID 
{D99E6E74-FC88-11D0-B498-00A0C90312F3}
 to the user AVERY\javery SID (S-1-5-21-605827772-1375378742-1711929076-500) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /><EventID Qualifiers="0">10016</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8080000000000000</Keywords><TimeCreated SystemTime="2014-10-06T16:42:00.377207800Z" /><EventRecordID>4348</EventRecordID><Correlation /><Execution ProcessID="604" ThreadID="1644" /><Channel>System</Channel><Computer>aCS-Sub.avery.com</Computer><Security UserID="S-1-5-21-605827772-1375378742-1711929076-500" /></System><EventData><Data Name="param1">application-specific</Data><Data Name="param2">Local</Data><Data Name="param3">Launch</Data><Data Name="param4">{D99E6E73-FC88-11D0-B498-00A0C90312F3}</Data><Data Name="param5">{D99E6E74-FC88-11D0-B498-00A0C90312F3}</Data><Data Name="param6">AVERY</Data><Data Name="param7">javery</Data><Data Name="param8">S-1-5-21-605827772-1375378742-1711929076-500</Data><Data Name="param9">LocalHost (Using LRPC)</Data><Data Name="param10">Unavailable</Data><Data Name="param11">Unavailable</Data></EventData></Event>