Quantcast
Channel: Security forum
Viewing all articles
Browse latest Browse all 12072

Certificate auto-enrollment test client fails to re-enroll for a certificate

$
0
0

In a test environment I have a two-tier ADCS PKI hierarchy (offline root and Enterprise subordinate). I successfully configured computer auto-enrollement for a single Windows 7 client by configuring proper security settings on a template I copied in conjunction with establishing Group Policy for 'Certificate Services Client - Auto Enrollment Properties.' The template is a copy of Computer saved as v2 (2003) and the client workstation has read, enroll, and auto-enroll rights. This worked fine - the first time.

Then I decided I wanted to simulate certificate expiry and automatic re-enroll. Because my template was set for a year initially, this is obviously too long to wait for a test. I updated my template to have the certificate expire in only 2 hours. I revoked the old certificate on the CA and deleted it from the local certificate store on the client. However, I can no longer automatically enroll for the cert despite the fact it worked the first time. Certutil -pulse has no effect; rebooting the machine has no effect either. I am completely stuck unable to re-enroll despite having the same Group Policy and security template settings.

What should I do next to resolve?

Thanks for reading this and any/all feedback.





Viewing all articles
Browse latest Browse all 12072

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>