Hi
I'm trying to deploy user certificate auto enrollment with Win7 and Xp computers.
I'm using a 2008 R2 intermediate enterprise CA, have created both templates and autoenrollment GPO and all is working almost fine :
On win7, autoenrollment works fine after winlogin. When I delete the user certificate from the store (mmc), and run a gpupdate, a new certificate is automatically delivered (I allow several certificates per user)
On WinXP, it seems that autoenrollment works when user first logs in (I'm not sure of that I was able to test on 2 computers only), but after certificate deletion and gpupdate /force (or new session login), no request is done from the computer (no autoenrollment logs in event viewer and no request seen on the CA, even after 10 minutes)
I've read that gpupdate or new login should trigger autoenrollment process when no certificate is present in the user store but It seems that's not true for XP users
I've although read about an internal timer for autoenrollment to occurs, maybe this timer is used prior to gpupdate ?
I didn't try to delete AEDirectoryCache registry entry, It seems to be related to third party root ca or cross certificate, not for auto enrolled user certificates
Thanks for your help