I have followed Microsoft Tech Net's instruction on how to set up Certificate Auto Enrollment. I created a template. Then I configured the Enterprise CA. Lastly, I applied the group policy.I also followed the instruction on how to force update on laptopThough when I checked the personal cert folder and other cert folder on laptop, I did not see the cert. I checked the group policy result and the policy was pushed down. When I checked the Enterprise CA, I did not see any issued CA.How did I do wrong? How do I check whether or not I have received an automatic cert?

Hello, First of all, please answer these following questions: 1. Which version of Windows Serve and Windows Operation system the CA server and autoenrollment client are? 2. How it works if you try to request the certificate from the MMC on the client computer? 3. Make sure the certificate that you want to request has the proper subject type (such as computer, user). 4. Please check the following settings on the certificate template and group policy to ensure it can be auto enrolled properly a) The security on the certificate template should be grant proper users or groups the Read, Enroll and Autoenroll permissions to enable it can be Auto enrolled through the Group Policy. b) Clear the option "Do not automatically reenroll if a duplicate certificate exists in active directory" in the General tab of the certificate template. This setting will prevent the autoenroll in some cases. c) Check that the option "Renew expired certificates, update pending certificates, and remove revoked certificates" and "Update the certificates that use certificate templates" are chosen in the Group Policy Autoenrollment settings. Meanwhile, you can enable the verbose Autoenrollment log on the client computer through modifying the registry below: User Autoenrollment: Key path: [HKEY_CURRENT_USER\Software\Microsoft\Cryptography\Autoenrollment] Vaule: AEEventLogLevel DWORD set value to 0. Machine Autoenrollment: Key path: [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Autoenrollment] Vaule: AEEventLogLevel DWORD set value to 0. Then restart the computer to generate Autoenrollment logs. Hope it helps.