Hello,I originally posted this issue here: http://social.technet.microsoft.com/Forums/en-US/configmgribcm/thread/4596692a-4aa0-4e46-9bd8-2494d2523ed1but Iwas referenced to this forum because the issue was outside of Configuration Manager.Part of Configuration Manager's native mode setup requires that all clients have their own computer certificate. I set up a Group Policy Object that would tell client computers to request aComputer certificate from my Enterprise CA for this. However, the certificate never gets requested. Group Policy is working fine - I've tested it numerous times, and I've tried making a new GPO with no luck. Any ideas?Thanks,

How did you install your Enterprise CA? And how did configure autoenrollement of computer certificates? Certifications: MCSA 2003 MCSE 2003

Everything is explained in the link I posted - butI installed it through Add/Remove Windows Features. The autoenrollment was configured through Group Policy management.

Hi, Please help to clarify the following questions for research. 1. How many Automatic Certificate Requests did you configure in one GPO? There can only be one certificate request for each certificate type per GPO. 2. On CA, open CA console, could you find any failed Requests of computer template? 3. On clients, Make sure you have restarted them and wait for some time before logon. Check Event Viewer->Application, find any event related to AutoEnrollment and certificates, please let us know the detailed error message. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

1 - Only one.2 - There are no Failed Requests. The only Issued Certs are from the Configuration Manager server, and one computer cert that installed when I manually requested the cert on a client.3 - I have waited a while, I've left one of them on for one day. There are no errors in the Event Log.Thanks.

Hi, It seems the "Automatic Certificate Request" didnt try to request certificate. Lets test in Clean Boot to check if any third party software affects it. Enable Userenv log on problematic clients. Use Registry Editor to add or to modify the following registry entry: Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Entry: UserEnvDebugLevel Type: REG_DWORD Value data: 0x00030002 (Hexadecimal) ========================= a. Click Start, type "msconfig", press Enter. b.Switch to Services tab, click Hide all Microsoft services, click Disable all. c. Switch to Startup tab, click Disable All. Click OK to restart. Is there any progress? If the issue persists, find %Systemroot%\Debug\UserMode\Userenv.log file, ZIP it and use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the file and then give us the download address. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

Also, if there is no Windows 2000 system, you may also try to configure Certificate Autoenrollment. For more information, please refer to the following article and follow the steps to enable autoenrollment. Certificate Autoenrollment in Windows Server 2003 http://technet.microsoft.com/en-us/library/cc778954(WS.10).aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

I tried your second option's link with no luck. I will attempt Userenv now.

I noticed that when I changed the settings for Group Policy in that second link, a reboot was required and then the policy worked. Thanks so much!