Hi Guys,

I have a weird issue with a new domain I've setup. I'm using a system that used to be another domain. To limit impact I've torn down the CA server and removed all old certificates, that I could find, before building a new one. I've ran into the error whenever I try to issue a certificate from a user. 

1. Login to a workstation.

2. Open certmgr.msc

3. Right Click Personal and select request new certificate. 

4. Select Active Directory Enrollment Policy and click next. 

I get the following error.

Enrollment error

The data is invalid. 

When I check the event log, I see three errors. The same error, just three times.   

Event 6, CertificateServicesClient -AutoEnrollment

Automatic certificate enrollment for DOMAIN\USER failed (0x8007000d) The data is invalid.

Any ideas what could be causing this?

It's hard for us to say what is causing the issue based on current description. Most likely, it's some remnants from the old CA server that is interfering.
 
To troubleshoot the issue, I would suggest you enable enhanced logging of the autoenrollment process to include warning and informational messages. Then check the additional log entries, and see if anything useful there.
 
This blog post - Troubleshooting autoenrollment might be helpful for you:
 
http://blogs.technet.com/b/instan/archive/2009/12/07/troubleshooting-autoenrollment.aspx
 

Regards,

Eth