So I am trying to do a enroll on behalf via my cert.mmc I have a valid Enroll User Agent cert which is a duplicate of the built in cert template. It is in my personal store and is valid on my Windows 7 Pro Box. When I click and do a Enroll on Behalf of request, I get to the point where it asks for the Enroll Agent Cert. When I click browser no cert shows up, What am I missing? I have check permissions on the CA, they look good. CA is a Windows 2k8 R2. In looking in the threads, I see others with the same problem, but no solution? Anyone?

It sounds like an issue with one of two certificate templates: 1) The enrollment agent certificate template that you created. Make sure that the Application Policy is set to Certificate Request Agent. 2) The smart card cert that you are requesting must have an issuance requirement that the certificate is signed by a certificate with an Application Policy= Certificate Request Agent. Brian

Hi, As this thread has been quiet for a while, we will mark it as Answered as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. BTW, wed love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts. Best Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.