I'm a bit new to Certificate Services and have run into an odd situation. I enabled the Domain Controller Certificate Template on my CA and only Server 2003 R2 servers are auto-enrolling for that certificate. Is there some other step I'm missing for Server 2008 R2 servers?

Hi cMoLe, Thank you for your post. Your enterprise CA is on Windows 2008 server or Windows 2003 server with CA new installation? I give your these suggestions: 1.Run gpupdate/force to check certificate auto-enrolling or reboot your non-2003 DC 2.Check if exist same certificate template name in your CA, please refer to KB950042 3.Only DC in Domain Controllers group will enroll this certificate 4.Try to request Domain Controller Certificate on one non-2003 DC If there are more inquiries on this issue, please feel free to let us know. Regards, Rick Tan

Hi Rick, Thank you for the reply. My Enterprise Root and Issuing CA is running on Windows Server 2008 R2 Service Pack 1. Regarding your suggestions: 1.) I have run gpupdate /force and have rebooted the non-2003 DCs with no certificate enrollment 2.) I checked out the KB article and have only have the one "Domain Controllers" template active on my CA 3.) All of my DCs are in the "Domain Controllers" container in AD 4.) I will give the last suggestion a try and see how it goes.

Found the answer! Turned out the "Domain Controllers" template is an older template and not compatible with Server 2008. I had to enabled (duplicate) the "Domain Controller Authentication" Template. Once That was done the other servers enrolled as expected!