Hello I cannot request computer certificate from WinXP and W2K3 machines. When i start a wizard from mmc i get error: "The certificate authority selected does not issue certificates based on certificate templates". Also tried to make autoenrollment policy but it's doesn't work either. User and web certficates works fine. Vista/Win7/W2K8 clients works but WinXP/W2K3 does not. PKI is two level hierarchy with offline root CA. Root CA is W2K8 Enterprise and issuing CA is W2K3 Enterprise. Rgrds Jarkko

Hi, Please ensure that the computer account has Read and Enroll permission on the certificate template. Meanwhile, please check if you can ping (certutil -ping) the issuing CA with the computer credential. In addition, you may Create a Custom Certificate Request (http://technet.microsoft.com/en-us/library/cc730929.aspx), and submit the request to the issuing CA and check the result. If the issue persists, please enable the certificate logging by running the command certutil -setreg enroll\debug 0xffffffe3 on the client computer, reproduce the issue and check the cert*.log to see if there is more useful information.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.