Once configured, a Windows certificate template may not enroll or autoenroll devices. See below for the possible causes and the corresponding solution.
Missing Group Policy Object
The Group Policy Object to enable Autoenrollment may not have been created, or may not have been linked to the various domains in the Windows Active Directory forest.
Issue resolution: Configure a Group Policy Object as explained below.
- Enabling autoenrollment for users
- Enabling autoenrollment for devices
- Linking the WSTEP Group Policy Object to all domains
Missing permissions
The user or group facing may not have permission to enroll or autoenroll.
Issue resolution: Select the Security to select the users and groups with permission to enroll and autoenroll.