Thanks! https://www.mcpvirtualbusinesscard.com/VBCServer/jrose/profile
From: [email protected] To: [email protected] Subject: RE: [mssms] PKI 2012 R2 Date: Thu, 25 Jun 2015 14:27:17 -0500 Per my understanding, the 2008 template is "version 3" and ConfigMgr requires "version 2" which matches the 2003 template. https://technet.microsoft.com/en-us/library/gg699362.aspxWhen you use an enterprise certification authority and certificate templates, do not use the version 3 templates. These certificate templates create certificates that are incompatible with Configuration Manager. Instead, use version 2 templates by using the following instructions:For a CA on Windows Server 2012: On the Compatibility tab of the certificate template properties, specify Windows Server 2003 for the Certification Authority option, and Windows XP / Server 2003 for the Certificate recipient option.For a CA on Windows Server 2008: When you duplicate a certificate template, keep the default selection of Windows Server 2003 Enterprise when you are prompted by the Duplicate Template popup dialog box. Do not select Windows Server 2008, Enterprise Edition. Chad Simmons From: [email protected] [mailto:[email protected]] On Behalf Of Joseph Rose Sent: Thursday, June 25, 2015 2:10 PM To: [email protected] Subject: [mssms] PKI 2012 R2 Anyone know the reasoning behind the computer certificate template needing to be Server 2003 Enterprise versus 2008? Our PKI team made a change to the client authentication template and systems are now failing the cmhttpreadiness tool. I wanted to give them a better reason other than just because. If systems have the 2003 template that's not expired with the 2008 they pass the tool. If they don't have the 2003 or it is expired they fail.
