Internal CA template changed and autoenrollment stalls

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

Certificate autoenrollment worked before, but a template change caused renewals or new enrollments to stop.

Recommended Resolution Path

  1. Review template permissions, supersedence, and subject name requirements after the change.
  2. Check client autoenrollment logs and the CA issuance queue.
  3. Test one certificate request manually before broad rollback.
  4. Document template changes like code changes because PKI drift is easy to underestimate.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Security & Continuity
Certificates