Autoenrollment succeeds for users but not computers

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

User certificates issue correctly, but domain computers never enroll for the expected machine certificate.

Recommended Resolution Path

  1. Compare template permissions and autoenrollment policy scope for computers versus users.
  2. Check whether the machine template supersedence or subject requirements are unmet.
  3. Review client autoenrollment event logs on an affected computer.
  4. If one OU is affected, inspect GPO scope before blaming the CA.

Technician Notes

Capture the exact scope of impact, confirm which dependency failed first, and document whether the issue reflects broader domain or server drift.

Subjects
Servers & Infrastructure
Certificate Services