0

I deleted the local computer certificate from:

MMC>Certificate>ComputerAccount>Local Computer

To test if my network lab is working and the network authentication fallback on the MAB from the Dot1x.

The good news is that works well, but after running gpupdate /f from an elevated command prompt, the host did not re-enroll for the certificate.

Someone can help me to understand why?

If I manually create a CSR, the certificate is issued successfully.

Greg Askew
  • 36,724
user22482857
  • 1
  • 2
    From an elevated command prompt, run: certutil.exe -pulse. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil – Greg Askew Mar 12 '24 at 14:42
  • Thank you Greg, for you reply. I have tryed the command certutil -pulse but it do not give me back the device cert. I think that is normal, cause when I deleted the cert on the PC personal folder I have also lost its private key. Is it Correct? – user22482857 Mar 13 '24 at 08:48
  • Check the template permissions. What groups/principals have permissions? Enable verbose logging for certificate Auto enrollment, then run certutil pulse again, and check the logs. https://www.gradenegger.eu/en/debug-logging-for-automatic-certificate-application-enable-auto-enrollment/ certutil -setreg Enroll\LogLevel 4 from an elevated command prompt. – Greg Askew Mar 13 '24 at 10:37

0 Answers0