Domain Controllers no longer automatically renew certificates after configuring “Certificate Services Client – Auto-Enrollment” via GPO
This requires a fairly specific configuration to occur but I didn’t see this documented anywhere so I figured I’d write about it. If you run your own Enterprise Certificate Authority using the Active Directory Certificate Authority and have used the default ‘Domain Controller’ template you may run into this problem. By default, it does not … Read more