Hi, I'm running a Windows 2008 Domain with a root CA (2008DC). A GPO is configured at root level so every domain member automatically enrolls a computer certificate. While this works fine for all Server (2000-2008R2) and all XP Clients it does not for Windows 7 Enterprise. It seems that those clients simply do not even try to request a certificate automatically. When one opens the certificate snap-in on Windows 7 and requests the computer certificate manually it works fine. (Of course) there is nothing logged in bothe the clients' nor the servers' event log. Ideas? Thanks, Helmut

Is the GPO applied? You may run gpresult /z > %userprofile%\desktop\gpresult.txt and check detail information from the generated file gpresult.txt on Desktop. Additionally I suggest that you change related policy to wait for the network connection when users log in. In Windows 7: 1. Open gpedit.msc.2. Locate to Computer Configuration\Administrative Templates\System\Logon. 3. Open Always wait for the network at computer startup and logon in the right pane. 4. Enable this policy. If it works, you can edit GPO on DC and apply this policy to all client computers.Arthur Xie - MSFT

Hi Helmut I have the same issue. How did you fix it? regards chris

Same thing happening here, any clues? I tried enabling that "Always wait for the network at computer startup and logon" option and it's still not working.