I've built PKI's many times yet this organization's results have me puzzled. Offline Root 2008 R2 Standard 2xEnterprise Subordinate CA's 2008 R2 Enterprise
Installed services, all is good. When I go to add v2, v3 templates they aren't available so I google and discover that in AD Sites & Services under PKI Enrollment Services if I open the properties for either of the enterprise CA's and go to attributes the flags is set to 2. 2 represents an enterprise CA running on Std ed windows (http://sccmguy.com/2011/01/05/after-migrating-your-ca-from-2008-standard-to-enterprise-you-still-can-not-publish-the-sccm-custom-certificates/)
If I change the value to 10 and restart, I can add templates but autoenrollment is not working and I'm getting errors on the CA's to this effect: "The "Windows default" Policy Module logged the following warning: The CAExchange Certificate Template could not be loaded. This function is not supported on this system. 0x80070078"
Same for Computer-2008 and other templates I've created. Autoenrollment is setup correctly in GPO and permissions are good on the templates. Again - done this before so I know those items are ok.
I've backed up one of the Enterprise CA's and uninstalled the role then reinstalled and restored only to come up with the same.
