When you try to enroll for a certificate against an
enterprise certification authority (CA), you may receive one of the following
Your certificate request was denied.
your administrator for further information.
The certification authority denied your request.
This behavior may occur if the certificate enrollment
request is using a recently-created certificate template. When a new template
is added to the CA, the HKEY_CURRENT_USER cache is immediately
updated but the HKEY_LOCAL_MACHINE cache is not
immediately updated. The HKEY_LOCAL_
MACHINE cache is updated in the next 15 minutes if the CA or
the domain controller are on the same computer, and in the next 10 minutes if
the CA or the domain controller are in a distributed configuration.
: If you use Registry Editor incorrectly, you may cause serious
problems that may require you to reinstall your operating system. Microsoft
cannot guarantee that you can solve problems that result from using Registry
Editor incorrectly. Use Registry Editor at your own
To resolve this behavior, if you cannot wait for
the applicable length of time, you can manually update the certificate template
cache. The cache for computer certificates is in
the cache for user certificates is in HKEY_CURRENT_USER.
To force the cache update for a computer certificate request:
- Delete the following registry value from the client:
- Delete the following registry value from the CA:
- Restart the Certificate Services on the CA.
In addition to the preceding error message, the CA logs the
following event message in the program log:
Event Type: Warning
Event Source: CertSvc
Event Category: None
Event ID: 53
Services denied request 4 because the requested certificate template is not
supported by this CA. 0x80094800 (-2146875392). The request was for
information: Denied by Policy Module