I recently setup an Enterprise Root CA on our Windows Server 2008 x64 Enterprise Active Directory server, which uses the SHA512RSA algorithm, 4096 key character length, and RSA#Microsoft Software Key Storage Provider CPS. I setup a duplicate template of the Workstation Authentication according to the instructions provided with System Center Configuration Manager and I was able to issue certificates to Windows 2008 servers and Vista Ultimate x64/32 clients both manually (through the request wizard, selecting that template) and using auto enrollment.
When I tried to use auto enrollment with XP SP3/Server 2K3 SP2 clients and server the CA successfully issued the certificate and placed it in the Issued store; however the client did not import the certificate to the personal local computer store and instead logged the event id 13 "Failed to enroll for one <certificate template name> certificate (0x80092009). Cannot find the requested object." I checked the certificate Enrollment Requests store, but it was empty.
When I tried to manually request certificates using the wizard on the XP SP3 domain joined clients and Server 2003 SP2 domain joined servers I received the "Certificate request failed. Cannot find the requested object" error message.
I found a hotfix (KB938397) for Windows Server 2003, but that did not resolve this issue for that OS.
What I am doing wrong for XP/2K3 clients and servers?