I am using a Windows Server 2012 R2 subordinate CA in my enterprise. Some certificates failed which I discovered to be caused by the active template check box "Include e-mail address - Yes". Simply deleting the issued certificate template, and creating another does not clear the issue.
Creating the file CAPolicy.inf as shown below, followed by a reboot also does not clear the problem.
Any assistance would be appreciated. Thank you.