How can I remove the field 'include e-mail address from a template' on a Windows Server 2012 R2 CA ?

I am using a Windows Server 2012 R2 subordinate CA in my enterprise.  Some certificates failed which I discovered to be caused by the active template check box "Include e-mail address - Yes".  Simply deleting the issued certificate template, and creating another does not clear the issue.

Creating the file CAPolicy.inf as shown below, followed by a reboot also does not clear the problem.

Signature="$Windows NT$"

Any assistance would be appreciated.  Thank you.
Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
Some certificates template require custom request such as web server template

Some certificate do require that certificate subject to be generated from AD attribute automatically such as user and workstation authentication

Now if you have duplicated templates which do not require automated information from AD such as Web Server and if you force them to supply info from AD, they will get fail most probably

U can check default certificates in CA snap-ins to identify if certificate requires custom information or it will built from AD

Also for those templates where email is required to build certificate subject, email address must exists in user properties or else request will fail
LukeMoAuthor Commented:
the link you provided helped quite a bit.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.