I have a problem setting up the Microsoft Online Certificate Status Protocol responder. In the MMC > Online Responder Configuration snap-in, I choose Add Revocation Configuration. In this wizard, I select "Existing Enterprise CA", then browse for my enterprise issuing CA, which is found. On the next page of the wizard, for the OCSP signing cert, I select "Automatically select signing certificate" and "Auto-enroll" and then browse to the same issuing CA as before, which is found. I then get this pop-up error:
A template required to obtain an OCSP signing certificate could not be retrieved. .... Element not found. Exception from HRESULT: 0x80070490.
I DID configure the OCSP signing template in my issuing CA. And, if I go into the Certificates snap-in and choose "Request a new certificate" on the OCSP responder machine, I see that template and I am able to successfully request a certificate and have it issued by the auto-enrollment mechanism.
So, what am I missing? Why is the Responder Configuration wizard unable to fetch the template?
BTW, this is a test setup - I am trying to put together a step-by-step procedure to configure a new PKI infrastructure for my organization and I'm on my third run-through. On the first two passes this was working. (But every time wipe out everything and start over, so I missed a step or changed something this time.)
The OCSP responder is running on Win2012R2 Std, the issuing CA is on Win2016 Std, and all the other machines in the test network are running Win2012R2 Std.