When a user requests a certificate from a certification authority (CA) Web enrollment page, they receive:
No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.
If the Web enrollment pages are in an Active Directory domain on an Enterprise CA server, you will encounter this behavior
if there is a case mismatch between the sServerConfig value in the %systemroot%\System32\Certsrv\Certdat.inc file
and the dnsHostName attribute in the pkiEnrollmentService object at
CN=CertificateServer,CN=Enrollment Services,CN=Public Key Services,CN=Services,CN=Configuration,DC=MyDomain,DC=com
(use ASDIEdit.msc to view the object).
To resolve this issue, edit the %systemroot%\System32\Certsrv\Certdat.inc file and change the sServerConfig value to match the dnsHostName attribute.
NOTE: The user must restart Internet Explorer to allow the new credentials to pass to the CA.