Did you ever have a machine that just won't pull down the Computer certificate? You do everything you can think of and it just doesn't work. When you do a run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert. You might see this error
The certificate request failed because of one of the following conditions:-The request required an exchange certificate from a Certification Authority (CA) that is not started.-You do not have the permissions to request certificates from the available CAs.
if so then you might need to add the EnableDCOM entry to the machine with a value of Y
The EnableDCOM registry entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
then restart the machine and wait for GPO to pull down the cert. The client should now be happy again.
http://support.microsoft.com/kb/929494
See this other post on Certificate errors
http://sms-hints-tricks.blogspot.com/2008/02/sccm-client-certificate-problems.html
