Staring a new thread on this issue...
I've got Onboard configured as an intermediate CA to ADCS. When devices go through the Onboarding process, a certificate is created in ADCS, and it also shows up in the Onboard certificate list.
However, the certificate is not installed in the client machine.
Upon inspection of the certificate, I see that it does not contain the private key. :-(
From experimenting, I've noticed that Windows won't install a certificate in the Personal store, unless it's got a private key.
Is there any setting in Clearpass that affects the certificate request that is sent to ADCS?
I realize that this could certainly be a Windows CA configuration issue, but has anyone else seen this? I've used the User template, and also created a new one. The template has 'Allow private key to be exported' checked.
Thanks.