I have a multi-domain environment with an Enterprise CA on the primary domain. I configured the Web Server template to include a security entry for the child domain's "Domain Admins" group with the following rights: Read, Write, Enroll.
When I proceed to request a certificate though the Web Server Certificate Wizard, using the send immediately option, it completes without error but no certificate is generated. However, if I browse to the certsrv website I am able to see the Web Server template fine, and I can generate the certificate using this method instead of the Wizard. Also, if I login to the child domain using the primary domains administrator credentials the wizard works as expected.
I don't understand why it is failing and would appretiate any troubleshoot tips.