After migrating your CA from 2008 standard to enterprise you still can not publish the SCCM custom certificates
I ran into an issue where a client had an existing CA deployed on a Standard 2008 Server. The client is adding SCCM in Native Mode to their environment. With SCCM native mode, you need to issue customized certificates, which can only be accomplished with an Enterprise server.
The client needs to keep the existing server without losing any functionality or migrating to a new server. Windows 2008 supports an upgrade from standard to enterprise. The upgrade completed however after upgrading from standard to enterprise and creating my custom certificates needed for SCCM native mode, I still could not issue the custom certificates. Here is why.
The issue is related to “Flags” attribute on pkiEnrollmentservice
Open ADSI Edit. Right click the default naming context in ADSI edit and choose settings. You will see the following connection properties dialog box.
Change “Select a well known Naming Context:” to configuration
Scroll down and look at the flags attribute.
The Flags attribute needs to be configured for the Type and OS version of
the CA. Here are the different valid flags settings…
Enterprise CA running on Standard Edition of the Operating System: 2
Enterprise CA running on Enterprise Edition of the Operating System: 10
Standalone CA running on Standard Edition of the Operating System: 5
Standalone CA running on Enterprise Edition of the Operating System: 9
The valid Flags attribute setting for an Enterprise CA running on Enterprise
Edition of the Operating System needs to be equal to 10.
In my case the Flags attribute was set to 2. I changed it to 10.
After you change the attribute, Restart the Cert Services… you will now be able to certificate templates now