The prescribed method of Template publication especially when your pki servers are all in the same domain is to publish your templates to Active Directory. The Msft pki client request tool by default will display the list that is published to AD. Even when you attempt to manage templates in the pki manager tool, it will pull up the list of templates published to AD.
Well that all works fine when you are using the Msft certificate request tool like the certweb client of when you create a cert request via IIS or via the computer local cert manager, this is the default design of the Msft pki system. What about when you have a 3rd party tool as the cert request tool? Some cert tools are designed as AD aware and will query via dotnet for the AD published cert tool, but some of them are made generic and will simply pull the Template list that is local to the CA. So, if I do not have the same local cert templates on my CAs the template I see depends on what CA my request tool is pointing to.
Make Templates local
If you have TemplateA issues on CA1 and you want TemplateA available on CA2 then you
- Publish TemplateA to AD. Open CA manager, right click on Certificate Templates, go to manage Templates, select the templateA, general tab and select Publish to Active Directory. Click apply.
- Allow time for AD replication.
- Go to CA2. Open the CA manager, right click on Certificate Templates, select certificate to issue, it will show the list of AD published Templates, select TemplateA and click ok
tlktechidentitythoughts 