Thank you very much, for me it is working fine with the CertificateMappingMethods 0x1f registry key ond the domain controller. If I manually create a mapping with X509IssuerSerialNumber it is not working for machine accounts but for user accounts it is working. Did you face this issue as well?
I did not encounter an issue with the X509IssuerSerialNumber in the customer environment that I worked on because the change to Domain Controllers that allowed X509IssuerSubject was enabled (because of a different issue).
I looked into how to apply the X509IssuerSerialNumber but gave up at the time because it would require a query to the Enterprise CA to obtain the X509IssuerSerialNumber before writing the value to altSecurityIdentities.
Manually creating a mapping should work for machine accounts if it worked for user accounts.
What system where you attempting to authenticate to? Network Policy Server or something else
Thank you very much, for me it is working fine with the CertificateMappingMethods 0x1f registry key ond the domain controller. If I manually create a mapping with X509IssuerSerialNumber it is not working for machine accounts but for user accounts it is working. Did you face this issue as well?
I did not encounter an issue with the X509IssuerSerialNumber in the customer environment that I worked on because the change to Domain Controllers that allowed X509IssuerSubject was enabled (because of a different issue).
I looked into how to apply the X509IssuerSerialNumber but gave up at the time because it would require a query to the Enterprise CA to obtain the X509IssuerSerialNumber before writing the value to altSecurityIdentities.
Manually creating a mapping should work for machine accounts if it worked for user accounts.
What system where you attempting to authenticate to? Network Policy Server or something else