Windows Server 2008 R2 CA not issuing more than 2 years

I have active directory environment in 2003 R2. I have installed 2008 R2 Enterprise Edition CA. Then I have created custom template from web server template and add expiry date as 15 years. my root certificate is valid for 25 years. Then I went to templates and and remove the default web server template and added the newly created template. Then I tried to request a certificate through IIS in another server in domain. But it is not issuing the certificate. When I check it in the CA fail certificate, the error occurred.

Denied by policy module 0x80094800 the request was for a certificate template that is not supported by Active Directory certificate service policy: webserver

I have tried certutil -setreg CA\ValidityPeriodUnits 21 It is not working.

When I remove the custom template and added the Web server template it issues only 2 year valid certificate.

Please help.

IIRC, the IIS MMC is hard coded to always request the template with the name "webserver". Your custom template does not have this name, I think re-using that name for a custom template is not even possible. After you've removed it, the "not found" error is incorrectly reported as "access denied".

To use your custom template, you'll need to use the browser interface to the CA, and select your template there.