Trouble creating SAN certificate with Internal CA

This is on WSE 2016.

I've created a Certificate Template called 'SAN Web Server.'

Per this advice, on its properties sheet I've specified Supply in the request on the Subject Name tab. However, the template still isn't available on the enrollment page:

So I thought I'd go about it another way—through MMC.

I added the Certificates snap-in, and tried to request a certificate:

The new template doesn't show here either, so I tried to Add New:

When I try to validate the server, I get an error:

Error: The connection with the server was terminated abnormally 0x80072efe (WinHttp: 12030 ERROR_WINHTTP_CONNECTION_ERROR)

This error manifests under both Windows Integration and Username/password authentications, as well as when run on both the server and the workstation on which the certificate will be installed. I've run MMC under the context of the domain admin, and also the workstation's local machine admin.

I think I'm out of tricks.

How can I get at that new 'SAN Web Server' template?

The solution to the enrollment page problem is here:

The user logged into the certsrv site needs to have both Read and Enroll permissions on the certificate template. If they don't, it won't show up in the list of available templates.

The solution to the server disconnection problem is here:

5. Then on the Select Certificate Enrollment Policy page, select Active Directory Enrollment Policy.

I was trying to add a template to the policy list. Wrong context.

You also have to make sure when requesting the cert that you've selected Computer account, not My user account or Service account (Step 2). Otherwise the template(s) you need won't be displayed.