Optional TPM Key Attestation in AD Certificate Services

We have a range of Windows 10 computers in our estate - some with no TPM chip, some with TPM 1.2, and some with TPM 2.0.

I want to configure a certificate template to optionally perform TPM Key Attestation if the client is capable, to enable clients that support TPM Key Attestation to do so whilst we phase out non-capable devices.

AD CS exposes the certificate template option "Required, if client is capable", which is documented as:

Allows users on a device that does not support TPM key attestation to continue enrolling for that certificate. Users who can perform attestation will be distinguished with a special issuance policy OID. Some devices might not be able to perform attestation because of an old TPM that does not support key attestation, or the device not having a TPM at all.

The certificate template is configured as follows:

• Compatibility Settings

  • Certification Authority: Windows Server 2016
  • Certificate recipient: Windows 8.1/Windows Server 2012 R2

• Request Handling

  • Purpose: Signature and encryption
  • Allow private key to be exported: No
  • Archive subject's encryption private key: No

• Cryptography

  • Provider category: Key Storage Provider
  • Algorithm name: RSA
  • Minimum key size: 2048
  • Providers:
    • Microsoft Platform Crypto Provider
    • Microsoft Software Key Storage Provider
  • Request hash: SHA1

• Key Attestation

  • Required, if client is capable
  • Perform attestation based on:
    • User credentials
  • Perform attestation only (do not include issuance policies)

When enrolling for this certificate template on a computer without a TPM chip, the request fails with error:

An error occurred while enrolling for a certificate. A certificate request could not be created.

Url: ad1.corp.contoso.com\Contoso Root CA

Error: One or more arguments are not correct. 0x800700a0 (WIN32/HTTP: 160 ERROR_BAD_ARGUMENTS)

If Key Attestation is turned off (Required, if client is capable > None), the enrollment succeeds. The PKI is otherwise healthy (CDP/AIA accessible, CRLs valid etc), and there is no block on Issuance Policy issuance (e.g. 'Endorsement Key Certificate Verified' can be manually issued into a certificate).

Debug data for the CA is available here: https://pastebin.com/Tu5QiJeY.

Debug data for the client is available here: https://pastebin.com/YTErH9bh