802.1x Machine Certs not renewing automatically or manually

New Contributor II


We have been using a configuration profile for the last year to connect our domain bound Macs to our wireless. These certs are now expiring and we are unable to get the certs to renew. I have had users try the Update button to renew manually and we receive this message

I have also tested using a policy to push this change to the mdmclient plist but that does not work, I can only guess that it is also failing the same as trying to manually renew. Note I only pushed this change to one machine to test so others that are failing manually do not have this change applied, I only say that because there is a note on this page that indicates manual renew is not possible when auto renew is setup. https://support.apple.com/en-us/HT204836

We are a little stumped. We have engaged Microsoft and they are putting back in my court stating that it is something that needs to be looked at on the Mac. I do not know what else I can change on the Mac to allow these to renew. I did ask our AD admins to look at the template that is used for the machine cert, but have not heard back. Looking here for some possible guidance, I feel like this may be a common occurrence with 802.1x and possible ISE wireless enterprise setups.