Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy

We’re currently deploying Lync 2010 and needed to provision some certificates for the Edge server from our internal PKI environment. The Lync certificate wizard was used to generate the request and when it was submitted to the CA we got this error:

“Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Certificate Services policy.”

We use a custom template based on the default WebServer template shipped with Windows Server. The template “friendly name” contained spaces such as “Contoso – Web Server” however the “short name” removes these and is referenced as “ContosoWebServer”.

During the certificate request process in Lync Server 2010 you can specify an alternate template to use for the certificate. During this process we had specified the friendly name and not the short name which resulted in the error.

Once we changed the Lync Server 2010 certificate request template name in the wizard to the short name, the CA issued the certificate without issue.