Domain Policies that Restrict Access
With assistance from your Domain Administrator check the following domain policy settings. These settings need to be viewed on the Domain Controller (rather than the Windows client).
Ensure that the Windows client where the Eggplant Performance controller is installed is able to trust and enroll certificates. This setting is configurable on the Certificate Services Client - Certificate Enrollment Policy pane.
Domain users must be allowed to configure their own set of trusted root certificates. Use the Stores tab to accomplish this configuration change.
Make sure the Allow user trusted root CAs to be used to validate certificates & Allow users to trust peer trust certificates checkboxes are selected. Selecting these checkboxes lets domain users decide which root CA/peer certificates to trust.
The Third-Party Root CAs and Enterprise Root CAs radio button in the Root certificate stores section of the dialog needs to be selected also.
On the Trusted Publishers tab, make sure the Allow administrators and users to manage user's own Trusted Publishers radio button is selected.
The Configuration Model drop down list on the Certificate Services Client - Auto-Enrollment Properties must have Enabled selected
Having validated the above Domain Controller settings you must rename/delete the existing client certificate store (RSA) on the Eggplant Performance controller PC here: %appdata%\Microsoft\Crypto\RSA\
Now you are ready to click the Install/Uninstall proxy certificate button on the Eggplant Performance Proxy Recorder. After selecting this option, you should see the new client certificate store appear on the file system.
If you click the Install/Uninstall proxy certificate button and the certificate does not install automatically, you can export the proxy certificate to the local filesystem and install it manually using the steps shown in Solutions to Certificate Problems.