Few things, RIM support told me the template I was using was wrong and I changed the regkey HKLM\Software\Microsoft\Crytography\MSCEP and changed the values to the correct template.
Also, my UPN is different from Email address, but they said this has been resolved in 10.2 and we are running 10.2
Anyway, now i cant even get to http://<MyServer>/CertSrv/mscep_admin/
as I am getting the error:
Network Device Enrollment Service allows you to obtain certificates for routers or other network devices using the Simple Certificate Enrollment Protocol (SCEP).
You do not have sufficient permission to enroll with SCEP. Please contact your system administrator.
For more information see Using Network Device Enrollment Service .
I have also added Enroll permissions to the service account I use for Enrollment on the CA.
help ??? - how do I resolve this.
I noticed in the Application log on the CA, i have the following error
Event ID :6
Description: The Network Device Enrollment Service cannot provide its password because the user does not have Enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template.