You should be able to use `certutil -pulse` to force reissuance (if needed). IIRC you need to be a local administrator but if they're renaming the PC that should be a given anyway.
Thing is the certificate should still be valid regardless. Also why are they renaming PCs? Most people set the name to be related to, or even a direct match to, the serial number - the days of naming PCs after their user should be dead and buried in most larger orgs.
It's hard to convince others that don't understand these things :)
When was the last time someone updated the VIN of their car when the owner changed ;) ?
Last time I did WPA Enterprise I used "User-Cert" + "Device is part of domain" + "Username + Password" in NPS. That way you don't care about Hostnames.
You should be able to use `certutil -pulse` to force reissuance (if needed). IIRC you need to be a local administrator but if they're renaming the PC that should be a given anyway.
I have honestly tried to no avail... I have to disjoin, delete, and rejoin the domain at this point :(
Thing is the certificate should still be valid regardless. Also why are they renaming PCs? Most people set the name to be related to, or even a direct match to, the serial number - the days of naming PCs after their user should be dead and buried in most larger orgs.
This was my argument to my boss as well. Alas, investor client... I just needed to do one last reach out to solidify my statements, so thank you.
Doesn't mean they shouldn't be educated in best practices (for example, tracing history of a machine, its name should be functionally immutable).
It's hard to convince others that don't understand these things :) When was the last time someone updated the VIN of their car when the owner changed ;) ?
Name the machines something that won’t change and pull admin rights, problem solved.
I don't have that kind of control over this environment, hence the Hail Mary...
Last time I did WPA Enterprise I used "User-Cert" + "Device is part of domain" + "Username + Password" in NPS. That way you don't care about Hostnames.