The computer uses an incorrect certificate template for the SCEP
Possible cause
By default, Windows Server 2008 uses the IPSECIntermediateOffline template to generate a certificate using SCEP. This template does not provide the correct Extended Key Usage (also known as an Application Policy) for the signed certificate. The signed certificate is used for authenticating email connections, VPN connections, and Wi-Fi connections.
Possible solution
Change the certificate template that the Network Device Enrollment Service in Windows Server 2008 uses to generate the certificate using SCEP. For more information, visit technet.microsoft.com to read the article Administering Certificate Templates.