I was recently engaged at a client site where we used Lync Server 2010's UI for generating a private certificate for the customer's Edge server. The request was sent to their internal PKI environment and came back with the error:
Denied by Policy Module 0x80094800, The request was for a certificate template
that is not supported by the Certificate Services policy.
The customer's Windows certificate server used a custom template based on the default WebServer template shipped with the OS. The template "friendly name" contained spaces such as "Contoso - Web Server v2" however the "short name" removes these and is referenced as "ContosoWebServerv2".
During the certificate request process in Lync Server 2010 you can specify an alternate template to use for signing the certificate. During this process I had specified the friendly name and not the short name which resulted in the error.
Once I changed the Lync Server 2010 certificate request template name in the wizard to the short name, the CA issued the certificate just fine!
Thanks to Dev for this one!