KB: User will be enrolled with a new certificate when logging on to new client machine with certificate autoenrollment enabled

Problem: For user logs on to multiple machines with autoenrollment enabled, each machine will generate a new set of private and public keys for the user since user’s existing certificates do not exist in the local certificate store.

Solution: Configure Credential Roaming supported in Windows Server 2003 SP1 Administrative Template.