Domain user unable to import PFX certificate into Personal store

[Cerulean]

The short of it is that we are using Azure VPN where each user receives their own PFX certificate and must install it to their Current User Personal store. The problem is they receive this error when trying to import it:

OS: Windows 10 Pro

Certificate Import Wizard

An internal error occurred. Either the user profile is not accessible or the private key that your are importing might require a cryptographic service provider that is not installed on your system.

 

[Haven]

Does the user have permissions to import it? Is the password correct?

https://support.microsoft.com/en-us/kb/919074

 

[Cerulean]

Figured out the solution to the problem. The computer has not pulled and applied GPOs from the domain controller. After doing that, you'll have no problem importing certificates. This problem can happen if you do not have reliable always on connectivity to the domain and are joining new machines to the domain using the Azure VPN client. Machine-based VPN is a no go for this kind of operation -- either establish reliable connectivity outside of the machine or don't join that machine to the domain.

We figured this out by setting the VM's NIC to use NAT instead of Bridging, and setup the host machine to connect to the Azure infrastructure (this way the VM always has connectivity to the domain). For physical machines this is not practical.