Ingolfur has written a blog post as well as a TechNet Wiki article describing how a Windows Server 2008 R2 certification authority (CA) parses certificates, especially those from a third-party (3rd party) non-Microsoft CA. He also covers the Key Distribution Center (KDC) enhanced key usage (EKU) object identifiers (OIDs) and in the blog post KDC event ID 29.
TechNet Wiki article: Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd part…
http://social.technet.microsoft.com/wiki/contents/articles/updated-requirements-for-a-windows-s…
Blog post: Smartcard logon using certificates from a 3rd party on a Domain Controller and KDC Event ID 29 …
© Microsoft. This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.