When enrolling a certificate through a Microsoft Certificate Authority, an error at stage 500 occurs with "The permissions on the certificate template do not allow the current user to enroll for this type of certificate.', the CSR submission failed." This is due to the "Subject Name" tab on the CA template on the CA itself.
The "Subject Name" tab should be set to "Supply in the request" and not "Build from this Active Directory information". This is because Venafi submits the subject of certificate in the CSR that is submitted to the CA. When the option for "Build from this Active Directory information" is selected, the CA will try and enroll the certificate using the services account Venafi is using to communicate with the CA.