GPO Certificate Autoenrollment Not Triggering

Hi, I have a test environment (using a trial license which expires next week!) with a few Windows and CentOS VMs (and a DC and a CA).

I've configured a single GPO to autoenrol certificates for servers and users (all in the same OU). This works fine for the Windows machines and users, but for the CentOS servers, I can see the GPO being applied (it copies a test file correctly), but it doesn't trigger the certificate enrolment step.

The configuration seems to have been applied, and I can submit a vascert pulse command to get a user certificate and my certificate is issued and is a accessible on the server. However, I need this to trigger automatically at logon for CentOS servers and users (the servers and certificates only last one day in this environment).

I've followed the documentation (and I've double checked all GPO settings and requirements). I'm now stuck as I can't see anything like this in the knowledge base.

Anyone any ideas?