If the Require FQDN option is set in the enrollment configuration (by default it is), the managed hosts must have a fully qualified domain name (FQDN).
The clocks on all the managed hosts must be approximately on the correct time. The issued certificates have a validity period starting one hour in the past and the issued CRLs likewise have a one hour marginal in their
thisUpdate timestamps. This means that a clock that is more than an hour late will cause problems when validating a new certificate or using a just issued CRL.