Configuring Event Log Forwarding in a workgroup environment involves specifying the thumbprint of the issuing CA in a GPO.
The thumbprint can be copied from the Local Computer Certificates console (certlm.msc)
Selecting and copying all the text as in the above screenshot will also cause an hidden characted to be copied.
This hidden character is not visible in the GUI and pasting it with the thumbprint in the policy will cause the configuration to fail. This kind of problem is very hard to spot.
The hidden character can be deleted even from the GUI by placing the cursor before it and pressing the delete key on the keyboard. Nothing appears happening but this will delete it.
Another way to easily spot the hidden character on Windows 2012 R2 and previous OS is pasting the string at a command prompt:
On the Windows 10 / Windows 2016 command prompt it is harder to spot because it only produce a small dot:
Gianni Bragante
Support Escalation Engineer
Microsoft Customer Service & Support