We had two users with the same name and when we tried getting certificates for the second of these users the Symantec CA refused to issue them with an A604 error.
The A604 error means that “this user already has a certificate”. By default a Symantec CA will not issue a second certificate from the same template if that user already has one. This is determined by the users Common Name (CN) and ultimately the Distinguished Name (DN).
The way to resolve this would be to remove and then re-import one of the two users with a different CN / DN in order to meet the requirements of the Symantec MPKI of making those attributes unique.
User 1 : CN=Greg A Crawford
User 2 : CN=Greg Alan Crawford