Vault Intermediate CA - problem getting CSR signed by ADCS(certreq)

Hi, I am trying to configure Vault as an Intermediate CA, subordonate to our ADCS(Active Directory CA)

I configured the pki secret engine, got and copied the CSR from it, but I just can’t seem to be able to sign it with certreq. It always complain that the data is invalid.

I know ADCS, sometimes, doesn’t play nicely with other system CSR, but here I am lost as to where to go from here.

Anyone has managed to configure Vault with ADCS as it’s root CA?