You mentioned using an intermediate certificate (R3.crt) extracted from the chain of sunet.se. Make sure this certificate is actually in the certificate chain for both sunet.se and google.com. If it's not in Google's chain, the pinning won't affect Google.
The certutil commands you used should have added the pinning rules to the registry. You can verify this by checking:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
- Double-check the XML formatting and re-run the certutil commands.
- Verify the registry entries were created correctly.
- Restart the system to ensure all changes take effect.