locked
Device enrolment using SCEP RRS feed

  • Question

  • Hi,

     I have setup a certificate server with NDES enables, but when I issue a SCEP request to download certificates, it works for some time (usually for about 6 to 7 hours).  But after that it fails. The event viewer shows the NDES registration failed because of a remote call failure.  This happens almost always (when I try to issue a SCEP request) but not every time.

    Any idea what could be the probable causes?

    Thanks

    Bob

    Sunday, March 29, 2015 3:11 AM

All replies

  • I'm not sure I follow...

    Can you describe, in more detail, the process flow / communication steps you are seeing and at which point in the SCEP request process are you seeing the failure?

    Regarding the event viewer message, is that on the client machine or one of the server machines?

     


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Monday, March 30, 2015 3:57 PM
  • The failure happens when I request a new client certificate.  The event viewer message is on the server machine.

    I found out today that if I recycle the app pool in IIS,  on the SCEP server, my client certificate requests start working again., but I should not have to do this. The Event Id in EventViewer is 31 The exact details are as follows taken from (http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx#Error_Events)

    Event ID: 31

    The Network Device Enrollment Service cannot submit the certificate request (%ErrorCode). %ErrorMessage<o:p></o:p>

    Internal Name: EVENT_MSCEP_FAIL_SUBMIT<o:p></o:p>

    Source: Microsoft-Windows-NetworkDeviceEnrollmentService<o:p></o:p>

    Description: The Network Device Enrollment Service failed while submitting a certificate request on behalf of a client device.

    I tried the solutions mentioned under this except

    'Ensure that the Network Device Enrollment Service can connect to the CA.'  How do I do this?

    Thanks,

    Bob

    Tuesday, March 31, 2015 12:59 PM
  • There is one other note in the page you reference which caught my attention: "Otherwise, your computer may be low on physical memory."

    This caught my attention because of the symptoms you describe, mainly: The problem starts happening after several hours and it starts working again if you recycle the app pool in IIS.

    However, I'm not an expert on IIS so I would recommend checking the IIS forums for more advice: http://forums.iis.net/


    Eric Fleck, Windows Store and Windows Phone Developer Support. If you would like to provide feedback or suggestions for future improvements to the Windows Phone SDK please go to http://wpdev.uservoice.com/ where you can post your suggestions and/or cast your votes for existing suggestions.

    Tuesday, March 31, 2015 1:31 PM