Wednesday, February 29, 2012 3:33 AM
I have installed the NDES service on my Server 2008 CA machine. I referred to NDES Whitepaper.
When I am logging in to the service url, in order to get a enrollment challenge password, it asks for authentication. (service url - http://myserver/certsrv/mscep_admin). I entered the credentials of the account "Device Admin" created according to the white paper.
This user has "Enrol" permissions of the certificate template IPSec (Offline Request). But the authentication fails.
The enterprise administrator can log in to the service but the SCEP service gives the below error,
"You do not have sufficient permissions to enrol with the SCEP service. Please contact your system administrator"
Does the problem lies with the IIS authentication? What am I missing here?
Tuesday, February 28, 2012 9:00 AM
I am implementing the SCEP service by referring to this whitepaper. At one step it specifies the SCEPSvc user "Must have request permission on the configured CA."
What exactly meant by "Must have request permission on the configured CA." and how do I set that permission?
- Merged by Bruce-LiuModerator Monday, March 05, 2012 11:31 AM
Wednesday, February 29, 2012 8:04 AMThis thread discusses the same problem. But it has been closed without an answer.
Monday, March 05, 2012 11:31 AMModerator
The account must have Full Control permissions on each private key to be able to access the private key from the local machine store. Please refer to this thread:
NDES / SCEP issues running under a service account
Hope this helps.
- Marked As Answer by Bruce-LiuModerator Thursday, March 08, 2012 6:15 AM