none
NDES SCEP IIS appcrash win server 2012r2 RRS feed

  • Question

  • Hi

    I have setup NDES role on a WS2012R2 following documentation below
    https://docs.microsoft.com/en-us/intune/certificates-scep-configure
    https://ronnydejong.com/2017/05/02/part-2-deploying-microsoft-intune-connector-in-an-enterprise-world-troubleshooting/IIS

    Profile has been created in Intune with rootCA cert and published to win10 client, when client tries to enroll I get error in eventlog and on ndes server. On serverside in IIS-logs it seems there are IIS appcrashes whenever client tries to enroll.
    I have reinstalled NDES together with IIS, checked request handling and registry entries without success.
    Does anyone have any hints or knows where I should troubleshoot.

    Client (win10):
    SCEP Certificate enrollment for AzureAD\testuser via https://ndes.domain.com/certsrv/mscep/mscep.dll/pkiclient.exe failed:

    SubmitDone
    GetCACert: OK
    HTTP/1.1 200 OK
    Date: Sun, 25 Feb 2018 22:14:59 GMT
    Content-Length: 4987
    Content-Type: application/x-x509-ca-ra-cert
    Server: Microsoft-IIS/8.5
    X-Powered-By: ASP.NET

    Method: GET(11109ms)
    Stage: SubmitDone
    The connection with the server was terminated abnormally 0x80072efe (WinHttp: 12030 ERROR_WINHTTP_CONNECTION_ERROR)



    NDES Server:
    Appcrash:
    Faulting application name: w3wp.exe, version: 8.5.9600.16384, time stamp: 0x5215df96
    Faulting module name: ntdll.dll, version: 6.3.9600.18895, time stamp: 0x5a4b1b67
    Exception code: 0xc0000374


    WAS (5010) A process serving application pool 'SCEP' failed to respond to a ping. The process id was '4100'.

    WAS (5011) A process serving application pool 'SCEP' suffered a fatal communication error with the Windows Process Activation Service. The process id was '3940'. The data field contains the error number.


    • Edited by mkreuger Sunday, February 25, 2018 10:31 PM typo
    Sunday, February 25, 2018 10:29 PM

All replies

  • Hi,

    According your description, it seems like a IIS appcrash issue, you maight want to post your query in IIS forum for further assistant:

    http://forums.iis.net/


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 28, 2018 6:42 AM
    Moderator
  • Hi mkreuger,

    Did you ever get this resolved? I am having the same exact issue (12030 error) except I dont have any appcrash errors (that I know of). Any ideas? 

    Friday, May 4, 2018 2:24 PM
  • Hi mkreuger,

    I'm also getting w3wp.exe & ntdll.dll crashes with NDES/SCEP and so far MS Prem have been unable to help fix... Did you ever manage to fix this? Any tips please?

    Thanks!

    Steve

    Monday, August 13, 2018 10:01 AM
  • Hi mkreuger,

    I'm also getting w3wp.exe & ntdll.dll crashes with NDES/SCEP and so far MS Prem have been unable to help fix... Did you ever manage to fix this? Any tips please?

    Thanks!

    Steve


    Hi Steve

    If I remember correctly, I setup a fresh Windows Server 2016 and it worked fine after that. No appcrashes in IIS.
    Tuesday, August 28, 2018 12:25 PM
  • Hi,

    I ended up rebuilding my server to 2016 as well... but unfortunately the error still occurred.

    After working with Premier we eventually found a rogue GPO that was placing an Intermediate certificate in to the computer's Trusted Root certificate folder... and that's what made it crash. Removing the certificate and fixing the GPO solved the problem.

    The certificate had nothing to do with NDES at all, weird eh.

    I hope this helps someone if you're finding the same issue and have ended up on this thread.

    Cheers,

    Steve


    Friday, September 7, 2018 10:56 AM
  • Thanks for posting your answer.  I'm running into the same issue, this is a little validation.  This particular GPO is one of the global GPOs in our environment that is proving difficult to even make a minor change such as deny apply group policy to my NDES server, just to prove this point.

    Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

    Wednesday, March 13, 2019 11:54 AM
  • Worked for me, thanks!
    Monday, May 6, 2019 9:30 AM