none
ADCS CEP not returning Certificate Template with Client Compatibility set to Windows 2012 RRS feed

  • Question

  • Hello,

    I am working on a client that supports MS-XCEP / MS-WSTEP for Certificate provisioning.

    Currently I am testing it against Microsoft ADCS (Active Directory Certificate Services) running on a Windows Server 2016.

    I am facing one issue:

    When I create a new Certificate Template and add it to the in-use Certificate Templates of the Certificate Authority, it is listed in the responses the client gets when communicating with the ADCS CEP endpoint using the MS-XCEP protocol.

    However, as soon as I go to the "Compatibility" tab of the Certificate Template and set "Certificate Recipient" to "Windows 8 / Windows Server 2012" or higher, the ADCS CEP endpoint responses stop listing the certificate template.

    Interestingly, the template can still be used by my client through MS-WSTEP when talking to the ADCS CES endpoint directly.

    I thought that maybe the ADCS CEP endpoint assumes the my client is not compatible, but I could not find anything in the MS-XCEP specification saying how to specify the client version / compatibility.

    Does someone know what could be preventing the ADCS CEP from listing the Certificate Template to my client, or what I could do to indicate compatibility in the MS-XCEP request?

    Thanks!

    Wednesday, August 14, 2019 5:49 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    To better understand our question, please confirm the following information:

    1. According to "it is listed in the responses the client gets when communicating with the ADCS CEP endpoint using the MS-XCEP protocol", would you please provide the screenshot?

    2. According to "However, as soon as I go to the "Compatibility" tab of the Certificate Template and set "Certificate Recipient" to "Windows 8 / Windows Server 2012" or higher, the ADCS CEP endpoint responses stop listing the certificate template",would you please provide the screenshot?

    3. What is ADCS CEP endpoint?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 15, 2019 11:35 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, August 19, 2019 6:30 AM
    Moderator
  • Hello,

    I'm currently on vacation but I'll be able to post the requested screenshots when I'm back.

    I can answer Question 3 from here:

    ADCS CEP endpoint is the URL to which my client makes a request using the MS-XCEP protocol.

    It is the "Certificate Enrollment Proxy".

    Tuesday, August 20, 2019 8:37 PM
  • Hi,
    OK. Thank you for your update in advance!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 22, 2019 11:12 AM
    Moderator