locked
SCMDM 2008 SP1 - Devices certificate renewal issue (error code: 0x801F0194) RRS feed

  • Question

  • Hello,

     

    We have the following error when we try manual certificate renewal (CSP) :

     

    Windows Mobile Certificate Enrollment Log

    Date: 2012-01-11

    Time: 16:58:58Z

    Device Name: MOB3SAV146

    Domain\Username: (null)

    Certificate Type Friendly Name: ownserver.lan_SCMDMMobileDevice (MDM1)

    CA Server: ownserver.lan

    Template: SCMDMMobileDevice (MDM1)

    Request Page path/name: /certsrv/certfnsh.asp

    Pickup Page path/name: /certsrv/certnew.cer

    RequestID For Enrollment: (null)

    Enrollment or Renewal: Renewal

    Desktop Initiated: No

    Silent Enrollment: No

    Status Upon Completion: Failed

    Error Code: 0x801F0194

     

    • All SCMDM roles (except for the Gateway) and the SCMDM intermediate CA are on the same server.
    • The SSL port 443 on the server is used for Enrollment Website so I can't bind the CA's web site on it.
    • Devices can connect to http://ownserver.lan/certsrv (through SCMDM VPN).
    • We have already applied http://support.microsoft.com/kb/2273458

     

    Regards,

    Clem.

     

    Wednesday, January 11, 2012 4:18 PM

All replies

  • Hi, 

    I've done some tests :

    - Stop the "Enrollment" website  (binded on 443).

    - Attach the certificate from the "Enrollment" website to the "Default Website".

    - Enable SSL on port 443 for "Default Website"

    - Restart the "Default Website" ("Enrollment" website still stopped)

    - Renew Manually the device certificate

     

    Now, on the device I've this error :

    [...]

    Status Upon Completion: Failed

    Error Code: The CA Server returned HTTP_STATUS_DENIED

     

    Next I've enable Anonymous access on "CertSrv" website, after a new try the error became : 

    Status Upon Completion: Failed

    Error Code: The server returned an unexpected response when the certificate request was sent

     

    So I've detached the certificate from the "Enrollment" website on the "Default Website", and make a new request for a Web Server certificate to our Enterprise CA (the MDM CA is a subordinate of this CA). I've attached the new certificate to "Default Website" and re tested the device certificate renew, I've got the same error :

    Status Upon Completion: Failed

    Error Code: The server returned an unexpected response when the certificate request was sent

     

    Hope somebody as encouter this before and found a solution.

    Clem

    Thursday, January 12, 2012 1:33 PM
  • Clem,

    Question, when you applied http://support.microsoft.com/kb/2273458, did you remove the old template?

    Thanks,

    Unique


    UG.

    Wednesday, January 16, 2013 9:06 PM
  • I've done this one year ago, I really don't remember if I've remove the old template.
    After checking, no, I've let the old template in place.

    Regards,
    Clem.
    Thursday, January 17, 2013 8:21 AM