Hoping someone can fill in a hole for me. I am attempting to setup autoenrollment of the user certificate for wireless access for a set of 8865s. I have used the Cisco IP Phone 8861 and 8865 Wireless LAN Deployment Guide to the best of my ability, but it seems its last update was in 2021 also. I don't have an ASA or ISE and am using Windows Server 2022 as a CA and for NDES.
After configuring the CAPF settings for the phone to "Install/Update" and providing the WLAN SCEP and CA Thumbprint I can pull the Root CA certificate and install it. However, it fails to retrieve a user certificate.
It appears my IIS is not preventing it:
2024-03-06 18:14:51 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACert&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 11764
2024-03-06 18:14:51 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACaps&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 1
2024-03-06 18:14:55 192.168.10.10 POST /certsrv/mscep/mscep.dll operation=PKIOperation 80 - 192.168.20.100 - - 200 0 0 10
2024-03-06 18:15:17 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACert&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 1
2024-03-06 18:15:17 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACaps&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 1
2024-03-06 18:16:00 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACert&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 1
2024-03-06 18:16:00 192.168.10.10 GET /certsrv/mscep/mscep.dll operation=GetCACaps&message=CAIdentifier 80 - 192.168.20.100 - - 200 0 0 2
2024-03-06 18:16:02 192.168.10.10 POST /certsrv/mscep/mscep.dll operation=PKIOperation 80 - 192.168.20.100 - - 200 0 0 6
My Phone status log:
[14:52:17 06/21/23] No IPv4 DNS server |
| [14:52:19 06/21/23] ITL installed |
| [14:52:20 06/21/23] SEPF8A5C5------.cnf.xml.sgn(HTTP) |
| [14:52:22 06/21/23] VPN not configured |
| [14:52:23 06/21/23] oAuth mode disabled |
| [14:52:23 06/21/23] Successfully installed root certificate via SCEP. |
| [14:52:24 06/21/23] Failed to install user certificate via SCEP! |
I have configured the Windows Registry per the document. Any pointers or help is greatly appriciated.