02-09-2018 11:08 AM
When using BYOD in a DUAL SSID setup with Microsoft Server 2012 R2 CA as a SCEP server and Android phone, the Network Setup assistant does not ask you to enter your password nor does it connect to the SCEP to relay the certificate request.
Can someone help?
Solved! Go to Solution.
02-12-2018 07:30 AM
My wireless setup is not connected to a Windows 2012R2 CA. I know for sure ISE working with Windows 2012R2 because a couple of Cisco field engineers did a Techtorial in Cisco Live before.
I just tried it with our existing Windows 2008R2 and my test Android device (Google Nexus 5X) got the certificate installed ok.
Below are some screenshots of my ISE configurations:
If you still have problem to get the requests going to your MS CA, please engage Cisco TAC.
02-09-2018 09:30 PM
Please clarify whether it working with ISE internal CA, with other client OS's than Android, and testing SCEP connection ok.
02-10-2018 05:01 AM
The process works with ISE Internal CA with Android clients. So far in our setup we have mostly Android clients. With regards to the SCEP, I have used the sscep toolset to test and verify that SCEP is working as seen below.
The process just doesn't work when using the External SCEP Server. The RootCA and SubCA certificates have been added to ISE trusted certificates to support the External SCEP Server. Note also the SCEP server is also the SUBCA that issues the certificates.
02-12-2018 07:30 AM
My wireless setup is not connected to a Windows 2012R2 CA. I know for sure ISE working with Windows 2012R2 because a couple of Cisco field engineers did a Techtorial in Cisco Live before.
I just tried it with our existing Windows 2008R2 and my test Android device (Google Nexus 5X) got the certificate installed ok.
Below are some screenshots of my ISE configurations:
If you still have problem to get the requests going to your MS CA, please engage Cisco TAC.
02-12-2018 08:34 AM
Thank you for the clarification as this has resolved my issue.
It turns out that the key to getting SCEP to work is to specify the entire URL with the mscep.dll such as "http(s)://yourscep.yourdomain.com/certsrv/mscep/mscep.dll" when creating the SCEP RA Profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide