Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
5
Replies

ISE Windows client does not complete Provisioning. I am trying to use SCEP and NDES

descalante2007
Level 1
Level 1

‎07-02-2014 02:48 PM - edited ‎03-10-2019 09:50 PM

I'm setting a lab environment with ISE 1.2.0.899 patch 7 (Virtual), Windows server 2008 R2 (Virtual). I had follow instructions to make BYOD and get EAP-TLS certificates.

The first unsolved sittuation I have is with Windows Server. I can't figure out why the "Certificate Web Enrollment Service" and "Certificate Policy Web Enrollment Service" are not available when I enable Active Directory Certificate Service.

Anyway I set up all the rest of configuration on ISE. When I try a test the Guest Portal is displayed, the device is registered, and the Network Setup Assistant is started, but around 3/4 of the process it is aborted with an Error, but nothing explaining wath happened. The "More Information" link does not show anything.

Searching on the Windows Server I found this messages:

The Network Device Enrollment Service received an http message without the "Operation" tag, or with an invalid "Operation" tag

Network Device enrollment service cannot convert encoded portions of the client's http message, or the converter message is larger than 64k. invalid pointer

I suppose the problems should be on the WS but I don't have idea how to fix them.

I will appreciate your assistance. Thanks in advance

 

Daniel Escalante

Labels:
0 Helpful
5 Replies 5

nspasov
Cisco Employee
Cisco Employee

‎07-02-2014 03:49 PM

Which guide did you use to setup your CA/SCEP server? I have used the one from the TrustSec guide and had no issues:

http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-security/landing_DesignZone_TrustSec.html

0 Helpful

descalante2007
Level 1
Level 1
In response to nspasov

‎07-08-2014 11:15 AM

Thank you ... I had read the document you indicate and review LabMinutes videos. Labminutes was the first source where I saw the "certificate enrollment web service" and "certificate enrollment policy web service".

After that I had review several sources (videos and books) and I can't find something that indicates why the indicated services are available some times and not in others.

Cisco documentation does not mention these services, but I understand they are required to allow funcionality with non domain devices ...

Regards.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to descalante2007

‎07-08-2014 01:09 PM

If an option, I would recommend removing the certificate services and start over. 

Also, are you using standard or enterprise version of the server 2008? Also, is it regular or R2?

0 Helpful

descalante2007
Level 1
Level 1
In response to nspasov

‎07-09-2014 10:26 AM

Thank you.

I'm using enterprise server (for 2008 NDES is available with enterprise). I think I have R2.

My conclusion at this time is the hotfixes indicated in documentation were missing or not properly installed.

Tomorrow I would get news with the support from a coworker with a lot of experience in WS2008.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to descalante2007

‎07-09-2014 10:58 AM

Perfect. Keep us posted on the progress. It would be nice to know the cause and solution of this issue.

0 Helpful
Customers Also Viewed These Support Documents