01-09-2013 11:29 AM - edited 03-10-2019 07:57 PM
Hi
Have you ever managed to set-up a Windows Server 2008 R2 CA in Stand-Alone mode with SCEP? In most howtos they are using Enterprise PKI and therefore can create certificate templates. I don't see any requests on the server and the IIS-Debugging file doesn't even get created.
I used the technet howto [1] for setting up my lab server.
[1] http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx
Sent from Cisco Technical Support iPad App
01-09-2013 11:44 AM
Marcel,
Did you build this CA from scratch or are you trying to integrate an existing CA. I know when i first set this up and didnt choose enterprise the NDES configuration would not work. I am not an expert in what workarounds you can use but I had to remove the Certificate services and rebuild with enterprise.
Thanks,
Tarik Admani
*Please rate helpful posts*
01-09-2013 11:58 AM
Hi Tarik
I've built a new CA. I don't want to integrate it with the existing enterprise PKI because the CA should auto-grant requests. And I can't install a second Enterprise PKI with another Root-CA in the same domain. Creating an extra domain only for certificates would require topology-changes because you don't want multiple domains on the same subnet.
I'll probably use an IOS Router with the IOS CA-Feature if I don't find a solution.
Sent from Cisco Technical Support iPad App
01-09-2013 12:02 PM
Marcel,
Have you come across these guides:
http://technet.microsoft.com/en-us/library/ff955646%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/ff955646%28v=ws.10%29.aspx#BKMK_SANDES
Tarik Admani
*Please rate helpful posts*
01-09-2013 12:13 PM
No, I haven't seen them yet, but they're familiar to the wiki article from technet. I think that SCEP requires certificate templates which are not available in stand-alone ca.
Thank you for your reply
Sent from Cisco Technical Support iPad App
03-12-2014 02:51 PM
Please also check the below doc with other posted.
http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx
03-05-2014 07:49 PM
Before you configure SCEP support for BYOD, ensure that the Windows 2008 R2 NDES server has these Microsoft hotfixes installed:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide