AnyConnect auto enrollment using SCEP failed (is solved!)
ASA with last IOS and AnyConnect version was configured for 2 groups:
- one for all SSL VPN-connections using certificate (Main_Group);
- one for auto SCEP enrollment (Cert_Enroll) using AAA LOCAL (was created AnyConnect Profile (AC_Profile) with enrollment parameters (url, thumbprint and etc.), without Get Certificate button, but with Password prompt, because CA (AD CS Win2008R2) was configured to use single (unchanged) password for all enrollments requests from any devices).
When Main_Group isn't connected (certificate failed), I select Cert_Enroll connection from dropdown-list, authenticate successfull, then starts auto enrollment process... opens, approximately on 0.5 seconds, the window for input of the password of CA and is automatically closed. The certificate isn't received. In a tray the icon with connection attempt (a running small square) is shown.
What's the problem? Why auto SCEP enrollment was failed?
P.S.: CA was configured for SCEP enrollment and network devices successfully pass SCEP enrollment if use Trustpoint in config (url http://.../mscep.dll).
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
ISE Node Terminology
Policy Administration Node
Monitoring & Troubleshooting Node
Policy Services Node
Platform Exchange Grid Node
The single plane of glass for ISE administration and configuration operatio...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
About this Document
Cisco Secure Endpoint (formerly AMP for Endpoints) is a comprehensive Endpoint Security solution designed to function both as a stand-alone tool, and as a part of the architecture of natively integrated Cisco and 3rd par...