Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
826
Views
0
Helpful
0
Replies

ASA scep-forwarding-url error "Unknown content-type in the response"

gregbeifuss
Level 1
Level 1

‎09-02-2021 01:07 PM

Long story short, I'm trying to setup a VPN Management Tunnel for our AnyConnect clients. Part of the process involves setting up an SCEP connection, which fails miserably. My ASA doesn't like the response from NDES, and I'm stuck on why it's happening.

 

ASA 9.12
AD CS on Windows 2019 Core

 

The ASA output looks like this:

asa(config-group-policy)# scep-forwarding-url value http://corpca01.corp.company.com/certsrv/mscep/mscep.dll
Attempting to retrieve the CA/RA certificate(s) using the URL. Please wait ...
WARNING: Failed to get CA/RA certificate(s): Unknown content-type in the response from CA.

NDES appears to be working properly - all the right pages and content load in a browser.

 

I took a look with Wireshark on my ASA, and my CA returns a 404 Not Found to the query from my ASA. I can use the GET string in a browser and it works. Here's what the exchange with the ASA looks like:

GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=CA HTTP/1.0\r\n
HTTP/1.1 404 Not Found (text/html)

The IIS logs don't show any communication from the ASA, which I find strange, because the 404 is being returned.

Is there something painfully obvious that I'm overlooking?

I considered CSCvg99811, but my CA isn't on a management interface.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents