Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1305
Views
5
Helpful
6
Replies

Unable to enroll identity/ssl certificate via MS-SCEP on 2003 - Rejected

Yossi.Mor
Level 1
Level 1

‎06-15-2004 01:19 AM

Hello forum,

I am currently having a problem with certificate enrollment on VPN 3005 concentrator via MS-SCEP on MS 2003 CA. The error that i am getting is 'SCEP Status: Rejected'.

When inspecting the log file on the concentrator i am getting the following:

"The SCEP request has been rejected. Failure code = 2 BadRequest -Transaction not permitted"

On MS CA i get the following notification:

"SCEP Add-on cannot find required key usage information in the certificate request"

From my experience with W2K CA the problem was permissions on several certificate templates (IPsec offline request.

Did any one experienced those issues?

Is this happens due to problem with the concentrator version? Since the former software version that i used with W2K CA was 3.6.x

I am using software version 4.1.2 on the concentrator.

Regards.

Yossi Mor

Labels:
0 Helpful
6 Replies 6

umedryk
Level 5
Level 5

‎06-22-2004 12:17 PM

Have you installed the add on package for SCEP on your CA Server?

0 Helpful

makaiser
Level 1
Level 1

‎08-16-2004 08:26 AM

You have to install the SCEP add-on package from Microsoft (Microsoft search or google).

After the installation go to the url what the installer told you, i.e. (http://certserver/certsrv/mscep/mscep.dll) to get a valid password for your certificate request. It's only valid for one time and for a max. of 60 sec.

With refresh of the Webpage you'll get another one.

kind regards

-Markus

Yossi.Mor
Level 1
Level 1
In response to makaiser

‎08-16-2004 10:30 PM

Thanks for the info Markus.

I have already solved it when find out that the SCEP add on version that come with the resource kit has a problem as i have written in the fist message.

All the best,

Yossi

0 Helpful

Rutger Blom
Level 1
Level 1
In response to Yossi.Mor

‎05-04-2005 03:31 AM

So how did you solve it?

Rutger

0 Helpful

thebigc
Level 1
Level 1
In response to Rutger Blom

‎01-02-2006 09:48 AM

Rutger,

You've probably fixed this by now but for others who haven't ...

About 15 minutes ago this exact error reared its head on an unpatched W2k3 subCA being built in a testlab. Easy fix, download SCEP from MS (replacing the version shipped with the resource kit tools): http://www.microsoft.com/downloads/details.aspx?FamilyID=9f306763-d036-41d8-8860-1636411b2d01&DisplayLang=en

It wanted a reboot, and after the box came back up everything worked a treat.

HTH,

Colin

0 Helpful

Rutger Blom
Level 1
Level 1
In response to thebigc

‎01-03-2006 12:04 AM

Hello and thank you for your answer.

I indeed solved it this way.

Kind regards,

Rutger

0 Helpful
Customers Also Viewed These Support Documents