cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1305
Views
5
Helpful
6
Replies

Unable to enroll identity/ssl certificate via MS-SCEP on 2003 - Rejected

Yossi.Mor
Level 1
Level 1

Hello forum,

I am currently having a problem with certificate enrollment on VPN 3005 concentrator via MS-SCEP on MS 2003 CA. The error that i am getting is 'SCEP Status: Rejected'.

When inspecting the log file on the concentrator i am getting the following:

"The SCEP request has been rejected. Failure code = 2 BadRequest -Transaction not permitted"

On MS CA i get the following notification:

"SCEP Add-on cannot find required key usage information in the certificate request"

From my experience with W2K CA the problem was permissions on several certificate templates (IPsec offline request.

Did any one experienced those issues?

Is this happens due to problem with the concentrator version? Since the former software version that i used with W2K CA was 3.6.x

I am using software version 4.1.2 on the concentrator.

Regards.

Yossi Mor

6 Replies 6

umedryk
Level 5
Level 5

Have you installed the add on package for SCEP on your CA Server?

makaiser
Level 1
Level 1

You have to install the SCEP add-on package from Microsoft (Microsoft search or google).

After the installation go to the url what the installer told you, i.e. (http://certserver/certsrv/mscep/mscep.dll) to get a valid password for your certificate request. It's only valid for one time and for a max. of 60 sec.

With refresh of the Webpage you'll get another one.

kind regards

-Markus

Thanks for the info Markus.

I have already solved it when find out that the SCEP add on version that come with the resource kit has a problem as i have written in the fist message.

All the best,

Yossi

So how did you solve it?

Rutger

Rutger,

You've probably fixed this by now but for others who haven't ...

About 15 minutes ago this exact error reared its head on an unpatched W2k3 subCA being built in a testlab. Easy fix, download SCEP from MS (replacing the version shipped with the resource kit tools): http://www.microsoft.com/downloads/details.aspx?FamilyID=9f306763-d036-41d8-8860-1636411b2d01&DisplayLang=en

It wanted a reboot, and after the box came back up everything worked a treat.

HTH,

Colin

Hello and thank you for your answer.

I indeed solved it this way.

Kind regards,

Rutger