So you want to test your NDES/SCEP certificate enrollment?

SCEP (Simple Certificate Enrollment Protocol) and NDES (Network Device Enrollment Service) are the mechanisms we currently use to deploy certificates to our mobile devices via Intune and Configuration Manager. The tech is very (very) cool, but for the average ConfigMgr admin it’s got quite a steep learning curve. Once you (kinda) understand how it all… Read more

Network Device Enrollment Service (NDES) – ERROR_SERVICE_EXISTS

Ran into this doozy this week while trying to re-add the NDES role services. The specified service already exists. 0x80070431 (WIN32: 1073 ERROR_SERVICE_EXISTS) The fix is to ensure there are no lingering NDES configuration. From Regedit, delete the following key (back it up first!) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP Matt Shadbolt… Read more

Starting NDES Services (Device Registration Service) Fails with “object does not exist”

I ran into this issue when configuring SCEP/NDES certificate registration for an Intune tenant. Following all the best practice configuration steps, left me with an SCEP enrollment page returning Internal Server Error 500 instead of the expected 200. I found that the Device Registration Service was not starting correctly. In the event logs I found it… Read more

System Center Endpoint Protection for Windows Server 2003

A quick reminder that Windows Server 2003 is coming to end of life and will be unsupported after July 14 2015 – a mere 20 days away. While your Server 2003 OS will continue to run it is important to note that for people using System Center Endpoint Protection (SCEP) for antivirus – definition updates… Read more