NDES - Reusing a password for multiple devices

-

hi there,

i have requirement use ndes issue certificates new blackberry 10 fleet via scep. appears blackberry server assumes challenge returned ndes never change. consequently have followed steps outlined in following article to reuse same challenge password multiple devices.... doesn't work:

  1. configure service function in single-password mode creating reg_dword value usesinglepassword , setting 0x1.
  2. give full control permission account used run ndes hkey_local_machine\microsoft\cryptography\mscep registry key. step required if have installed kb959193 hotfix.
  3. in iis manager snap-in, navigate scep application pool , in advanced settings set load user profile true.
  4. if you’ve configured ndes run under user account, logon interactively user account onto machine ndes installed force creation of user profile account. one-time operation, user doesn’t need stay interactively logged on while ndes running. prepare ndes service account profile:
  • on ndes server, open internet information services (iis) manager. 
  • in the connections pane, expand web server running ndes service. 
  • in the connections pane, click application pools. 
  • in the application pools pane, click scep. 
  • in the actions pane, click advanced settings. 
  • in the advanced settings dialog box, under process model, configure load user profile to true. click ok. 
  • in application pools, right-click scep and click stop. 
  • sign off ndes server. 
  • sign on using ndes user account. ndes service account user profile created. 
  • sign off ndes server. 
  • sign on ndes server using account member of local administrators. 
  • open internet information services (iis) manager, expand web server object, , select application pools
  • in the application pools pane, right-click scep and click start

but every time hit the admin web page, provides me unique enrollment challenge password valid 60 minutes.... refuses stay same.

my ndes server windows 2008 r2. has got ideas causing capability malfunction?

regards, james.

james frost

typically, issue incorrect creation of registry key. did create both container , reg_dword value?

brian



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Can no longer user MS Update - Files required to use Microsoft Update are no longer registered

-
hi, i'm new server 2003.  installed it.  removed enhanced ie security.  proceed download , install windows server 2003 sp1, of dot net (1.1, 2.0, 3.0, 3.5, , updates), , sp2. after downloaded , installed of above, tried windows update menu option in ie.  (ie 8 windows server 2003) , sits there "done" in lower left hand corner.  never brings in window. so try www.microsoft.com -> download , trails -> update.  received error message "files required use microsoft update no longer registered or installed on computer".  click on register or reinstall files me now.  window changes , "check latest version of windows updating software .... ".   sits there (last time sat there on hour). i went on internet , found instructions: regsvr32 wuapi.dll regsvr32 wups.dll regsvr32 wuaueng.dll regsvr32 wucltui.dll regsvr32 atl.dll regsvr32 msxml3.dll did not work either.  have other suggestions?...
Read more

CDPUserSvc_xxxxx has stopped working

-
since last patch kb4041688 message on every windows 2016 server. any idea? seems number xxxxx changes on every boot. says: <failed read description. error code: 15100 > hi, had confirmed relate department, , edited reply in order provide appropriate explanation.   working on problem, testing, confirmation , relate processes may need period of time. appreciate patience. if there update it, update , let know. also, can pay attention microsoft product blog, official website, newly released update in order obtain newest information. workaround, can disable via registry - change start value from 2 4 (hexadecimal or decimal) , re-start system: hklm\system\currentcontrolset\services\cdpusersvc_ xxxxx best regards, eve wang please remember mark replies answers if help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Serv...
Read more