NDES and the dreaded 2 & 10 Event ids stating “The parameter is incorrect"

NDES checks the CRL of its own RA certificate before starting up? Also, at what point in the NDES startup cadence does this CRL check get triggered? I only see the 2 and 10 errors when trying to navigate to localhost/certsrv/mscep/mscep.dll

I opened up connectivity to our CDP and verified the CRL could be pulled and there were no more RA certificate related CRL errors in the CAPI logs, but I’m still seeing 2 and 10 unfortunately.

In C:\Windows\System32\CertSrv I only see an mscep directory, not mscep_admin. ChatGPT is adamant that the lack of an mscep_admin directory means the NDES configuration process is silently failing and the missing mscep_admin is the cause of the 2 and 10 errors. Also in IIS these are not getting created properly under the Default Web Site. Can you confirm on your working NDES instance that mscep_admin exists in certsrv?