%3CLINGO-SUB%20id%3D%22lingo-sub-1128842%22%20slang%3D%22en-US%22%3EConnecting%20iPads%20to%20an%20Enterprise%20Wireless%20802.1x%20Network%20Using%20Certificates%20and%20Network%20Device%20Enrollment%20Services%20(NDES)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1128842%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Feb%2027%2C%202012%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1414372205%22%20id%3D%22toc-hId--1414372205%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-size%3A%20medium%3B%22%3E%20%3CSTRONG%3E%20Important%20notice%20%3C%2FSTRONG%3E%20%3A%20%3C%2FSPAN%3E%20Microsoft%20does%20not%20support%20any%20apple%20products%2C%20if%20you%20need%20to%20troubleshoot%20any%20problem%20related%20to%20apple%20products%2C%20please%20refer%20to%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fwww.apple.com%2Fsupport%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20http%3A%2F%2Fwww.apple.com%2Fsupport%20%3C%2FSPAN%3E%20%3C%2FA%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20style%3D%22width%3A%20100%25%3B%20border-collapse%3A%20collapse%3B%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTH%20style%3D%22text-align%3A%20left%3B%20padding-top%3A%205px%3B%20padding-bottom%3A%205px%3B%20padding-left%3A%205px%3B%20background-color%3A%20darkgray%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010px%3B%22%3E%20%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%2016px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167185i2C2EE1388F182A68%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20%2F%3E%3C%2FSPAN%3E%20%3CSTRONG%3E%20Warning%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FTH%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20style%3D%22padding-left%3A%205px%3B%20background-color%3A%20whitesmoke%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%2010px%3B%22%3E%20SCEP%20was%20designed%20to%20be%20used%20in%20a%20closed%20network%20where%20all%20end-points%20are%20trusted.%20The%20warnings%20from%20CERT%20in%20the%20article%26nbsp%3B%22%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%2010px%3B%22%3E%20Simple%20Certificate%20Enrollment%20Protocol%20(SCEP)%20does%20not%20strongly%20authenticate%20certificate%20requests%20%3C%2FSPAN%3E%20%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%2010px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167186i6598CE5751114D6F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20%2F%3E%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%2010px%3B%22%3E%20%22%20should%20be%20considered%20when%20implementing%20the%20NDES%20service.%20If%20an%20application%26nbsp%3Butilizes%20SCEP%2C%20it%26nbsp%3Bshould%20provide%20its%20own%20strong%20authentication.%20%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22margin%3A%200in%200in%206pt%3B%20text-align%3A%20justify%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20I%20am%20often%20asked%20by%20customers%20how%20to%20deploy%20certificates%20to%20iPads%20using%20NDES%2C%20where%20I%20refer%20them%20to%20Rob%20Greene%E2%80%99s%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F11%2F22%2Fipad-iphone-certificate-issuance.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20blog%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20for%20the%20steps%20required%20configuring%20NDES%20and%20enrolling%20these%20devices%20for%20certificates.%20Lately%2C%20I%20was%20presented%20with%20a%20challenge%20where%20a%20customer%20wanted%20to%20enroll%20these%20devices%20for%20certificates%20and%20authenticate%20them%20to%20an%20802.1x%20infrastructure%20using%20Network%20Policy%20Server%20(NPS)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Let%E2%80%99s%20review%20how%20a%20non-domain%20joined%20machine%20authenticates%20to%20an%20802.1x%20network%20before%20delving%20into%20the%20required%20steps%20for%20iPads%20to%20connect%20to%20the%20same%20network.%20Historically%2C%20the%20following%20steps%20were%20followed%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%201.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Create%20a%20placeholder%20computer%20account%20in%20Active%20Directory%20Domain%20Services%20(AD%26nbsp%3BDS)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%202.%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3EConfigure%20a%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F717.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20Service%20Principal%20Name%20(SPN)%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20for%20the%20new%20computer%20object.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%203.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Enroll%20a%20computer%20certificate%20passing%20the%20FQDN%20of%20the%20placeholder%20computer%20object%20as%20a%20Subject%20Name%2C%20using%20Web%20Enrollment%20Pages%20or%20Certificates%20MMC%20snap-in%20directly%20from%20the%20computer%20(Skip%20step%204%20if%20you%20are%20using%20the%20Certificates%20MMC%20snap-in)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%204.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Export%20the%20certificate%20created%20for%20the%20non-domain%20joined%20machine%20and%20install%20it.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%205.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Associate%20the%20newly%20created%20certificate%20to%20the%20placeholder%20AD%26nbsp%3BDS%20domain%20computer%20account%20manually%20created%20through%20Name%20Mappings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%3CSTRONG%3E%20Advanced%20View%20%3C%2FSTRONG%3E%20in%20Active%20Directory%20Users%20and%20Computers%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Right-click%20the%20placeholder%20computer%20object%20and%20then%20select%20Name%20Mappings.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSTRONG%3E%20Note%3A%20%3C%2FSTRONG%3E%20Windows%207%20and%20Windows%20Server%202008%20R2%20allows%20to%20you%20skip%20steps%203%20and%204%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F05%2F25%2Fenabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20by%20using%20Certificate%20Enrollment%20Web%20Services%20(CES)%20and%20Certificate%20Enrollment%20Web%20Policy%20(CEP)%20to%20enroll%20non-domain%20joined%20computers%20for%20certificates%20%3C%2FSPAN%3E%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20method%20described%20earlier%20applies%20to%20computers%20where%20the%20computer%20certificate%20enrolled%20is%20based%20on%20a%20computer%20template.%20The%20computer%20will%20present%20the%20certificate%20(Subject%20Name)%20to%20the%20Network%20Policy%20Server%20(NPS)%2C%20which%20in%20turn%20will%20check%20if%20the%20computer%20account%20is%20enabled%20in%20AD%26nbsp%3BDS.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Devices%20such%20as%20iPads%20behave%20differently%2C%20where%20they%20treat%20all%20certificates%20installed%20as%20a%20user%20certificate%2C%20hence%20when%20passing%20the%20subject%20name%20to%20the%20NPS%20server%2C%20NPS%20will%20look%20for%20a%20user%20object%20in%20AD%26nbsp%3BDS%20rather%20than%20a%20computer%20object%2C%20causing%20the%20authentication%20request%20to%20fail%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Log%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Security%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Source%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft-Windows-Security-Auditing%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Date%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%202%2F15%2F2012%208%3A55%3A49%20PM%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Event%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%206273%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Task%20Category%3A%20Network%20Policy%20Server%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Level%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Information%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Keywords%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Audit%20Failure%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20N%2FA%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Computer%3A%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Description%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20Network%20Policy%20Server%20denied%20access%20to%20a%20user.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Contact%20the%20Network%20Policy%20Server%20administrator%20for%20more%20information.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NULL%20SID%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ipad.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Domain%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%5Cipad.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Machine%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NULL%20SID%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20OS-Version%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Called%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Calling%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20b8ff6154d066%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv4%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv6%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port-Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Wireless%20-%20IEEE%20802.11%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2034%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20RADIUS%20Client%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Friendly%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20wrt350n%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20IP%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Details%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Connection%20Request%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%20Secure%20Wireless%20Connections%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Network%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Provider%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Windows%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Server%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20DC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20EAP%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20EAP%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Session%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Logging%20Results%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Accounting%20information%20was%20written%20to%20the%20local%20log%20file.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Reason%20Code%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%208%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Reason%3A%20%3CSTRONG%3E%20The%20specified%20user%20account%20does%20not%20exist%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%3E%20The%20certificates%20installed%20on%20IPads%20use%20the%20Network%20Device%20Enrollment%20Services%20(NDES)%20which%20utilizes%20the%20Simple%20Certificate%20Enrollment%20Protocol%20(SCEP)%20to%20enroll%20for%20device%20certificates%20%E2%80%93%20This%20is%20the%20default%20and%20can%E2%80%99t%20be%20changed%20-%20These%20device%20certificates%20are%20computer%20certificates%20and%20not%20user%20certificates.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20certutil%20-v%20-adtemplate%20ipsecintermediateoffline%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20IPSECIntermediateOffline%3A%20IPSec%20(Offline%20request)%20--%20Auto-Enroll%3A%20Access%20is%20denied.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Enrollment-Flag%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Name-Flag%20%3D%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT%20--%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Private-Key-Flag%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20flags%20%3D%2010241%20(66113)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT%20--%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_MACHINE_TYPE%20--%2040%20(64)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ADD_TEMPLATE_NAME%20--%20200%20(512)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_IS_DEFAULT%20--%2010000%20(65536)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20cn%20%3D%20IPSECIntermediateOffline%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20distinguishedName%20%3D%20IPSECIntermediateOffline%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20displayName%20%3D%20IPSec%20(Offline%20request)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20templateDescription%20%3D%20Computer%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIExtendedKeyUsage%20%3D%201.3.6.1.5.5.8.2.2%20IP%20security%20IKE%20intermediate%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIDefaultCSPs%20%3D%20Microsoft%20RSA%20SChannel%20Cryptographic%20Provider%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKICriticalExtensions%20%3D%202.5.29.15%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20revision%20%3D%207%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Template-Schema-Version%20%3D%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Template-Minor-Revision%20%3D%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Signature%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Minimal-Key-Size%20%3D%20400%20(1024)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Cert-Template-OID%20%3D%201.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.1.20%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Supersede-Templates%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Policies%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Application-Policies%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Policy%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Application-Policy%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20dwKeySpec%20%3D%20AT_KEYEXCHANGE%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIExpirationPeriod%20%3D%26nbsp%3B%202%20Years%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIOverlapPeriod%20%3D%26nbsp%3B%206%20Weeks%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Template%20Extensions%3A%203%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201.3.6.1.4.1.311.20.2%3A%20Flags%20%3D%200%2C%20Length%20%3D%2032%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Certificate%20Template%20Name%20(Certificate%20Type)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20IPSECIntermediateOffline%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202.5.29.37%3A%20Flags%20%3D%200%2C%20Length%20%3D%20c%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Enhanced%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20IP%20security%20IKE%20intermediate%20(1.3.6.1.5.5.8.2.2)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202.5.29.15%3A%20Flags%20%3D%201(Critical)%2C%20Length%20%3D%204%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Digital%20Signature%2C%20Key%20Encipherment%20(a0)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20As%20a%20result%2C%20the%20Network%20Policy%20Server%20(NPS)%20will%20deny%20access%20to%20the%20iPad%20device%2C%20because%20it%20is%20mapping%20the%20wrong%20certificate%20type%2C%20and%20will%20log%20the%20following%20security%20event.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Log%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Security%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Source%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft-Windows-Security-Auditing%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Date%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%202%2F19%2F2012%2012%3A38%3A38%20PM%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Event%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%206273%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Task%20Category%3A%20Network%20Policy%20Server%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Level%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Information%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Keywords%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Audit%20Failure%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%20%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BN%2FA%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Computer%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20DC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Description%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20Network%20Policy%20Server%20denied%20access%20to%20a%20user.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Contact%20the%20Network%20Policy%20Server%20administrator%20for%20more%20information.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%5Cipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Domain%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%5Cipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Machine%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NULL%20SID%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20OS-Version%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Called%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Calling%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20b8ff6154d066%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv4%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv6%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port-Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Wireless%20-%20IEEE%20802.11%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2034%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20RADIUS%20Client%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Friendly%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20wrt350n%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20IP%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Details%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Connection%20Request%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%20Secure%20Wireless%20Connections%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Network%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Secure%20Wireless%20Connections%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Provider%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Windows%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Server%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20DC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20EAP%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20EAP%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft%3A%20Smart%20Card%20or%20other%20certificate%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Session%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Logging%20Results%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Accounting%20information%20was%20written%20to%20the%20local%20log%20file.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Reason%20Code%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20293%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3EReason%3A%20%3C%2FSTRONG%3E%20%3CSTRONG%3E%20The%20certificate%20is%20not%20valid%20for%20the%20requested%20usage.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20only%20way%20to%20make%20this%20work%20is%20to%20map%20the%20computer%20enrolled%20certificate%20to%20a%20user%20account%2C%20which%20is%20described%20in%20the%20remainder%20of%20this%20blog.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-size%3A%20medium%3B%22%3E%20%3CSTRONG%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Extreme%20Caution%3A%20The%20steps%20mentioned%20in%20this%20blog%20were%20tested%20in%20an%20isolated%20network%2C%20and%20not%20verified%20to%20work%20fully%20in%20an%20Enterprise%20Network.%20This%20solution%20is%20provided%20as%20is%20without%20any%20Microsoft%20support.%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20But%2C%20wait!%20What%20if%20we%20issue%20a%20certificate%20with%20subject%20type%20computer%20(e.g.%20IPSec%20Offline%20Request)%20and%20associate%20to%20the%20user%20account%3F%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSTRONG%3E%20Important%3A%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20The%20steps%20to%20enroll%20certificates%20for%20IPads%20and%20iPhone%20were%20described%20in%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F11%2F22%2Fipad-iphone-certificate-issuance.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iPad%2FiPhone%20Certificate%20Issuance%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20.%20The%20solution%20provided%20in%20this%20blog%20assumes%20you%20read%20it%20first.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3EThe%20X.500%20notation%20in%20the%20Iphone%20Configuration%20Utility%20for%20CN%20(common%20name)%20or%20O%20(Organization%20)%20has%20to%20be%26nbsp%3B%20upper%20case%20letters%20%E2%80%93%20example%20CN%3DIPAD1%20%E2%80%93%20failure%20to%20type%20the%20correct%20syntax%20will%20generate%20the%20following%20error%20on%20the%20Network%20Device%20Enrollment%20Service%20(NDES)%20during%20certificate%20enrollment%3A%20%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Log%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Application%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Source%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft-Windows-NetworkDeviceEnrollmentService%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Date%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%202%2F16%2F2012%204%3A40%3A58%20AM%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Event%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2031%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Task%20Category%3A%20None%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Level%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Error%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Keywords%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Classic%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20User%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20N%2FA%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Computer%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NDES.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20Description%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20The%20Network%20Device%20Enrollment%20Service%20cannot%20submit%20the%20certificate%20request%20(The%20request%20subject%20name%20is%20invalid%20or%20too%20long.).%26nbsp%3B%200x80004005%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1073140628%22%20id%3D%22toc-hId-1073140628%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3E%20%3CSPAN%20style%3D%22color%3A%20%234f81bd%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Cambria%3B%22%3E%20Basic%20lab%20topology%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20467px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167187iDB354C09BB6ED35B%2Fimage-dimensions%2F467x367%3Fv%3D1.0%22%20width%3D%22467%22%20height%3D%22367%22%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--734313835%22%20id%3D%22toc-hId--734313835%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3E%20%3CSPAN%20style%3D%22color%3A%20%234f81bd%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Cambria%3B%22%3E%20High%20Level%20Operational%20Steps%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20device%20connects%20to%20a%20deployment%20wireless%20network%20(isolated)%20while%20connected%20via%20USB%20to%20the%20Mobile%20Device%20Management%20Software%20(MDM).%20In%20this%20example%2C%20the%20IPad%20is%20connected%20to%20the%20Iphone%20Configuration%20Utility.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20device%20Administrator%20connects%20to%20the%20Network%20Device%20Enrollment%20Service%20(NDES)%20to%20obtain%20a%20temporary%20password%20which%20is%20entered%20in%20the%20Mobile%20Device%20Management%20(MDM)%20as%20the%20device%E2%80%99s%20profile.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Mobile%20Device%20Management%20(MDM)%20software%20pushes%20the%20profile%20configuration%20to%20the%20device.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20device%20creates%20the%20private%2Fpublic%20pair%20key%20and%20sends%20a%20request%20to%20the%20Network%20Device%20Enrollment%20Service%20(NDES)to%20request%20a%20certificate%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Network%20Device%20Enrollment%20Service%20(NDES)%20sends%20an%20RA%20request%20to%20the%20Certification%20Authority%20(CA)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Certification%20Authority%20(CA)%20sends%20the%20certificate%20to%20the%20Network%20Device%20Enrollment%20Service%20(NDES)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Network%20Device%20Enrollment%20Service%20(NDES)%20sends%20the%20certificate%20to%20Device%20which%20in%20turn%20installs%20it%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Device%20connects%20to%20the%20corporate%20network%20using%20802.1X%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FOL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1753198998%22%20id%3D%22toc-hId-1753198998%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3E%20%3CSPAN%20style%3D%22color%3A%20%234f81bd%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Cambria%3B%22%3E%20Configuration%20steps%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%201.%20Create%20a%20user%20account%20for%20each%20device%20you%20want%20to%20enroll%20in%20AD%26nbsp%3BDS%20with%20the%20following%20specifications%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Set%20a%20long%20complex%20password%20(at%20least%2015%20characters).%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Set%20the%20password%20to%20not%20expire%20by%20selecting%20%3CSTRONG%3E%20Password%20never%20expires%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20c.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20In%20the%20user%20properties%20%3CSTRONG%3E%20Account%20%3C%2FSTRONG%3E%20tab%2C%20select%20%3CSTRONG%3E%20Smart%20Card%20is%20required%20for%20interactive%20logon%20%3C%2FSTRONG%3E%20.%20Select%20%3CSTRONG%3E%20Smart%20card%20is%20required%20for%20interactive%20logon%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20d.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%3CSTRONG%3E%20Account%20is%20sensitive%20and%20cannot%20be%20delegated%20%3C%2FSTRONG%3E%20in%20the%20user%20properties%20%E2%80%9CAccount%20%E2%80%9C%20tab.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20justify%3B%20padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20e.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Click%20on%20%E2%80%9CLogon%20On%20To%E2%80%9D%20button%20and%20in%20%E2%80%9CThe%20Following%20Computers%E2%80%9D%20and%20then%20enter%20a%20placeholder%20computer%20name%20(IPad%E2%80%99s%20IMEI%20for%20example).%20The%20placeholder%20computer%20account%20doesn%E2%80%99t%20need%20to%20exist%20in%20AD%26nbsp%3BDS.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSTRONG%3ENote%3A%20%3C%2FSTRONG%3E%20Disabling%20the%20user%20account%20will%20not%20work%2C%20because%20the%20Network%20Policy%20Service%20(NPS)%20will%20detect%20that%20the%20account%20is%20disabled%20it%20will%20deny%20access%20to%20the%20iPad.%20The%20Network%20Policy%20Server%20(NPS)%20will%20log%20the%20following%20event%20if%20the%20user%20account%20is%20disabled%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Log%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Security%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Source%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Microsoft-Windows-Security-Auditing%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Date%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%26nbsp%3B2%2F16%2F2012%204%3A52%3A50%20PM%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Event%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%206273%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Task%20Category%3A%20Network%20Policy%20Server%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Level%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Information%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Keywords%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Audit%20Failure%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20N%2FA%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Computer%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20DC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Description%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20%3CSTRONG%3E%20Network%20Policy%20Server%20denied%20access%20to%20a%20user.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Contact%20the%20Network%20Policy%20Server%20administrator%20for%20more%20information.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20User%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%5Cipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20ipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Domain%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20CONTOSO%5Cipad%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Machine%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Security%20ID%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20NULL%20SID%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Fully%20Qualified%20Account%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20OS-Version%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Called%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Calling%20Station%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20b8ff6154d066%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv4%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20IPv6%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20021c1049ef6a%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port-Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Wireless%20-%20IEEE%20802.11%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20NAS%20Port%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2034%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20RADIUS%20Client%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Friendly%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20wrt350n%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20IP%20Address%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20192.168.25.254%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Details%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Connection%20Request%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%20Secure%20Wireless%20Connections%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Network%20Policy%20Name%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Provider%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Windows%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Server%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20DC1.contoso.com%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Authentication%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20EAP%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20EAP%20Type%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20Account%20Session%20Identifier%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20-%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Logging%20Results%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Accounting%20information%20was%20written%20to%20the%20local%20log%20file.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Reason%20Code%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%2034%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20Reason%3A%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20user%20or%20computer%20account%20that%20is%20specified%20in%20the%20RADIUS%20Access-Request%20message%20is%20disabled.%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%202.%20Duplicate%20the%20User%20template%20with%20the%20following%20configuration%20(name%20it%20as%20%E2%80%9CUserV2%E2%80%9D%20for%20example)%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3Ea.%20Req%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20uest%20Handling%20tab%3A%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3Ei.%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Purpose%20%E2%80%93%20Signature%20and%20encryption%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3Ei%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20i.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20No%20other%20checkbox%20selected%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iii.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20CSP%20%E2%80%93%20Microsoft%20RSA%20Schannel%20Cryptographic%20Provider%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Subject%20Name%20Tab%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20i.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%E2%80%9CSupply%20in%20the%20request%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20c.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Issuance%20Requirements%20Tab%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20i.%20%3C%2FSPAN%3E%20N%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20othing%20selected%20or%20configured%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20d.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Extensions%20tab%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20i.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Application%20Policies%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20IP%20Security%20IKE%20Intermediate%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Server%20Authentication%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Client%20Authentication%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20ii.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Basic%20Constraints%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Leave%20as%20default%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iii.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Certificate%20Template%20Information%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20This%20configuration%20comes%20from%20the%20AD%20Template%20object%3B%20you%20need%20to%20modify%20the%20subject%20type%20from%20user%20to%20computer%2C%20which%20allows%26nbsp%3B%20NDES%20to%20enroll%20for%20user%20certificates%20(described%20in%20Step%204).%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iv.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Issuance%20Policy%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Leave%20as%20default%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20v.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Key%20Usage%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Signature%20requirements%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Digital%20Signature%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Allow%20key%20exchange%20only%20with%20key%20encryption%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Critical%20extension%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20e.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Security%20Tab%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20i.%20C%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20onfigure%20in%20the%20same%20way%20as%20described%20in%20the%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F11%2F22%2Fipad-iphone-certificate-issuance.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iPad%2FiPhone%20Certificate%20Issuance%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%203.%20Check%20the%20certificate%20template%20attributes%20you%20created%20in%20step%202%20using%20certutil%20%E2%80%93v%20%E2%80%93adtemplate%20userv2%20and%26nbsp%3B%20note%20the%20template%20description%20attribute.%20This%20attribute%20will%20be%20changed%20later%20on%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Userv2%3A%20User%20v2%20--%20Auto-Enroll%3A%20.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Enrollment-Flag%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Name-Flag%20%3D%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT%20--%201%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Private-Key-Flag%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20flags%20%3D%202023a%20(131642)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ADD_EMAIL%20--%202%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_PUBLISH_TO_DS%20--%208%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_EXPORTABLE_KEY%20--%2010%20(16)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_AUTO_ENROLLMENT%20--%2020%20(32)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_ADD_TEMPLATE_NAME%20--%20200%20(512)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20CT_FLAG_IS_MODIFIED%20--%2020000%20(131072)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20cn%20%3D%20Userv2%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20distinguishedName%20%3D%20Userv2%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20displayName%20%3D%20User%20v2%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%3CSTRONG%3E%20templateDescription%20%3D%20User%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIExtendedKeyUsage%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%200%3A%201.3.6.1.5.5.8.2.2%20IP%20security%20IKE%20intermediate%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201%3A%201.3.6.1.5.5.7.3.1%20Server%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202%3A%201.3.6.1.5.5.7.3.2%20Client%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIDefaultCSPs%20%3D%20Microsoft%20RSA%20SChannel%20Cryptographic%20Provider%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKICriticalExtensions%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%200%3A%202.5.29.7%20Subject%20Alternative%20Name%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201%3A%202.5.29.15%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20revision%20%3D%2064%20(100)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Template-Schema-Version%20%3D%202%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Template-Minor-Revision%20%3D%208%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Signature%20%3D%200%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Minimal-Key-Size%20%3D%20800%20(2048)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Cert-Template-OID%20%3D%201.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.15856343.7753402%20User%20v2%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Supersede-Templates%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Policies%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-RA-Application-Policies%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Policy%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20msPKI-Certificate-Application-Policy%20%3D%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%200%3A%201.3.6.1.5.5.8.2.2%20IP%20security%20IKE%20intermediate%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201%3A%201.3.6.1.5.5.7.3.1%20Server%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202%3A%201.3.6.1.5.5.7.3.2%20Client%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20dwKeySpec%20%3D%20AT_KEYEXCHANGE%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIExpirationPeriod%20%3D%26nbsp%3B%201%20Years%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20pKIOverlapPeriod%20%3D%26nbsp%3B%206%20Weeks%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Template%20Extensions%3A%204%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201.3.6.1.4.1.311.21.7%3A%20Flags%20%3D%200%2C%20Length%20%3D%202f%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Certificate%20Template%20Information%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Template%3DUser%20v2(1.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.15856343.7753402)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Major%20Version%20Number%3D100%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Minor%20Version%20Number%3D8%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202.5.29.37%3A%20Flags%20%3D%200%2C%20Length%20%3D%2020%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Enhanced%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20IP%20security%20IKE%20intermediate%20(1.3.6.1.5.5.8.2.2)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Server%20Authentication%20(1.3.6.1.5.5.7.3.1)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Client%20Authentication%20(1.3.6.1.5.5.7.3.2)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%202.5.29.15%3A%20Flags%20%3D%201(Critical)%2C%20Length%20%3D%204%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Key%20Usage%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Digital%20Signature%2C%20Key%20Encipherment%20(a0)%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%201.3.6.1.4.1.311.21.10%3A%20Flags%20%3D%200%2C%20Length%20%3D%2026%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Application%20Policies%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%5B1%5DApplication%20Certificate%20Policy%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Policy%20Identifier%3DIP%20security%20IKE%20intermediate%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%5B2%5D%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%22%3E%20Application%20Certificate%20Policy%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Policy%20Identifier%3DServer%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20%5B3%5DApplication%20Certificate%20Policy%3A%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20courier%20new%2Ccourier%3B%20font-size%3A%20small%3B%22%3E%20Policy%20Identifier%3DClient%20Authentication%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%204.%20Network%20Device%20Enrollment%20Service%20(NDES)%20does%20not%20support%20user%20templates%3B%20as%20a%20result%2C%20the%20user%20template%20created%20in%20Step%202%20has%20to%20be%20changed%20to%20a%20computer%20template.%20To%20do%20so%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Open%20Active%20Directory%20Sites%20and%20Services%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%3CSTRONG%3E%20Menu%20%3C%2FSTRONG%3E%20%2C%20%3CSTRONG%3E%20View%20%3C%2FSTRONG%3E%20and%20then%20select%20%3CSTRONG%3E%20Show%20Services%20Node%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20c.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Expand%20%3CSTRONG%3E%20Services%20%3C%2FSTRONG%3E%20%2C%20%3CSTRONG%3E%20Public%20Key%20Services%20%3C%2FSTRONG%3E%20and%20then%20click%20%3CSTRONG%3E%20Certificate%20Templates%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20d.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Open%20the%20duplicated%20certificate%20template%20created%20in%20step%202%20(UserV2%20in%20this%20example)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20e.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Edit%20the%20flags%20attribute%20and%20change%20its%20value%20from%20131642%20to%20131706.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22color%3A%20%23ff0000%3B%20font-size%3A%20medium%3B%22%3E%20%3CSTRONG%3E%20%3CSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Extreme%20Warning%3A%20This%20method%20is%20supplied%20as%20is%2C%20and%20should%20be%20thoroughly%20tested%20in%20your%20environment.%20Deploy%20this%20solution%20at%20your%20own%20risk%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20If%20you%20run%20certutil%20%E2%80%93v%20%E2%80%93adtemplate%20userv2command%20again%2C%20you%20can%20see%20that%20the%20templatedescription%20attribute%20was%20changed%20from%20user%20to%20computer.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E5.%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Publish%20the%20certificate%20created%20in%20step%202%20to%20the%26nbsp%3B%20Certification%20Authority%20(CA).%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSTRONG%3ENote%3A%20%3C%2FSTRONG%3E%20If%20you%20don%E2%80%99t%20perform%20these%20changes%20to%20the%20certificate%20template%20and%20configure%20NDES%20to%20deploy%20this%20template%2C%20then%20you%20will%20receive%20the%20following%20error%20when%20requesting%20the%20challenge%20password%20from%20the%20Network%20Device%20Enrollment%20Service%20(NDES)%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%20padding-left%3A%2090px%3B%22%3E%3CSTRONG%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Network%20Device%20Enrollment%20Service%20%3C%2FSPAN%3E%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%20padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Network%20Device%20Enrollment%20Service%20allows%20you%20to%20obtain%20certificates%20for%20routers%20or%20other%20network%20devices%20using%20the%20Simple%20Certificate%20Enrollment%20Protocol%20(SCEP).%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%20padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20You%20do%20not%20have%20sufficient%20permission%20to%20enroll%20with%20SCEP.%20Please%20contact%20your%20system%20administrator.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%20padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20For%20more%20information%20see%20Using%20Network%20Device%20Enrollment%20Service.%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%206.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Configure%20the%20Network%20Device%20Enrollment%20Service%20%26nbsp%3B(NDES)%20to%20%26nbsp%3Bissue%20certificates%20based%20on%20the%20certificate%20template%20created%20in%20step%20do%20by%20editing%20the%20following%20registry%20key%3A%20%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%5BHKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CCryptography%5CMSCEP%5D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%22SignatureTemplate%22%3D%22Userv2%22%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%22EncryptionTemplate%22%3D%22Userv2%22%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%20120px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%22GeneralPurposeTemplate%22%3D%22Userv2%22%20%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%207.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Restart%20Internet%20Information%20Services%20(IIS)%20on%20the%20Network%20Device%20Enrollment%20Service%20(NDES).%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%208.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Install%20the%20Root%20CA%E2%80%99s%20certificate%20on%20the%20computer%20where%20you%20will%20run%20the%20iPhone%20Configuration%20Utility.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%209.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Open%20the%20iPhone%20Configuration%20Utility%20and%20create%20a%20configuration%20profile.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2010.%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3EMake%20sure%20NDES%20and%20SCEP%20settings%20are%20configured%20in%20the%20iPhone%20Configuration%20Utility%20using%20the%20steps%20in%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F11%2F22%2Fipad-iphone-certificate-issuance.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iPad%2FIphone%20Certificate%20Issuance%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20blog.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2011.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%3CSTRONG%3E%20Wi-fi%20%3C%2FSTRONG%3E%20and%20enter%20the%20SSID%20of%20the%20802.1x%20wireless%20network.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2012.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%3CSTRONG%3E%20Auto-Join%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2013.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20On%20%3CSTRONG%3E%20Security%20type%20%3C%2FSTRONG%3E%20%2C%20select%20%3CSTRONG%3E%20WPA%2FWPA2%20Enterprise%20%3C%2FSTRONG%3E%20.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2014.%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3ESelect%20Protocols%20and%20then%20choose%20TLS%20%3CBR%20%2F%3E%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20348px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167188iBF274A185AF7C636%2Fimage-dimensions%2F348x585%3Fv%3D1.0%22%20width%3D%22348%22%20height%3D%22585%22%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2015.%20%3C%2FSPAN%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3ENext%2C%20select%20Authentication%20and%20choose%20the%20SCEP%20identity%20certificate%20that%20was%20previously%20configured%20as%20outlined%20in%20%3C%2FSPAN%3E%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F11%2F22%2Fipad-iphone-certificate-issuance.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20%3CSPAN%20style%3D%22color%3A%20%230000ff%3B%20font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20iPad%2FIphone%20Certificate%20Issuance%20%3C%2FSPAN%3E%20%3C%2FA%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20blog.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20250px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167189iFB743E81A462F024%2Fimage-dimensions%2F250x297%3Fv%3D1.0%22%20width%3D%22250%22%20height%3D%22297%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2016.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%E2%80%9CTrust%E2%80%9D%20and%20choose%20your%20Root%26nbsp%3BCA%20certificate%20as%20a%20trusted%20certificate.%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20center%3B%22%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20406px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167190iB72753A9F8C2ABC6%2Fimage-dimensions%2F406x198%3Fv%3D1.0%22%20width%3D%22406%22%20height%3D%22198%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2017.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20After%20the%20CA%20issues%20the%20new%20certificate%2C%20you%20must%20export%20it%20from%20the%20CA%20and%20associate%20this%20certificate%20with%20the%20user%20account%20that%20was%20created%20in%20step%201%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Open%20Active%20Directory%20Users%20and%20Computers%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20menu%2C%20%3CSTRONG%3E%20View%20%3C%2FSTRONG%3E%20-and%20then%20select%20%3CSTRONG%3E%20Advanced%20Features%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20c.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Find%20the%20user%20account%20that%20represents%20the%20IPad%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20d.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Right-click%20the%20user%20account%20and%20choose%20%3CSTRONG%3E%20Name%20Mappings%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20e.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Click%20%3CSTRONG%3E%20Add%2C%20%3C%2FSTRONG%3E%20then%20select%20the%20certificate%20to%20import%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20center%3B%20padding-left%3A%2090px%3B%22%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20333px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F167191i153D89C1FBFFD956%2Fimage-dimensions%2F333x378%3Fv%3D1.0%22%20width%3D%22333%22%20height%3D%22378%22%20%2F%3E%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2090px%3B%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%2018.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Deploy%20the%20profile%20to%20your%20IPad%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--54255465%22%20id%3D%22toc-hId--54255465%22%3E%3CSPAN%20style%3D%22font-size%3A%20medium%3B%22%3E%20%3CSPAN%20style%3D%22color%3A%20%234f81bd%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Cambria%3B%22%3E%20NPS%20Basic%20Settings%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20The%20Network%20Policy%20Server%20(NPS)%20settings%20that%20were%20configured%20during%20this%20solution%20were%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%201.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Make%20your%20Network%20policy%20Server%20(NPS)%20member%20of%20%E2%80%9CRAS%20and%20IAS%20Servers%E2%80%9D%20group%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%202.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Publish%20the%20%E2%80%9CRAS%20and%20IAS%20Server%E2%80%9D%20certificate%20template%20to%20your%20CA%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%203.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Enroll%20your%20Network%20policy%20Server%20(NPS)%20server%20for%20the%20%E2%80%9CRAS%20and%20IAS%20Server%E2%80%9D%20%26nbsp%3Bcertificate%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%204.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20In%20Policies%2C%20select%20Connection%20request%20policies%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Create%20a%20Policy%20named%20%E2%80%9CSecure%20Wireless%20Connections%E2%80%9D%20with%20a%20condition%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20NAS%20Port%20Type%20%3D%20%E2%80%9CWireless%20%E2%80%93%20Other%20or%20Wireless%20%E2%80%93%20IEE%20802.11%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20b.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Disable%20the%20default%20policy%20called%20%E2%80%9CUse%20Windows%20authentication%20for%20all%20users%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2030px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%205.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20In%20Policies%2C%20select%20Network%20Policies%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20style%3D%22padding-left%3A%2060px%3B%22%3E%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%20font-size%3A%20small%3B%22%3E%20a.%20%3C%2FSPAN%3E%20%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Create%20a%20policy%20named%20%E2%80%9CSecure%20Wireless%20Connections%E2%80%9D%20with%20following%20settings%3A%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Overview%20Tab%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%E2%80%9CGrant%20Access.%20Grant%20access%20if%20the%20connection%20request%20matches%20this%20policy.%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Select%20%E2%80%9CIgnore%20user%20account%20dial-in%20properties%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Conditions%20Tab%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20NAS%20Port%20Type%20%3D%20%E2%80%9CWireless%20%E2%80%93%20Other%20or%20Wireless%20%E2%80%93%20IEE%20802.11%E2%80%9D%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Windows%20Groups%20%3D%20%E2%80%9CContoso%5CDomain%20users%E2%80%9D%20(this%20could%20be%20any%20group%2C%20just%20make%20sure%20to%20make%20the%20user%20account%20member%20of%20it)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Constraints%20Tab%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Authentication%20Methods%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20style%3D%22font-size%3A%20small%3B%22%3E%20%3CSPAN%20style%3D%22font-family%3A%20Calibri%3B%22%3E%20Microsoft%3A%20Smart%20Card%20or%20other%20certificate%20(choose%20the%20enrolled%20RAS%20and%20IAS%20Server%20certificate)%20%3C%2FSPAN%3E%20%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1861709928%22%20id%3D%22toc-hId--1861709928%22%3E%3CSPAN%20style%3D%22color%3A%20%234f81bd%3B%20font-family%3A%20Cambria%3B%20font-size%3A%20medium%3B%22%3E%20Thanks%20to%20Paulo%20Marques%20da%20Costa%20for%20writing%20this%20informative%20Blog%20%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1128842%22%20slang%3D%22en-US%22%3E%3CP%3EFirst%20published%20on%20TECHNET%20on%20Feb%2027%2C%202012%20Important%20notice%3A%20Microsoft%20does%20not%20support%20any%20apple%20products%2C%20if%20you%20need%20to%20troubleshoot%20any%20problem%20related%20to%20apple%20products%2C%20please%20refer%20to%20http%3A%2F%2Fwww.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1128842%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAmerKamal%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

First published on TECHNET on Feb 27, 2012

Important notice : Microsoft does not support any apple products, if you need to troubleshoot any problem related to apple products, please refer to http://www.apple.com/support

 

Warning
SCEP was designed to be used in a closed network where all end-points are trusted. The warnings from CERT in the article " Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests " should be considered when implementing the NDES service. If an application utilizes SCEP, it should provide its own strong authentication.

 

 

 

I am often asked by customers how to deploy certificates to iPads using NDES, where I refer them to Rob Greene’s blog for the steps required configuring NDES and enrolling these devices for certificates. Lately, I was presented with a challenge where a customer wanted to enroll these devices for certificates and authenticate them to an 802.1x infrastructure using Network Policy Server (NPS)

 

Let’s review how a non-domain joined machine authenticates to an 802.1x network before delving into the required steps for iPads to connect to the same network. Historically, the following steps were followed:

 

1. Create a placeholder computer account in Active Directory Domain Services (AD DS)

 

2. Configure a Service Principal Name (SPN) for the new computer object.

 

3. Enroll a computer certificate passing the FQDN of the placeholder computer object as a Subject Name, using Web Enrollment Pages or Certificates MMC snap-in directly from the computer (Skip step 4 if you are using the Certificates MMC snap-in)

 

4. Export the certificate created for the non-domain joined machine and install it.

 

5. Associate the newly created certificate to the placeholder AD DS domain computer account manually created through Name Mappings

 

a. Select Advanced View in Active Directory Users and Computers

 

b. Right-click the placeholder computer object and then select Name Mappings.

 

Note: Windows 7 and Windows Server 2008 R2 allows to you skip steps 3 and 4 by using Certificate Enrollment Web Services (CES) and Certificate Enrollment Web Policy (CEP) to ...

 

The method described earlier applies to computers where the computer certificate enrolled is based on a computer template. The computer will present the certificate (Subject Name) to the Network Policy Server (NPS), which in turn will check if the computer account is enabled in AD DS.

 

Devices such as iPads behave differently, where they treat all certificates installed as a user certificate, hence when passing the subject name to the NPS server, NPS will look for a user object in AD DS rather than a computer object, causing the authentication request to fail

 

 

 

Log Name:      Security

 

Source:        Microsoft-Windows-Security-Auditing

 

Date:          2/15/2012 8:55:49 PM

 

Event ID:      6273

 

Task Category: Network Policy Server

 

Level:         Information

 

Keywords:      Audit Failure

 

User:          N/A

 

Computer:      DC1.contoso.com

 

Description:

 

Network Policy Server denied access to a user.

 

 

 

Contact the Network Policy Server administrator for more information.

 

 

 

User:

 

Security ID:               NULL SID

 

Account Name:              ipad.contoso.com

 

Account Domain:                   CONTOSO

 

Fully Qualified Account Name:     CONTOSO\ipad.contoso.com

 

 

 

Client Machine:

 

Security ID:               NULL SID

 

Account Name:              -

 

Fully Qualified Account Name:     -

 

OS-Version:                -

 

Called Station Identifier:        021c1049ef6a

 

Calling Station Identifier:       b8ff6154d066

 

 

 

NAS:

 

NAS IPv4 Address:          192.168.25.254

 

NAS IPv6 Address:          -

 

NAS Identifier:                   021c1049ef6a

 

NAS Port-Type:                    Wireless - IEEE 802.11

 

NAS Port:                  34

 

 

 

RADIUS Client:

 

Client Friendly Name:             wrt350n

 

Client IP Address:                192.168.25.254

 

 

 

Authentication Details:

 

Connection Request Policy Name:   Secure Wireless Connections

 

Network Policy Name:       -

 

Authentication Provider:          Windows

 

Authentication Server:            DC1.contoso.com

 

Authentication Type:       EAP

 

EAP Type:                  -

 

Account Session Identifier:       -

 

Logging Results:                  Accounting information was written to the local log file.

 

Reason Code:               8

 

Reason: The specified user account does not exist .

 

 

 

 

 

The certificates installed on IPads use the Network Device Enrollment Services (NDES) which utilizes the Simple Certificate Enrollment Protocol (SCEP) to enroll for device certificates – This is the default and can’t be changed - These device certificates are computer certificates and not user certificates.

 

 

 

certutil -v -adtemplate ipsecintermediateoffline

 

 

 

IPSECIntermediateOffline: IPSec (Offline request) -- Auto-Enroll: Access is denied.

 

msPKI-Enrollment-Flag = 0

 

msPKI-Certificate-Name-Flag = 1

 

CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT -- 1

 

msPKI-Private-Key-Flag = 0

 

flags = 10241 (66113)

 

CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT -- 1

 

CT_FLAG_MACHINE_TYPE -- 40 (64)

 

CT_FLAG_ADD_TEMPLATE_NAME -- 200 (512)

 

CT_FLAG_IS_DEFAULT -- 10000 (65536)

 

cn = IPSECIntermediateOffline

 

distinguishedName = IPSECIntermediateOffline

 

displayName = IPSec (Offline request)

 

templateDescription = Computer

 

pKIExtendedKeyUsage = 1.3.6.1.5.5.8.2.2 IP security IKE intermediate

 

pKIDefaultCSPs = Microsoft RSA SChannel Cryptographic Provider

 

pKICriticalExtensions = 2.5.29.15 Key Usage

 

revision = 7

 

msPKI-Template-Schema-Version = 1

 

msPKI-Template-Minor-Revision = 1

 

msPKI-RA-Signature = 0

 

msPKI-Minimal-Key-Size = 400 (1024)

 

msPKI-Cert-Template-OID = 1.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.1.20

 

msPKI-Supersede-Templates =

 

msPKI-RA-Policies =

 

msPKI-RA-Application-Policies =

 

msPKI-Certificate-Policy =

 

msPKI-Certificate-Application-Policy =

 

dwKeySpec = AT_KEYEXCHANGE

 

pKIExpirationPeriod =  2 Years

 

pKIOverlapPeriod =  6 Weeks

 

 

 

Template Extensions: 3

 

1.3.6.1.4.1.311.20.2: Flags = 0, Length = 32

 

Certificate Template Name (Certificate Type)

 

IPSECIntermediateOffline

 

 

 

2.5.29.37: Flags = 0, Length = c

 

Enhanced Key Usage

 

IP security IKE intermediate (1.3.6.1.5.5.8.2.2)

 

 

 

2.5.29.15: Flags = 1(Critical), Length = 4

 

Key Usage

 

Digital Signature, Key Encipherment (a0)

 

 

 

As a result, the Network Policy Server (NPS) will deny access to the iPad device, because it is mapping the wrong certificate type, and will log the following security event.

 

 

 

Log Name:      Security

 

Source:        Microsoft-Windows-Security-Auditing

 

Date:          2/19/2012 12:38:38 PM

 

Event ID:      6273

 

Task Category: Network Policy Server

 

Level:         Information

 

Keywords:      Audit Failure

 

User:          N/A

 

Computer:      DC1.contoso.com

 

Description:

 

Network Policy Server denied access to a user.

 

 

 

Contact the Network Policy Server administrator for more information.

 

 

 

User:

 

Security ID:               CONTOSO\ipad

 

Account Name:              ipad

 

Account Domain:                   CONTOSO

 

Fully Qualified Account Name:     CONTOSO\ipad

 

 

 

Client Machine:

 

Security ID:               NULL SID

 

Account Name:              -

 

Fully Qualified Account Name:     -

 

OS-Version:                -

 

Called Station Identifier:        021c1049ef6a

 

Calling Station Identifier:       b8ff6154d066

 

 

 

NAS:

 

NAS IPv4 Address:          192.168.25.254

 

NAS IPv6 Address:          -

 

NAS Identifier:                   021c1049ef6a

 

NAS Port-Type:                    Wireless - IEEE 802.11

 

NAS Port:                  34

 

 

 

RADIUS Client:

 

Client Friendly Name:             wrt350n

 

Client IP Address:                192.168.25.254

 

 

 

Authentication Details:

 

Connection Request Policy Name:   Secure Wireless Connections

 

Network Policy Name:       Secure Wireless Connections

 

Authentication Provider:          Windows

 

Authentication Server:            DC1.contoso.com

 

Authentication Type:       EAP

 

EAP Type:                  Microsoft: Smart Card or other certificate

 

Account Session Identifier:       -

 

Logging Results:                  Accounting information was written to the local log file.

 

Reason Code:               293

 

Reason: The certificate is not valid for the requested usage.

 

 

 

The only way to make this work is to map the computer enrolled certificate to a user account, which is described in the remainder of this blog.

 

Extreme Caution: The steps mentioned in this blog were tested in an isolated network, and not verified to work fully in an Enterprise Network. This solution is provided as is without any Microsoft support.

 

But, wait! What if we issue a certificate with subject type computer (e.g. IPSec Offline Request) and associate to the user account?

 

Important:

 

The steps to enroll certificates for IPads and iPhone were described in iPad/iPhone Certificate Issuance . The solution provided in this blog assumes you read it first.

 

The X.500 notation in the Iphone Configuration Utility for CN (common name) or O (Organization ) has to be  upper case letters – example CN=IPAD1 – failure to type the correct syntax will generate the following error on the Network Device Enrollment Service (NDES) during certificate enrollment:
Log Name:      Application

 

Source:        Microsoft-Windows-NetworkDeviceEnrollmentService

 

Date:          2/16/2012 4:40:58 AM

 

Event ID:      31

 

Task Category: None

 

Level:         Error

 

Keywords:      Classic

 

User:          N/A

 

Computer:      NDES.contoso.com

 

Description:

 

The Network Device Enrollment Service cannot submit the certificate request (The request subject name is invalid or too long.).  0x80004005

 

 

 

Basic lab topology

 

 

High Level Operational Steps

 

 



    1. The device connects to a deployment wireless network (isolated) while connected via USB to the Mobile Device Management Software (MDM). In this example, the IPad is connected to the Iphone Configuration Utility.

 

    1. The device Administrator connects to the Network Device Enrollment Service (NDES) to obtain a temporary password which is entered in the Mobile Device Management (MDM) as the device’s profile.

 

    1. The Mobile Device Management (MDM) software pushes the profile configuration to the device.

 

    1. The device creates the private/public pair key and sends a request to the Network Device Enrollment Service (NDES)to request a certificate

 

    1. The Network Device Enrollment Service (NDES) sends an RA request to the Certification Authority (CA)

 

    1. The Certification Authority (CA) sends the certificate to the Network Device Enrollment Service (NDES)

 

    1. The Network Device Enrollment Service (NDES) sends the certificate to Device which in turn installs it

 

    1. The Device connects to the corporate network using 802.1X



 

 

Configuration steps

 

 

 

1. Create a user account for each device you want to enroll in AD DS with the following specifications:

 

a. Set a long complex password (at least 15 characters).

 

b. Set the password to not expire by selecting Password never expires .

 

c. In the user properties Account tab, select Smart Card is required for interactive logon . Select Smart card is required for interactive logon .

 

d. Select Account is sensitive and cannot be delegated in the user properties “Account “ tab.

 

e. Click on “Logon On To” button and in “The Following Computers” and then enter a placeholder computer name (IPad’s IMEI for example). The placeholder computer account doesn’t need to exist in AD DS.

 

 

 

Note: Disabling the user account will not work, because the Network Policy Service (NPS) will detect that the account is disabled it will deny access to the iPad. The Network Policy Server (NPS) will log the following event if the user account is disabled

 

 

 

Log Name:      Security

 

Source:        Microsoft-Windows-Security-Auditing

 

Date:          2/16/2012 4:52:50 PM

 

Event ID:      6273

 

Task Category: Network Policy Server

 

Level:         Information

 

Keywords:      Audit Failure

 

User:          N/A

 

Computer:      DC1.contoso.com

 

Description:

 

Network Policy Server denied access to a user.

 

 

 

Contact the Network Policy Server administrator for more information.

 

User:

 

Security ID:               CONTOSO\ipad

 

Account Name:              ipad

 

Account Domain:                   CONTOSO

 

Fully Qualified Account Name:     CONTOSO\ipad

 

 

 

Client Machine:

 

Security ID:               NULL SID

 

Account Name:              -

 

Fully Qualified Account Name:     -

 

OS-Version:                -

 

Called Station Identifier:        021c1049ef6a

 

Calling Station Identifier:       b8ff6154d066

 

 

 

NAS:

 

NAS IPv4 Address:          192.168.25.254

 

NAS IPv6 Address:          -

 

NAS Identifier:                   021c1049ef6a

 

NAS Port-Type:                    Wireless - IEEE 802.11

 

NAS Port:                  34

 

 

 

RADIUS Client:

 

Client Friendly Name:             wrt350n

 

Client IP Address:                192.168.25.254

 

 

 

Authentication Details:

 

Connection Request Policy Name:   Secure Wireless Connections

 

Network Policy Name:       -

 

Authentication Provider:          Windows

 

Authentication Server:            DC1.contoso.com

 

Authentication Type:       EAP

 

EAP Type:                  -

 

Account Session Identifier:       -

 

Logging Results:                  Accounting information was written to the local log file.

 

Reason Code:               34

 

Reason:       The user or computer account that is specified in the RADIUS Access-Request message is disabled.

 

 

 

2. Duplicate the User template with the following configuration (name it as “UserV2” for example):

 

a. Req uest Handling tab:

 

i. Purpose – Signature and encryption

 

i i. No other checkbox selected

 

iii. CSP – Microsoft RSA Schannel Cryptographic Provider

 

b. Subject Name Tab:

 

i. Select “Supply in the request”

 

c. Issuance Requirements Tab

 

i. N othing selected or configured

 

d. Extensions tab:

 

i. Application Policies:






          • IP Security IKE Intermediate

 

          • Server Authentication

 

          • Client Authentication






ii. Basic Constraints:






          • Leave as default






iii. Certificate Template Information:






          • This configuration comes from the AD Template object; you need to modify the subject type from user to computer, which allows  NDES to enroll for user certificates (described in Step 4).






iv. Issuance Policy:






          • Leave as default






v. Key Usage:






          • Signature requirements:



            • Digital Signature

 

            • Allow key exchange only with key encryption

 

            • Critical extension







e. Security Tab

 

i. C onfigure in the same way as described in the iPad/iPhone Certificate Issuance .

 

 

 

3. Check the certificate template attributes you created in step 2 using certutil –v –adtemplate userv2 and  note the template description attribute. This attribute will be changed later on

 

 

 

Userv2: User v2 -- Auto-Enroll: .

 

msPKI-Enrollment-Flag = 0

 

msPKI-Certificate-Name-Flag = 1

 

CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT -- 1

 

msPKI-Private-Key-Flag = 0

 

flags = 2023a (131642)

 

CT_FLAG_ADD_EMAIL -- 2

 

CT_FLAG_PUBLISH_TO_DS -- 8

 

CT_FLAG_EXPORTABLE_KEY -- 10 (16)

 

CT_FLAG_AUTO_ENROLLMENT -- 20 (32)

 

CT_FLAG_ADD_TEMPLATE_NAME -- 200 (512)

 

CT_FLAG_IS_MODIFIED -- 20000 (131072)

 

cn = Userv2

 

distinguishedName = Userv2

 

displayName = User v2

 

templateDescription = User

 

pKIExtendedKeyUsage =

 

0: 1.3.6.1.5.5.8.2.2 IP security IKE intermediate

 

1: 1.3.6.1.5.5.7.3.1 Server Authentication

 

2: 1.3.6.1.5.5.7.3.2 Client Authentication

 

pKIDefaultCSPs = Microsoft RSA SChannel Cryptographic Provider

 

pKICriticalExtensions =

 

0: 2.5.29.7 Subject Alternative Name

 

1: 2.5.29.15 Key Usage

 

revision = 64 (100)

 

msPKI-Template-Schema-Version = 2

 

msPKI-Template-Minor-Revision = 8

 

msPKI-RA-Signature = 0

 

msPKI-Minimal-Key-Size = 800 (2048)

 

msPKI-Cert-Template-OID = 1.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.15856343.7753402 User v2

 

msPKI-Supersede-Templates =

 

msPKI-RA-Policies =

 

msPKI-RA-Application-Policies =

 

msPKI-Certificate-Policy =

 

msPKI-Certificate-Application-Policy =

 

0: 1.3.6.1.5.5.8.2.2 IP security IKE intermediate

 

1: 1.3.6.1.5.5.7.3.1 Server Authentication

 

2: 1.3.6.1.5.5.7.3.2 Client Authentication

 

dwKeySpec = AT_KEYEXCHANGE

 

pKIExpirationPeriod =  1 Years

 

pKIOverlapPeriod =  6 Weeks

 

 

 

Template Extensions: 4

 

1.3.6.1.4.1.311.21.7: Flags = 0, Length = 2f

 

Certificate Template Information

 

Template=User v2(1.3.6.1.4.1.311.21.8.800281.5632585.475790.4272720.15075391.217.15856343.7753402)

 

Major Version Number=100

 

Minor Version Number=8

 

 

 

2.5.29.37: Flags = 0, Length = 20

 

Enhanced Key Usage

 

IP security IKE intermediate (1.3.6.1.5.5.8.2.2)

 

Server Authentication (1.3.6.1.5.5.7.3.1)

 

Client Authentication (1.3.6.1.5.5.7.3.2)

 

 

 

2.5.29.15: Flags = 1(Critical), Length = 4

 

Key Usage

 

Digital Signature, Key Encipherment (a0)

 

 

 

1.3.6.1.4.1.311.21.10: Flags = 0, Length = 26

 

Application Policies

 

[1]Application Certificate Policy:

 

Policy Identifier=IP security IKE intermediate

 

[2] Application Certificate Policy:

 

Policy Identifier=Server Authentication

 

[3]Application Certificate Policy:

 

Policy Identifier=Client Authentication

 

 

 

4. Network Device Enrollment Service (NDES) does not support user templates; as a result, the user template created in Step 2 has to be changed to a computer template. To do so:

 

a. Open Active Directory Sites and Services

 

b. Select Menu , View and then select Show Services Node .

 

c. Expand Services , Public Key Services and then click Certificate Templates .

 

d. Open the duplicated certificate template created in step 2 (UserV2 in this example)

 

e. Edit the flags attribute and change its value from 131642 to 131706.

 

Extreme Warning: This method is supplied as is, and should be thoroughly tested in your environment. Deploy this solution at your own risk

 

If you run certutil –v –adtemplate userv2command again, you can see that the templatedescription attribute was changed from user to computer.

 

 

 

5. Publish the certificate created in step 2 to the  Certification Authority (CA).

 

 

 

Note: If you don’t perform these changes to the certificate template and configure NDES to deploy this template, then you will receive the following error when requesting the challenge password from the Network Device Enrollment Service (NDES):

 

 

 

Network Device Enrollment Service

 

Network Device Enrollment Service allows you to obtain certificates for routers or other network devices using the Simple Certificate Enrollment Protocol (SCEP).

 

You do not have sufficient permission to enroll with SCEP. Please contact your system administrator.

 

For more information see Using Network Device Enrollment Service.

 

6. Configure the Network Device Enrollment Service  (NDES) to  issue certificates based on the certificate template created in step do by editing the following registry key:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP]

 

"SignatureTemplate"="Userv2"

 

"EncryptionTemplate"="Userv2"

 

"GeneralPurposeTemplate"="Userv2"

 

7. Restart Internet Information Services (IIS) on the Network Device Enrollment Service (NDES).

 

8. Install the Root CA’s certificate on the computer where you will run the iPhone Configuration Utility.

 

9. Open the iPhone Configuration Utility and create a configuration profile.

 

10. Make sure NDES and SCEP settings are configured in the iPhone Configuration Utility using the steps in iPad/Iphone Certificate Issuance blog.

 

11. Select Wi-fi and enter the SSID of the 802.1x wireless network.

 

12. Select Auto-Join .

 

13. On Security type , select WPA/WPA2 Enterprise .

 

14. Select Protocols and then choose TLS

 

 

 

15. Next, select Authentication and choose the SCEP identity certificate that was previously configured as outlined in iPad/Iphone Certificate Issuance blog.

 

 

 

 

 

 

16. Select “Trust” and choose your Root CA certificate as a trusted certificate.

 


 

 

 

17. After the CA issues the new certificate, you must export it from the CA and associate this certificate with the user account that was created in step 1:

 

a. Open Active Directory Users and Computers

 

b. Select menu, View -and then select Advanced Features

 

c. Find the user account that represents the IPad

 

d. Right-click the user account and choose Name Mappings

 

e. Click Add, then select the certificate to import

 

 

 

 

18. Deploy the profile to your IPad

 

 

 

NPS Basic Settings

 

 

 

The Network Policy Server (NPS) settings that were configured during this solution were:

 

1. Make your Network policy Server (NPS) member of “RAS and IAS Servers” group

 

2. Publish the “RAS and IAS Server” certificate template to your CA

 

3. Enroll your Network policy Server (NPS) server for the “RAS and IAS Server”  certificate

 

4. In Policies, select Connection request policies:

 

a. Create a Policy named “Secure Wireless Connections” with a condition:




      • NAS Port Type = “Wireless – Other or Wireless – IEE 802.11”




b. Disable the default policy called “Use Windows authentication for all users”

 

5. In Policies, select Network Policies:

 

a. Create a policy named “Secure Wireless Connections” with following settings:




      • Overview Tab



        • Select “Grant Access. Grant access if the connection request matches this policy.”

 

        • Select “Ignore user account dial-in properties”



      • Conditions Tab



        • NAS Port Type = “Wireless – Other or Wireless – IEE 802.11”

 

        • Windows Groups = “Contoso\Domain users” (this could be any group, just make sure to make the user account member of it)



      • Constraints Tab



        • Authentication Methods



          • Microsoft: Smart Card or other certificate (choose the enrolled RAS and IAS Server certificate)






Thanks to Paulo Marques da Costa for writing this informative Blog