The main task is to setup NDES and SCEP for certificate deployment via Intune. On our CA I have created two certificate templates as per the instructions in Microsoft documentation. The first template is issuing certificates to the end users/devices and the second template will be binded to the IIS service on the NDES server.
The process of creating a certificate was successful and I have not had any issues. I moved on to installing the NDES role and configuring it as per the instruction. Once the final step was completed I proceeded to check the NDES service by browsing to http://Server_FQDN/certsrv/mscep/mscep.dll. I get the Http error 500.0 - internal server error and when I check the vent viewer I get the following two entries:
1: The Network Device Enrollment Service cannot be started (0x800700ea). More data is available.
2: The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057)
I have checked the Microsoft documentation and applied the following fix to rectify the issue:
I have checked that my NDES service account is added to the local IIS group.
My account is also added to the service account.
In IIS I have Allow Double Escaping.
In IIS Load User Profile, Set to True on the Application Pool.
I have the correct user and computer permission on the certificate template on CA.
Before I can continue with the remaining setup and install the NDES connector etc. I need assistance to resolve the NDES service.