NDES service - 500 internal error

Copper Contributor

The main task is to setup NDES and SCEP for certificate deployment via Intune. On our CA I have created two certificate templates as per the instructions in Microsoft documentation. The first template is issuing certificates to the end users/devices and the second template will be binded to the IIS service on the NDES server.

 

The process of creating a certificate was successful and I have not had any issues. I moved on to installing the NDES role and configuring it as per the instruction. Once the final step was completed I proceeded to check the NDES service by browsing to http://Server_FQDN/certsrv/mscep/mscep.dll. I get the Http error 500.0 - internal server error and when I check the vent viewer I get the following two entries:

 

1: The Network Device Enrollment Service cannot be started (0x800700ea). More data is available.

2: The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057)

 

I have checked the Microsoft documentation and applied the following fix to rectify the issue:

 

I have checked that my NDES service account is added to the local IIS group.

  • My account is also added to the service account.
  • In IIS I have Allow Double Escaping.
  • In IIS Load User Profile, Set to True on the Application Pool.
  • I have the correct user and computer permission on the certificate template on CA.

 

Before I can continue with the remaining setup and install the NDES connector etc. I need assistance to resolve the NDES service.

 

1 Reply
I am in the same boat. Ever get this resolved?