Oct 17 2020 02:07 AM
Hello,
I set up the environment used with this guide: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybri...
Everything seems ok, NDES check tool (https://docs.microsoft.com/en-us/troubleshoot/mem/intune/verify-ndes-configuration) did not find any error.
However, on NDES server, C:\Program Files\Microsoft Intune\NDESPolicyModule\Logs\NDESPlugin.log shows the following errors:
Calling VerifyRequest ...
Sending request to certificate registration point...
Failed to retrieve client certificate. Error -2147024809
Exiting VerifyRequest with 0x80070057
On NDES server, Application log for NetworkDeviceEnrollmentService, doesnt show any error/warning
How next?
Thank you for your help!
KR,
Zoltan
Oct 19 2020 12:53 AM
Hi @IstvanffyZ,
please use the scripts provided in the following article to verify your NDES infrastructure first:
https://docs.microsoft.com/de-de/troubleshoot/mem/intune/verify-ndes-configuration
The scripts will provide helpful output when something is not configured correctly.
The error you provided can have many causes and we do not know your environment so unfortunately helping will be difficult with only this error message. 🙂
Oct 19 2020 01:20 AM
Hello @BenKrah
as you can read, I used that validation script (no error).
Is there any detailed log option about NDES server?
Kr,
Zoltan
Oct 19 2020 01:30 AM
Solution@IstvanffyZ sorry, I missed that.
From my point of view the NDES logs are not useful.
The error value 0x80070057 points to "Incorrect parameter". So it seems as if either the request is malformed or the certificate template is incorrectly configured.
Oct 19 2020 02:36 PM
@BenKrah thank you for your suggestion, finally it works.
The problem was on NDES server's registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\ GeneralPurposeTemplate was not set to the correct certificate template name.
After I set the cert template name and reboot NDES server, it started to work correctly.
On NDESplugin.log shows:
Calling VerifyRequest ...
Sending request to certificate registration point...
Verify challenge returns true...
Exiting VerifyRequest with 0x0
Regards,
Zoltan
Oct 20 2020 12:48 AM
Hi Zoltan,
thanks for the feedback - I did expect that in some way. 🙂
I had this topic with a colleague some time ago and missed this configuration as well - the Microsoft KB article is complete in content, but difficult to read.. 😉
Oct 19 2020 01:30 AM
Solution@IstvanffyZ sorry, I missed that.
From my point of view the NDES logs are not useful.
The error value 0x80070057 points to "Incorrect parameter". So it seems as if either the request is malformed or the certificate template is incorrectly configured.