NDES certificate problem




I set up the environment used with this guide:


Everything seems ok, NDES check tool ( did not find any error.


However, on NDES server, C:\Program Files\Microsoft Intune\NDESPolicyModule\Logs\NDESPlugin.log shows the following errors:


Calling VerifyRequest ...

Sending request to certificate registration point...

Failed to retrieve client certificate. Error -2147024809

Exiting VerifyRequest with 0x80070057


On NDES server, Application log for NetworkDeviceEnrollmentService, doesnt show any error/warning


How next?


Thank you for your help!



5 Replies

Hi @IstvanffyZ,


please use the scripts provided in the following article to verify your NDES infrastructure first:


The scripts will provide helpful output when something is not configured correctly.


The error you provided can have many causes and we do not know your environment so unfortunately helping will be difficult with only this error message. :)


Hello @BenKrah 


as you can read, I used that validation script (no error).


Is there any detailed log option about NDES server?




best response confirmed by IstvanffyZ (Contributor)

@IstvanffyZ sorry, I missed that.


From my point of view the NDES logs are not useful.

The error value 0x80070057 points to "Incorrect parameter". So it seems as if either the request is malformed or the certificate template is incorrectly configured. 

@BenKrah thank you for your suggestion, finally it works.


The problem was on NDES server's registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\ GeneralPurposeTemplate was not set to the correct certificate template name.


After I set the cert template name and reboot NDES server, it started to work correctly. 


On NDESplugin.log shows:

Calling VerifyRequest ...

Sending request to certificate registration point...

Verify challenge returns true...

Exiting VerifyRequest with 0x0





Hi Zoltan,


thanks for the feedback - I did expect that in some way. :)

I had this topic with a colleague some time ago and missed this configuration as well - the Microsoft KB article is complete in content, but difficult to read.. ;)