Solution: To fix the issue, identify and remove the intermediate CA certificates from the Trusted Root Certification Authorities certificate store. Otherwise, it's an intermediate certificate.
If a certificate has the same Issued to and Issued by values, it's a root certificate. This issue occurs if there are intermediate CA certificates in the NDES server's Trusted Root Certification Authorities certificate store. IIS log: POST /CertificateRegistrationSvc/Certificate/VerifyRequest - 443.
#Forbidden access tubecast registration
NDESPlugin.log: Sending request to certificate registration point. When the following logs contain an error 403 that's similar to the following, the client certificate might be untrusted or invalid: NDESPlugin.log contains an error 403 – Forbidden: Access is denied" Solution: Issue the web server SSL certificate with the following attributes for Common Name and Subject Alternative Name, and then bind it to port 443 in IIS:
Modern browsers and browsers on mobile devices ignore the Common Name on an SSL certificate if there are Subject Alternative Names present. When the log contains an error 12175 that's similar to the following, there might be a problem with the SSL certificate: WINHTTP_CALLBACK_STATUS_FLAG_CERT_CN_INVALIDįailed to send http request /CertificateRegistrationSvc/Certificate/VerifyRequest. If the information in that article doesn't help you resolve the issue, the following are additional entries that can indicate problems. If you don't find these entries, start by reviewing the troubleshooting guidance for device to NDES server communication. Validation Phase 3 finished with status True. Validation Phase 1 finished with status True. The following example indicates a successful validation of the devices challenge request and that NDES can now contact the CA: Verify challenge returns true Sending request to certificate registration point. To confirm the validation request is submitted to the module, look for an entry that resembles the following examples in logs on the NDES server: These entries refer to the certificate registration point. NDES communication to the policy moduleĪfter receiving the certificate request from a device, NDES validates that request with Intune through the policy module that installs with the Microsoft Intune Certificate Connector. This article applies to both Step 3 and Step 4 of SCEP communication workflow. After the validation, NDES contacts the certificate authority (CA) to request the certificate on behalf of the device. When NDES receives a request for a certificate, it forwards the request to the policy module, which validates the request as valid for the device. This article gives guidance to help you validate and troubleshoot operation of the Network Device Enrollment Service (NDES) policy module that installs with the Microsoft Intune Certificate Connector.
0 kommentar(er)
