Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, October 14, 2017 10:08 PM
In the event log I get the following Event 87 (CertificateServicesClient-CertEnroll):
Fehler bei der SCEP-Zertifikatregistrierung für xxxxx\yyyyyy$ über https://IFX-KeyId-[...here 40 characters...].microsoftaik.azure.net/templates/Aik/scep:
SubmitDone
GetCACertChain: OK
HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Thu, 12 Oct 2017 20:11:49 GMT
Pragma: no-cache
Content-Length: 5185
Content-Type: application/x-x509-ca-ra-cert
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: [...here 16 characters...]
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Methode: POST(3812ms)
Phase: SubmitDone
Ungültige Anforderung (400). 0x80190190 (-2145844848 HTTP_E_STATUS_BAD_REQUEST)
The event comes from the task AikCertEnrollTask (\Microsoft\Windows\CertificateServicesClient). Something in the request for the AIK Certificate leads to a reject from the microsoft server. The server is reachable and replies, but rejects the request. This behaviour came with patch day October to Build 15063.674. I did also try the TPM 2.0 firmware on the same chip, everything else unchanged. This went well. But TPM 2.0 is not an option for me because of compatibilty issues.
Of course I also erased and reinitialized the TPM and I use the latest TPM firmware.
Does anyone see the same behaviour or has a solution?
All replies (2)
Monday, October 16, 2017 6:17 AM
KB4041676 has security updates to Windows TPM, this should be the reason for your current scenario.
Disable AikCertEnrollTask is a way to prevent event, but can’t solve your TPM issue, if you couldn’t update to TPM 2.0 version, I can only say that you need to uninstall the update, pause update. Wait for new TPM 1.2 firmware or Windows update.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, October 31, 2017 9:33 AM
Would you mind letting me know the update of the problem? If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].