test SCEP - error 503, service unavailable

Question

_{Wednesday, January 16, 2013 5:32 PM}

Hello,

I completed SCEP NDES installation on a Server 2008 R2 VM following the procedure document on http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx

Then I tried to test it by accessing http://localhost/certsrv/mscep_admin using IE 8, it shows error 503, service is unavailable. In the IIS Application Pools, I noticed SCEP gets stopped after some while.

Any step I missed in SCEP NDES configuration?

Application event ID: 2 and 8

Thank you in advance

All replies (2)

_{Friday, January 18, 2013 4:22 AM}

Hi,

Thanks for posting in Microsoft TechNet forums.

The "Error Events" part of the article below can be helpful during our troubleshooting:

Network Device Enrollment Service (NDES) in Active Directory Certificate Services (AD CS)

http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs.aspx#Error_Events

Regards

Kevin

_{Friday, January 18, 2013 10:42 PM}

Hi Kevin,

Thank you for response.

After I re-enrolled the certificates of CEP Encryption and Exchange Enrollment agent on the SCEP service computer, the changes happened. Now when I accessed http://localhost/certsrv/mscep_admin, System event 5021 was captured, which mentioned Batch Log on rights. So I think the NDES service account should be set in the Group Policy "Log on as a batch job". Is it correct?

Regards