Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, March 5, 2019 8:23 PM
Hi, I managed to install the NDES role which takes care of installing all the IIS dependencies.
Once completed I can load https://<FQDN>/certsrv/mscep/mscep.dll just fine but after a short while it just stops working with this error.... I'm following this guide to set this up. /en-us/intune/certificates-scep-configure
- Error: 500.0 - Internal Server Error
- Module: IIS Web Core
- Notification: AuthenticateRequest
- Handler: ISAPI-dll
- Error Code: 0x80070542
- Requested URL: https://<FQDN>:443/certsrv/mscep/mscep.dll
- Physical Path: C:\Windows\system32\CertSrv\mscep\mscep.dll
- Logon Method: Anonymous
- Logon User: Anonymous
Did anyone manage to make this work on Windows Server 2019? I'm starting to think I might need to revert to Windows Server 2016...
Thank you,
All replies (4)
Thursday, March 7, 2019 2:07 PM âś…Answered
Thanks all!
I found the issue. The reason why it worked and stopped without apparent reason since no changes were made in between is because a GPO was overwriting the local policies that are set when installing the roles.
Following accounts were removed from Log On as a Service rights after a GPUpdate
- IIS APPPOOL\NET v2.0
- IIS APPPOOL\NET v2.0 Classic
- IIS APPPOOL\Classic .NET AppPool
And IIS_IUSRS was removed from Impersonate a client after authentication Properties.
What's "fun" is that you can't edit the GPO and add the IIS APPOOL*** unless you do it from a machine that has these local accounts because GPEdit.msc needs to verify what you add in the GPO... So we need to install the Group Policy console on the NDES server, edit the GPO and then remove the console...
Tuesday, March 5, 2019 9:05 PM | 1 vote
My guess is a security policy related issue as 0x80070542 = "Either a required impersonation level was not provided, or the provided impersonation level is invalid."
You may be better off posting in an NDES or a Windows Server specific forum as this isn't really related to Intune.
Jason | https://home.configmgrftw.com | @jasonsandys
Tuesday, March 5, 2019 9:27 PM | 1 vote
Please try below link, not sure it will resolve the issue.
Wednesday, March 6, 2019 1:57 AM | 1 vote
Hello,
Could you please check the log file at %SystemDrive%\inetpub\logs\LogFiles\W3SVC1\
It can give you more info for troubleshooting this issue.
By the way, the following KB article introduces the method for troubleshooting SCEP certificate issues. It help me resolved my issues, and hope it can help you.
Just in case, please review the steps for configuring the IIS, especially make sure you installed all of the required components for IIS.
Best regards,
Andy Liu
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].