| Event Source: | Microsoft-Windows-CertificateServicesClient-CertEnroll |
| Event ID: | 87 (0xC25A0057) |
| Event log: | Application |
| Event type: | Error |
| Event text (English): | SCEP Certificate enrollment for %1 via %2 failed: %3 Method: %4 Stage: %5 %6 |
| Event text (German): | SCEP certificate registration error for %1 over %2: %3 Method: %4 Phase: %5 %6 |
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Since Windows 8.1, a client for the Simple Certificate Enrollment Protocol (SCEP) has been integrated into the Windows operating system. For a usage example, see the article "Certificate Enrollment for Windows Systems via the Network Device Enrollment Service (NDES) with Windows PowerShell„.
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: Context (win:UnicodeString)
- %2: Url (win:UnicodeString)
- %3: MessageText (win:UnicodeString)
- %4: Method (win:UnicodeString)
- %5: Stage (win:UnicodeString)
- %6: ErrorCode (win:UnicodeString)
Example events
SCEP Certificate enrollment for INTRA\rudi via http://ndes01.intra.adcslabor.de/certsrv/mscep/mscep.dll/pkiclient.exe failed: PkiStatus(2): SCEPDispositionFailure FailInfo(2): SCEPFailBadRequest EnrollStatus(256): EnrollDenied The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH) Denied by Policy Module ProcessResponseMessage Submit(Request): OK HTTP/1.1 200 OK Date: Thu, 22 Oct 2020 13:59:03 GMT Content-Length: 1070 Content-Type: application/x-pki-message Server: Microsoft-IIS/10.0 X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Method: POST(234ms) Stage: ProcessResponseMessage The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH)
SCEP Certificate enrollment for INTRA\rudi via https://ndes.adcslabor.de/certsrv/mscep/mscep.dll/pkiclient.exe failed: PkiStatus(2): SCEPDispositionFailure FailInfo(2): SCEPFailBadRequest EnrollStatus(256): EnrollDenied The certificate is not valid for the requested usage. 0x800b0110 (-2146762480 CERT_E_WRONG_USAGE) ProcessResponseMessage Submit(Request): OK HTTP/1.1 200 OK Date: Fri, 06 Nov 2020 13:30:15 GMT Content-Length: 1030 Content-Type: application/x-pki-message Server: Microsoft-IIS/10.0 X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Method: POST(375ms) Stage: ProcessResponseMessage The certificate is not valid for the requested usage. 0x800b0110 (-2146762480 CERT_E_WRONG_USAGE)
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Occurs when a certificate request via the Simple Certificate Enrollment Protocol (SCEP) fails.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
English 
Deutsch