Details of the event with ID 18 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Author Uwe GradeneggerPosted on Categories Events, Network Device Registration Service (NDES)Tags
Event Source:Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:18 (0x12)
Event log:Application
Event type:Error
Symbolic Name:EVENT_MSCEP_FAIL_TO_DECRYPT_INNER
Event text (English):The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (%1). %2
Event text (German):The client's PKCS7 message (%1) cannot be decrypted by the network device registration service. %2

Parameter

The parameters contained in the event text are filled with the following fields:

  • %1: ErrorCode (win:UnicodeString)
  • %2: ErrorMessage (win:UnicodeString)

The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.

Example events

The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (0x80070005).
The Network Device Enrollment Service could not decrypt the client's PKCS7 message (0x80090020).  An internal error occurred.
The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (0x80090005).  Bad Data.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Occurs when the PKCS#7 message sent by the SCEP client to the network device registration service cannot be decrypted.

Error code "Bad Data" (0x80090005)

This may be the case, for example, if the Registration Authority Certificates have been renewed recently and messages were still encrypted with the key of the previous CEP Encryption certificate. This can occur again if, for example, the certificate enrollment was done with the SSCEP Client was performed and the Registration Authority certificates were not retrieved again.

See also article "Requesting certificates via Network Device Enrollment Service (NDES) fails with HTTP error code 500„.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

Availability may be affected, so this event should be under consideration.

Related links:

External sources

One thought on “Details zum Ereignis mit ID 18 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”

  1. Pingback: Requesting certificates via Network Device Enrollment Service (NDES) fails with HTTP error code 500 - Uwe Gradenegger

Comments are closed.

en_USEnglish
de_DEDeutsch en_USEnglish