Details of the event with ID 51 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Event Source:	Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:	51 (0x33)
Event log:	Application
Event type:	Error
Symbolic Name:	EVENT_MSCEP_UNABLE_TO_CREATEORSET_REGKEY
Event text (English):	The Network Device Enrollment Service cannot create or modify the registry key "%1." Grant Read and Write permissions on the registry key "%2" to the account that the Network Device Enrollment Service is running as.
Event text (German):	The %1 registry key cannot be created or modified by the Network Devices Registration Service. Grant read and write permissions to the %2 registry key to the account running the Network Devices Registration Service.

Parameter

The parameters contained in the event text are filled with the following fields:

• %1: RegSubKey (win:UnicodeString)
• %2: RegKey (win:UnicodeString)

The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.

Example events

The Network Device Enrollment Service cannot create or modify the registry key "Software\Microsoft\Cryptography\MSCEP\EncryptedPassword". Grant Read and Write permissions on the registry key "Software\Microsoft\Cryptography\MSCEP" to the account that the Network Device Enrollment Service is running as.

Description

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

See article "The Network Device Enrollment Service (NDES) logs the error message "The Network Device Enrollment Service cannot create or modify the registry key Software\Microsoft\Cryptography\MSCEP\EncryptedPassword."„.

Safety assessment

The security assessment is based on the three dimensions of confidentiality, integrity and availability.

When this event occurs the availability of the service is affected as it will not start and accordingly cannot be used to request certificates.

Related links:

• Overview of Windows events generated by the Network Device Enrollment Service (NDES).

External sources

• Active Directory Certificate Services (AD CS): Network Device Enrollment Service (NDES) (Microsoft)