| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 53 (0x35) |
| Event log: | Application |
| Event type: | Error |
| Event text (English): | The Network Device Enrollment Service policy module could not be started (%1). %2 |
| Event text (German): | Failed to start the Network Device Registration Service policy module (%1). %2 |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: ErrorCode (win:UnicodeString)
- %2: ErrorMessage (win:UnicodeString)
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Example events
The Network Device Enrollment Service policy module could not be started (0x80070002). The system cannot find the file specified.
The Network Device Enrollment Service policy module could not be started (0x80070005). Access is denied.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
The event occurs when errors occur with a configured policy module for NDES. For example, brings Microsoft Intune a policy module with, but it is also possible, write your own policy modules.
The fact that the policy module cannot be loaded will lead to the fact that the service cannot be started. Therefore follows directly the event no. 2.
Error code 0x80070002 (The system cannot find the file specified.)
Indicates that the policy module cannot be found.
If present, the NDES policy module is configured in the following registry path:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\Modules] "Policy"="NdesSamplePolicyModule.NdesPolicy"
Policy modules written in C++ allow specifying the module path via the InprocServer32 value of the COM object.
For policy modules written in C#, the InprocServer32 always refers to the mscoree.dll.
This in turn seems to look for the file under C:\Windows\System32\inetsrv.
Error code 0x80070005 (Access is denied.)
Indicates that the policy module has been loaded, but the Initialize method has thrown the said error, however, for example because a log file is to be written and no write access is granted.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Since the service will not start, availability is limited and an alert should be raised.
Related links:
External sources
- Active Directory Certificate Services (AD CS): Network Device Enrollment Service (NDES) (Microsoft)
- Troubleshoot the NDES policy module in Microsoft Intune (Microsoft)
- How to write an NDES Policy Module (Microsoft, archive link)
English 
Deutsch
One thought on “Details zum Ereignis mit ID 53 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”
Comments are closed.