| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 14 (0xE) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAIL_TO_SIGN |
| Event text (English): | The Network Device Enrollment Service cannot sign the response to a client request (%1). %2 |
| Event text (German): | The response to a client request (%1) cannot be signed by the network device registration service. %2 |
Category: Network Device Registration Service (NDES)
Details of the event with ID 15 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 15 (0xF) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAIL_TO_CONVERT |
| Event text (English): | The Network Device Enrollment Service cannot convert encoded portions of the client's http message (or request body for POSTPKIOperation), or the converted message (or request body for POSTPKIOperation) is larger than 64K (%1). %2 |
| Event text (German): | The coded part of the HTTP message of the client (or the request text for "POSTPKIOperation") cannot be converted by the registration service for network devices, or the converted message (or the request text for "POSTPKIOperation") is larger than 64 KB (%1). %2 |
Details of the event with ID 16 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 16 (0x10) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAIL_TO_DECODE |
| Event text (English): | The Network Device Enrollment Service cannot decode the http message from the client (%1). %2 |
| Event text (German): | The coded HTTP message from the client (%1) cannot be decoded by the registration service for network devices. %2 |
Details of the event with ID 17 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 17 (0x11) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAIL_TO_RETRIEVE_INFO |
| Event text (English): | The Network Device Enrollment Service cannot retrieve required information, such as the transaction ID, message type, or signing certificate, from the client's PKCS7 message (%1). %2 |
| Event text (German): | Required information (such as transaction ID, message type, or signing certificate) cannot be retrieved from the client PKCS7 message (%1) by the network device registration service. %2 |
Details of the event with ID 3 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 3 (0x3) |
| Event log: | Application |
| Event type: | Information |
| Event text (English): | The Network Device Enrollment Service has been stopped. |
| Event text (German): | The network device registration service has been terminated. |
Details of the event with ID 4 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 4 (0x4) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAILED_TO_UNLOAD |
| Event text (English): | The Network Device Enrollment Service cannot be stopped (%1). %2 |
| Event text (German): | The registration service for network devices cannot be terminated (%1). %2 |
Details of the event with ID 6 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 6 (0x6) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_NO_PASSWORD_TEMPLATE |
| Event text (English): | The Network Device Enrollment Service cannot provide its password because the user does not have enroll permissions on the configured certificate template, or the certification authority is not enabled to issue certificates based on the configured certificate template. |
| Event text (German): | The registration service password for the network device cannot be specified because the user does not have the required registration permissions for the configured certificate template or the certification authority is not authorized to issue certificates based on the configured certificate template. |
Details of the event with ID 7 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 7 (0x7) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_GET_CA_CERT_FAILED |
| Event text (English): | The Network Device Enrollment Service failed to return the certification authority certificate(s) to the caller (%1). %2 |
| Event text (German): | The certificate authority certificate was not returned to the caller (%1) by the registration service for network devices. %2 |
Details of the event with ID 8 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 8 (0x8) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAILED_CA_INFO |
| Event text (English): | The Network Device Enrollment Service cannot retrieve information about the certification authority (%1). %2 |
| Event text (German): | The information on the certification authority (%1) cannot be retrieved by the registration service for network devices. %2 |
Details of the event with ID 9 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 9 (0x9) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAILED_CA_CERT |
| Event text (English): | The Network Device Enrollment Service cannot retrieve the certification authority certificate (%1). %2 |
| Event text (German): | The certification authority certificate (%1) cannot be retrieved by the registration service for network devices. %2 |
Details of the event with ID 10 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 10 (0xA) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAILED_RA_CERT |
| Event text (English): | The Network Device Enrollment Service cannot retrieve one of its required certificates (%1). %2 |
| Event text (German): | One of the required certificates (%1) cannot be retrieved by the network device registration service. %2 |
Details of the event with ID 2 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 2 (0x2) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_FAILED_TO_LOAD |
| Event text (English): | The Network Device Enrollment Service cannot be started (%1). %2 |
| Event text (German): | Unable to start network device registration service (%1). %2 |
Details of the event with ID 1 of the source Microsoft-Windows-NetworkDeviceEnrollmentService
| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 1 (0x1) |
| Event log: | Application |
| Event type: | Information |
| Event text (English): | The Network Device Enrollment Service started successfully. |
| Event text (German): | The network device registration service has been started successfully. |
Which Cryptographic Service Provider (CSP) should be used for the Network Device Enrollment Service (NDES)?
When configuring a certificate template for the Registration Authority (RA) certificates for the Network Device Enrollment Service (NDES), the question arises, especially when using Hardware Security Modules (HSM), which Cryptographic Service Provider (CSP) of the HSM manufacturer should be used.
Requesting certificates through the Network Device Enrollment Service (NDES) fails with HTTP error code 503 and there are no entries in the Event Viewer
Assume the following scenario:
- A network device enrollment service (NDES) is implemented in the network.
- The NDES server uses a domain account or a Group Managed Service Account (gMSA) for the identity of the SCEP IIS application pool.
- Requesting certificates via NDES fails with HTTP error code 503 (Server Unavailable).
- Calling the mscep and mscep_admin pages also fails with HTTP error code 500.
- Even after an iisreset or restart of the NDES server, no event appears after calling the mscep or mscsp_admin page that the NDES service has started or that there were errors.
English 
Deutsch