Assume the following scenario:
- A network device enrollment service (NDES) is implemented in the network.
- The NDES server uses a domain account or a Group Managed Service Account (gMSA) for the identity of the SCEP IIS application pool.
- Requesting certificates via NDES fails with HTTP error code 503 (Server Unavailable).
- Calling the mscep and mscep_admin pages also fails with HTTP error code 500.
- Even after an iisreset or restart of the NDES server, no event appears after calling the mscep or mscsp_admin page that the NDES service has started or that there were errors.