Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
Event ID: | 18 (0x12) |
Event log: | Application |
Event type: | Error |
Symbolic Name: | EVENT_MSCEP_FAIL_TO_DECRYPT_INNER |
Event text (English): | The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (%1). %2 |
Event text (German): | The client's PKCS7 message (%1) cannot be decrypted by the network device registration service. %2 |
Parameter
The parameters contained in the event text are filled with the following fields:
- %1: ErrorCode (win:UnicodeString)
- %2: ErrorMessage (win:UnicodeString)
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Example events
The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (0x80070005).
The Network Device Enrollment Service could not decrypt the client's PKCS7 message (0x80090020). An internal error occurred.
The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (0x80090005). Bad Data.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Occurs when the PKCS#7 message sent by the SCEP client to the network device registration service cannot be decrypted.
Error code "Bad Data" (0x80090005)
This may be the case, for example, if the Registration Authority Certificates have been renewed recently and messages were still encrypted with the key of the previous CEP Encryption certificate. This can occur again if, for example, the certificate enrollment was done with the SSCEP Client was performed and the Registration Authority certificates were not retrieved again.
See also article "Requesting certificates via Network Device Enrollment Service (NDES) fails with HTTP error code 500„.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Availability may be affected, so this event should be under consideration.
One thought on “Details zum Ereignis mit ID 18 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”
Comments are closed.