| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 28 (0x1C) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_NO_PASSWORD |
| Event text (English): | The Network Device Enrollment Service cannot locate a required password in the certificate request. Either a password must be present in the certificate request or the certificate request should be signed with a valid signing certificate. The signing certificate must chain up to a trusted root in the Enterprise store. The signing certificate and the certificate request must have the same subject name or subject alternate name. |
| Event text (German): | A required password was not found in the certificate request by the network device registration service. The certificate request must contain a password or be signed with a valid signing certificate. The signing certificate must be associated with a trusted root in the corporate store. The signing certificate and the certificate request must have the same requester name or the same alternate name for the requester. |
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Example events
The Network Device Enrollment Service cannot locate a required password in the certificate request. Either a password must be present in the certificate request or the certificate request should be signed with a valid signing certificate. The signing certificate must chain up to a trusted root in the Enterprise store. The signing certificate and the certificate request must have the same subject name or subject alternate name.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
This message occurs when NDES is set to use a password (static or alternating) has been configured, and a submitted certificate request does not include a password.
Likewise, the message occurs when a Certificate renewal with an existing certificate and the wrong certificate is used (it must be issued by the same certificate authority as the certificate authority bound to the NDES server, and the subject information (subject and subject alternative name) must be identical).
Likewise, in this case, the Certification Authority that issued the certificates to be renewed must be a member of NTAuthCertificates be
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
No description has been written for this yet.
Related links:
- Overview of Windows events generated by the Network Device Enrollment Service (NDES).
- Configuring the Network Device Enrollment Service (NDES) to work with a static password.
- Is there a dependency of the Network Devices Registration Service (NDES) with the NTAuthCertificates object?
English 
Deutsch
2 thoughts on “Details zum Ereignis mit ID 28 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”
Comments are closed.