| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 29 (0x1D) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_MSCEP_INVALID_PASSWORD |
| Event text (English): | The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to submit with this request. |
| Event text (German): | The password in the certificate request could not be verified. It may already be in use. Set a new password to submit with this request. |
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Example events
The password in the certificate request cannot be verified. It may have been used already. Obtain a new password to submit with this request.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Cause incorrect one-time password
Occurs when NDES has been configured to use a static password, and the password is incorrect.
Please note that the one-time password must be requested from the same NDES server to which the certificate request is subsequently sent.
Cause incorrect or already used one-time password
Occurs when NDES has been configured with changing passwords and the password is either incorrect or has been used before. See also Event no. 43.
Cause incorrect coding of the one-time password
Occurs when the one-time password included in the certificate request is incorrectly encoded. NDES expects the encoding of the one-time password in ASN.1 PrintableString. OpenSSL (used by SSCEP) encodes in UTF-8 by default, which is not understood by NDES for the "challenge password" attribute and is rejected accordingly.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
If the event occurs individually, this is usually unproblematic. If the event occurs more than once, an alert should be considered, as an attack attempt may be present.
Related links:
- Overview of Windows events generated by the Network Device Enrollment Service (NDES).
- Configuring the Network Device Enrollment Service (NDES) to work with a static password.
English 
Deutsch
3 thoughts on “Details zum Ereignis mit ID 29 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService”
Comments are closed.