| Event Source: | Microsoft-Windows-NetworkDeviceEnrollmentService |
| Event ID: | 35 (0x23) |
| Event log: | Application |
| Event type: | Error |
| Symbolic Name: | EVENT_SCEP_RA_CLOSE_TO_EXPIRE |
| Event text (English): | At least one of the certificates for the Network Device Enrollment Service will expire soon. Check the validity period for both the encryption and signing certificates. Renew any certificates that are nearing the end of their validity period and restart the service. |
| Event text (German): | At least one certificate for the network device registration service will expire soon. Check the validity period for both encryption and signing certificates. Renew any certificates that are about to expire and restart the service. |
The Network Device Enrollment Service (NDES) provides a way for devices that do not have an identifier in Active Directory (for example, network devices such as routers, switches, printers, thin clients, or smartphones and tablets) to request certificates from a certification authority. For a more detailed description, see the article "Network Device Enrollment Service (NDES) Basics„.
Description
Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.
Occurs when the Registration Authority certificates for the NDES server are about to expire and there is no replacement yet.
Safety assessment
The security assessment is based on the three dimensions of confidentiality, integrity and availability.
Since in most cases the Registration Authority certificates of the NDES server are requested and renewed manually, an alert should be issued in any case to avoid any impact on availability.
English 
Deutsch