Quantcast
Channel: Blog – Addlevel
Viewing all articles
Browse latest Browse all 52

Troubleshooting SCEP, NDES, CRP in SCCM 2012 R2

$
0
0
If your new to troubleshooting SCEP enrollment on Mobile Devices it can be hard to know where to start looking in the jungle of logfiles available. Here’s a good way to start looking to get a better understanding to whats happening during a SCEP enrollment:
Content Location:

Certificate Registration Point (CRP) IIS Logs:  C:\Inetpub\Logs\LogFiles\W3SVC1\
Configuration Manager Certificate Registration Point Logs: %INSTALLDIR%:\SMS_CCM\CRP\Logs\CRP.log
Component Health Status: SMS_CERTIFICATE_REGISTRATION_POINT
NDES Plug-in: C:\Program Files\Microsoft Configuration Manager\Logs\NDESPlugin.log
NDES IIS Logs:  C:\Inetpub\Logs\LogFiles\W3SVC1\
NDES: C:\Users\%username%\mscep.log

In order for the MSCEP.log to appear you need to follow these steps:

  1. Run “certutil -setreg enroll\debug 0xffffffe3” from an elevated command prompt.
  2. Open InetMgr.exe
  3. Expand the Connection where the MSCEP Application is running
  4. Select “Application Pools
  5. Right click the “SCEP” Application Pool and select “Advanced Settings
  6. Under the “Process Model” section, set the “Load User Profile” to “true
  7. Call “iisreset” from an elevated prompt
  8. After trying a MSCEP operation verify “%SystemDrive%\Users\mscep.log” has been created.

More troubleshooting blogs will follow! If you need any help, please feel free to contact me.

Jakob Knutsson
Senior Executive Consultant at Addlevel and System Center Expert with engagements ranging from security design and architecture to implementation of System Center and Windows platforms.

jakob.knutsson@addlevel.se

The post Troubleshooting SCEP, NDES, CRP in SCCM 2012 R2 appeared first on Addlevel.


Viewing all articles
Browse latest Browse all 52

Trending Articles