If your new to troubleshooting SCEP enrollment on Mobile Devices it can be hard to know where to start looking in the jungle of logfiles available. Here’s a good way to start looking to get a better understanding to whats happening during a SCEP enrollment:
Content Location:
Certificate Registration Point (CRP) IIS Logs: C:\Inetpub\Logs\LogFiles\W3SVC1\
Configuration Manager Certificate Registration Point Logs: %INSTALLDIR%:\SMS_CCM\CRP\Logs\CRP.log
Component Health Status: SMS_CERTIFICATE_REGISTRATION_POINT
NDES Plug-in: C:\Program Files\Microsoft Configuration Manager\Logs\NDESPlugin.log
NDES IIS Logs: C:\Inetpub\Logs\LogFiles\W3SVC1\
NDES: C:\Users\%username%\mscep.log
In order for the MSCEP.log to appear you need to follow these steps:
- Run “certutil -setreg enroll\debug 0xffffffe3” from an elevated command prompt.
- Open InetMgr.exe
- Expand the Connection where the MSCEP Application is running
- Select “Application Pools”
- Right click the “SCEP” Application Pool and select “Advanced Settings“
- Under the “Process Model” section, set the “Load User Profile” to “true”
- Call “iisreset” from an elevated prompt
- After trying a MSCEP operation verify “%SystemDrive%\Users\mscep.log” has been created.
More troubleshooting blogs will follow! If you need any help, please feel free to contact me.
The post Troubleshooting SCEP, NDES, CRP in SCCM 2012 R2 appeared first on Addlevel.